From 29e299fe7385971ade42b74cdd134d701a709d58 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 16 Oct 2014 17:13:18 +0200
Subject: [PATCH] Add protection against Poodle attacks in Dovecot 2 and
 Postfix.

---
 install/tpl/debian6_dovecot2.conf.master  | 1 +
 install/tpl/debian_dovecot2.conf.master   | 1 +
 install/tpl/debian_postfix.conf.master    | 3 ++-
 install/tpl/fedora_dovecot2.conf.master   | 1 +
 install/tpl/fedora_postfix.conf.master    | 3 ++-
 install/tpl/gentoo_postfix.conf.master    | 3 ++-
 install/tpl/opensuse_dovecot2.conf.master | 1 +
 install/tpl/opensuse_postfix.conf.master  | 3 ++-
 8 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master
index f359260dab..53f57f1204 100644
--- a/install/tpl/debian6_dovecot2.conf.master
+++ b/install/tpl/debian6_dovecot2.conf.master
@@ -6,6 +6,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master
index 2ffe8f224c..7fcee8d534 100644
--- a/install/tpl/debian_dovecot2.conf.master
+++ b/install/tpl/debian_dovecot2.conf.master
@@ -7,6 +7,7 @@ mail_privileged_group = vmail
 postmaster_address = postmaster@example.com
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index 4775002b64..ff5052eb1e 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -31,4 +31,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 owner_request_special = no
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file
diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master
index 8c49c75454..e5d6723200 100644
--- a/install/tpl/fedora_dovecot2.conf.master
+++ b/install/tpl/fedora_dovecot2.conf.master
@@ -6,6 +6,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index 330b1f95f7..88c8d598bc 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -28,4 +28,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index a775c4b032..1ddfd40ef8 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -28,4 +28,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file
diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master
index f359260dab..53f57f1204 100644
--- a/install/tpl/opensuse_dovecot2.conf.master
+++ b/install/tpl/opensuse_dovecot2.conf.master
@@ -6,6 +6,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
+ssl_protocols = !SSLv2 !SSLv3
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index 7baa703ed4..80d1fd17ae 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -30,4 +30,5 @@ mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
-smtp_tls_security_level = may
\ No newline at end of file
+smtp_tls_security_level = may
+smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\ No newline at end of file
-- 
GitLab