[Dovecot] disbale to responded to an unrequested SSL Certificate

[Andre Hübner]

Hi dovecot-list,

just a easy question today ;)

Customer did on Server a PCI-Test to test security to fit worldpay requirements.

They found a critical risk at pop3s. (and some other things)

This is the Textmesage:
############
Family: Remote Shell Access Critical 993/tcp 11875
Description:
The remote host responded to an unrequested SSL Certificate. The remote SSL server should have
sent back an Error message. This may indicate that the server is vulnerable to a remote
flaw in the way that it handles unrequested certificates. You should manually inspect the
SSL Server's configuration
############

Background is that we use a wildcard-cert which is installed on ervery machine and fits to servername. So you have to use the accredited Hostname/Servername to make clean ssl connection pop3s/imaps without warnings etc.
Problem should be that server sends no error when requested with other hostname. This is significant part from dovecot.conf

protocols = imap imaps pop3 pop3s
ssl_disable = no
ssl_cert_file = "/path/to/*.myhost.com.crt"
ssl_key_file = "/path/to/*.myhost.com.key"
ssl_ca_file = "/path/to/*.myhost.com.bundle.crt"

Is there a Config-Option to send error when ssl-connect ist not established to in cert accredited Hostname/Servername ? Did not found something like this or did not really understand  function of the options.

I do not know backgrounds to this issue. Cant decide if it would be a security risk or disproportionated wishes of securityexperts but i want to satisfy this costumer.
How to handle thos?

Thank you
Andre