>> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 >> >> The above is said to work with: >> >> smtpd_tls_security_level = encrypt > > Correct, since at that security level TLS is mandatory. > >> but does it work with: >> >> smtpd_tls_security_level = may >> smtpd_tls_auth_only = yes > > No, for that you'd have to also needlessly change smtpd_tls_protocols. > > POODLE is not an SMTP attack. No need to panic. Disabling SSL > 3.0 may feel good, but the net effect is slightly negative, since > you'll now use cleartext with SSLv3-only SMTP peers.
Wouldn't these used in combination require TLS for authentication? smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_protocols = !SSLv2, !SSLv3 - Grant
