SSLv3 attack on pop3?
Hans Morten Kind
Kind at adm.uib.no
Fri Oct 31 19:02:16 UTC 2014
We turned off SSLv3 support on our pop/imap running dovecot on Oct 16th,
we did check that all users where using TLSv1 and there have been no
complaints (except one old windows-phone).
But at 13:00 UTC today, suddenly strange entries is seen in the logfile:
Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3
alert unexpected message: SSL alert number 10
Followed by:
pop3-login: Disconnected (no auth attempts in 2 secs) user=<>, rip=
Some 20 ips have been seen so far, all ips are uniq and none have used our
server lately. Just one resoved and it's name ends .cn, some lookups with whois
leads to the same origin for all.
This makes me anxious that some have made some poodle-like thing for pop3?
hmk
More information about the dovecot
mailing list