Imapd / Pop3

     Further research suggests that this isn’t going to fix it.  I’m going to update Dovecot anyway just to get it current but will probably do this later this evening instead of at 5pm.

     It appears that this problem is because of the POODLE exploit that came out which RedHat “solved” by disabling SSLv3.

     The only fix at this end would be compiling OpenSSL from source, and then recompiling a whole bunch of stuff not to use the system version because RedHat isn’t going to fix it properly, or build a new server based on a non-broken operating system, and that is problematic because Red Hat’s EL6, upon which CentOS 6 is based, has a broken implementation of NFS version 4, which is really needed for mail to work properly owing to the lack of mandatory locking on earlier versions of NFS.

     In the long term I am going to work towards moving our infrastructure away from Red Hat and towards Ubuntu.  Although the Ubuntu people occasionally screw things up, they almost always fix them quickly.  Red Hat is becoming impossible to maintain and have properly interact with other operating systems, kind of like Microsoft twenty years ago.

     Since there is no good short term fix on this end, those affected will either need to upgrade their software to something capable of TLS or use a mailer that doesn’t override their encryption selections, such as Thunderbird.

Leave a Reply