This is why NetWin started building SurgeMail for Windows with OpenSSL 1.0.1 recently.
Unfortunately, that introduced the Heartbleed vulnerability (made public 2 days ago), which is so bad that all those other weaknesses are chickenshit in comparison.
The new build will be better, but is currently (6.6c-1) unusable if you have iOS and possibly other smartphone users, as they are seeing emails with an empty body when connecting to 6.6c-1 via IMAP. (Multiple platforms are affected.)
Be grateful that you arenít hit by Heartbleed and therefore donít need to revoke and re-issue all your certs. Wait for the dust to settle.
Am 09.04.2014 um 23:14 schrieb Neil Herber (nospam) HIDDEN@@eton.ca>:
> When I run:
> on my SurgeMail server it gets an F grade.
> It is running on a Windows server box and only Surgemail uses port 443
> or SSL.
> SurgeMail Version 6.5a-1, Built Sep 9 2013 12:52:22, Platform Windows (Surgeweb Enabled)
> In particular, the test notes that:
> * This server is not vulnerable to the Heartbleed attack. (Yay!)
> * This server supports SSL 2, which is obsolete and insecure. Grade set
> to F. (Boo!)
> * The server supports only older protocols, but not the current best TLS
> 1.2. Grade capped to B. (Boo!)
> Is there any way to harden SurgeMail to raise these ratings? A
> Surgemail.ini setting or two? Or does in need a new build?
> Neil Herber
Last Message | Next Message
Site Map |
Contact Netwin |
POP3 Mail Server |
Linux Webmail |
UnInstall instructions for all products
Copyright © 2017 Netwin Ltd. All rights reserved.