Viktor Dukhovni:
POODLE is not an SMTP attack. No need to panic. Disabling SSL
3.0 may feel good, but the net effect is slightly negative, since
you'll now use cleartext with SSLv3-only SMTP peers.
to calculate the damage, count:
< inbound >
# grep 'TLS connection established from' /var/log/mail | sed -e
's/^.*\]\: //' -e 's/ with cipher.*//' | sort | uniq -c
< outbound >
# grep 'TLS connection established to' /var/log/mail | sed -e
's/^.*\]:25\: //' -e 's/ with cipher.*//' | sort | uniq -c
Andreas
