If your mail server still is advertising SSLv2, you SSL private key may be vulnerable.
https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack What's worse, if you are using a wildcard cert, then any other server that is using the same cert can be trivially decrypted even if that server is only using TLS1.2 and strong cyphers. I know that there are a number of broken email servers that will bounce mail if TLS is negotiated but they can't negotiate older SSL or weaker cyphers, but it's probably a good idea to either: 1) Disable TLS, or 2) Disable SSLv2 ---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669 _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
