From 29e299fe7385971ade42b74cdd134d701a709d58 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 16 Oct 2014 11:13:18 -0400
Subject: [PATCH] Add protection against Poodle attacks in Dovecot 2 and Postfix.

---
 install/tpl/debian_postfix.conf.master    |    3 ++-
 install/tpl/fedora_dovecot2.conf.master   |    1 +
 install/tpl/debian_dovecot2.conf.master   |    1 +
 install/tpl/opensuse_dovecot2.conf.master |    1 +
 install/tpl/debian6_dovecot2.conf.master  |    1 +
 install/tpl/fedora_postfix.conf.master    |    3 ++-
 install/tpl/opensuse_postfix.conf.master  |    3 ++-
 install/tpl/gentoo_postfix.conf.master    |    3 ++-
 8 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master
index f359260..53f57f1 100644
--- a/install/tpl/debian6_dovecot2.conf.master
+++ b/install/tpl/debian6_dovecot2.conf.master
@@ -6,6 +6,7 @@
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master
index 2ffe8f2..7fcee8d 100644
--- a/install/tpl/debian_dovecot2.conf.master
+++ b/install/tpl/debian_dovecot2.conf.master
@@ -7,6 +7,7 @@
 postmaster_address = postmaster@example.com
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index 4775002..ff5052e 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -31,4 +31,5 @@
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 owner_request_special = no
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file
diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master
index 8c49c75..e5d6723 100644
--- a/install/tpl/fedora_dovecot2.conf.master
+++ b/install/tpl/fedora_dovecot2.conf.master
@@ -6,6 +6,7 @@
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index 330b1f9..88c8d59 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -28,4 +28,5 @@
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index a775c4b..1ddfd40 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -28,4 +28,5 @@
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file
diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master
index f359260..53f57f1 100644
--- a/install/tpl/opensuse_dovecot2.conf.master
+++ b/install/tpl/opensuse_dovecot2.conf.master
@@ -6,6 +6,7 @@
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index 7baa703..80d1fd1 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -30,4 +30,5 @@
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file

--
Gitblit v1.9.1