SSLv3 attack on pop3?

Charles Marcus CMarcus at
Fri Oct 31 19:47:33 UTC 2014

On 10/31/2014 3:02 PM, Hans Morten Kind <Kind at> wrote:
> We turned off SSLv3 support on our pop/imap running dovecot on Oct 16th,
> we did check that all users where using TLSv1 and there have been no
> complaints (except one old windows-phone).
> But at 13:00 UTC today, suddenly strange entries is seen in the logfile:
>  Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3
>     alert unexpected message: SSL alert number 10 
> Followed by:
>  pop3-login: Disconnected (no auth attempts in 2 secs) user=<>, rip=
> Some 20 ips have been seen so far, all ips are uniq and none have used our
> server lately. Just one resoved and it's name ends .cn, some lookups with whois
> leads to the same origin for all.
> This makes me anxious that some have made some poodle-like thing for pop3?

Can you show full log entries?

More information about the dovecot mailing list