Thanks Emiliano, that indeed fixes the DROWN attack vector. Confirmed by using the Drownattack test on their website which showed my server as fixed :-)
Don’t forget that the same key may be used on your Webserver (sampled Apache here) so also disable weak ciphers there! https://drownattack.com/apache.html Cheers, Sebastian > On 04 Mar 2016, at 13:11, Emiliano Lima <zoior...@gmail.com> wrote: > > HI, > > The following solution. > Perform update openssl package > > yum update openssl (y) > No arquivo tlsserverciphers > > /var/qmail/control/tlsserverciphers > Include the following command in > ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM > [ PicaLO_p0:root ] qmailctl cdb > Reloaded /etc/tcprules.d/tcp.smtp > Reloaded /var/qmail/control/badmimetypes.cdb > Reloaded /var/qmail/control/badloadertypes.cdb > Reloaded /var/qmail/control/simversions.cdb > Reloaded /var/qmail/control/simcontrol.cdb > [ Space_p0:root ] qmailctl restart > Restarting qmail: > * Stopping qmail-smtpd. > * Sending qmail-send SIGTERM and restarting. > * Restarting qmail-smtpd. > [ Space_p0:root ] > > > > 2016-03-03 20:29 GMT-03:00 Helmut Fritz <hel...@fritz.us.com > <mailto:hel...@fritz.us.com>>: > I too am wondering the same thing. It is not easy to tell with the somewhat > obscure functioning of openssl and tls with smtp, imap, and pop. At least I > am not sure I get how it all works! > > -----Original Message----- > From: fsanti...@garbage-juice.com <mailto:fsanti...@garbage-juice.com> > [mailto:fsanti...@garbage-juice.com <mailto:fsanti...@garbage-juice.com>] > Sent: Tuesday, March 01, 2016 11:34 AM > To: qmailtoaster-list@qmailtoaster.com > <mailto:qmailtoaster-list@qmailtoaster.com> > Subject: [qmailtoaster] Drown attack > > QMT stock build affected by Drown attack? > > see: https://drownattack.com/ <https://drownattack.com/> > > - Fabe S. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > <mailto:qmailtoaster-list-h...@qmailtoaster.com> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > <mailto:qmailtoaster-list-h...@qmailtoaster.com> > >