This weekend I ran another Vulnerability Scan against my email server since upgrading my OpenSSL and having my SSL certificate re-issued. To my surprise the following risks were in the report:
SSL Server Has SSLv2 Enabled Vulnerability on Port 25
SSL Server Allows Anonymous Authentication Vulnerability on Port 25 and 587
What I find strange is that the report I have run before never mentioned the above vulnerabilities. In my main.cf file I set:
To disable SSLv2. Should I also disable SSLv3?
How do I turn off Anonymous Authentication?
SSL Server Has SSLv2 Enabled Vulnerability on Port 25
SSL Server Allows Anonymous Authentication Vulnerability on Port 25 and 587
What I find strange is that the report I have run before never mentioned the above vulnerabilities. In my main.cf file I set:
Code:
smtpd_tls_protocols = !SSLv2
To disable SSLv2. Should I also disable SSLv3?
How do I turn off Anonymous Authentication?