Sorry, i replied to wrong thread
On Thu, 10 Apr 2014 18:08:05 +0200 Pavel Stano stano@websupport.sk wrote:
Hi,
yes its the same problem. I can confirm that it is caused by last line in base64 attachment which is longer than 72 chars in original message.
On Thu, 10 Apr 2014 16:41:38 +0200 Reindl Harald h.reindl@thelounge.net wrote:
Am 10.04.2014 15:04, schrieb Andreas Schulze:
Our "it-security" department asked me about Qualys warnings like -> SSL/TLS Compression Algorithm Information Leakage Vulnerability
As far as I learned it's compression inside ssl. postfix-2.11 knows 'tls_ssl_options = no_compression' ( see http://www.postfix.org/postconf.5.html#tls_ssl_options )
is the something comparable in dovecot too?
Looks like most extensions in ssl exist only to be disabled :-/
that attacks are not relevant for email because they rely on the way a webbrowser works which is not the case for a mail client - you can't trigger XSS and Ajax in a MUA
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information...
This year, it's CRIME, a practical attack against how TLS is used in browsers. In a wider sense, the same attack conceptually applies to any encrypted protocol where the attacker controls what is being communicated
-- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ]
Pavel Stano | Troubleshooter
http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE ***