SSLv3 attack on pop3?
Charles Marcus
CMarcus at Media-Brokers.com
Fri Oct 31 19:47:33 UTC 2014
On 10/31/2014 3:02 PM, Hans Morten Kind <Kind at adm.uib.no> wrote:
> We turned off SSLv3 support on our pop/imap running dovecot on Oct 16th,
> we did check that all users where using TLSv1 and there have been no
> complaints (except one old windows-phone).
>
> But at 13:00 UTC today, suddenly strange entries is seen in the logfile:
> Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3
> alert unexpected message: SSL alert number 10
>
> Followed by:
> pop3-login: Disconnected (no auth attempts in 2 secs) user=<>, rip=
>
> Some 20 ips have been seen so far, all ips are uniq and none have used our
> server lately. Just one resoved and it's name ends .cn, some lookups with whois
> leads to the same origin for all.
>
> This makes me anxious that some have made some poodle-like thing for pop3?
Can you show full log entries?
More information about the dovecot
mailing list