On Wed, Oct 15, 2014 at 11:27:04AM -0700, Grant wrote:
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
>
> The above is said to work with:
>
> smtpd_tls_security_level = encrypt
Correct, since at that security level TLS is mandatory.
> but does it work with:
>
> smtpd_tls_security_level = may
> smtpd_tls_auth_only = yes
No, for that you'd have to also needlessly change smtpd_tls_protocols.
POODLE is not an SMTP attack. No need to panic. Disabling SSL
3.0 may feel good, but the net effect is slightly negative, since
you'll now use cleartext with SSLv3-only SMTP peers.
--
Viktor.
