Re: [qmailtoaster] Drown attack

[Eric]

Thanks Emiliano,

I have the following in tlsserverciphers, should I remove them and add 
your line our just add your line?

DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5

Eric




On 3/4/2016 5:11 AM, Emiliano Lima wrote:
HI,

The following solution.
Perform update openssl package

yum update openssl  (y)
|No arquivo |||tlsserverciphers|

/var/qmail/control/tlsserverciphers
|
Include the following command in
|ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM|
|[ PicaLO_p0:root ] qmailctl cdb
Reloaded /etc/tcprules.d/tcp.smtp
Reloaded /var/qmail/control/badmimetypes.cdb
Reloaded /var/qmail/control/badloadertypes.cdb
Reloaded /var/qmail/control/simversions.cdb
Reloaded /var/qmail/control/simcontrol.cdb
[ Space_p0:root ] qmailctl restart
Restarting qmail:
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
[ Space_p0:root ]


|

2016-03-03 20:29 GMT-03:00 Helmut Fritz <hel...@fritz.us.com 
<mailto:hel...@fritz.us.com>>:

    I too am wondering the same thing.  It is not easy to tell with
    the somewhat
    obscure functioning of openssl and tls with smtp, imap, and pop. 
    At least I
    am not sure I get how it all works!

    -----Original Message-----
    From: fsanti...@garbage-juice.com
    <mailto:fsanti...@garbage-juice.com>
    [mailto:fsanti...@garbage-juice.com
    <mailto:fsanti...@garbage-juice.com>]
    Sent: Tuesday, March 01, 2016 11:34 AM
    To: qmailtoaster-list@qmailtoaster.com
    <mailto:qmailtoaster-list@qmailtoaster.com>
    Subject: [qmailtoaster] Drown attack

    QMT stock build affected by Drown attack?

    see: https://drownattack.com/

    - Fabe S.

    ---------------------------------------------------------------------
    To unsubscribe, e-mail:
    qmailtoaster-list-unsubscr...@qmailtoaster.com
    <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
    For additional commands, e-mail:
    qmailtoaster-list-h...@qmailtoaster.com
    <mailto:qmailtoaster-list-h...@qmailtoaster.com>


    ---------------------------------------------------------------------
    To unsubscribe, e-mail:
    qmailtoaster-list-unsubscr...@qmailtoaster.com
    <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
    For additional commands, e-mail:
    qmailtoaster-list-h...@qmailtoaster.com
    <mailto:qmailtoaster-list-h...@qmailtoaster.com>