Since upgrading to 3.0.5.4p3, which I believe fixes the Poodle vulnerability, I'm receiving a "TLS required to log in" on Gmail, when it tries to check my mailbox for email. If I change the port and select "Always use a secure connection (SSL) when retrieving mail" I get the following error; ""SSL protocol error. Please try disabling SSL, or contact your other provider to verify the correct port settings." Do I now need an SSL cert on my ISPConfig install, and change the POP server to be mail.domain.com that has the SSL cert against it? Can I disable SSL for email? Thanks
The changes just disable the sslv3 protocol as its insecure. you can still use pop3, imap and smtp with the newer and secure tls protocols. if gmail does not support secure pop3 and imap logins with tls, then you have to deactivate the changes in dovecot.conf.
I made the changes from this how-to; http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack ...which worked fine and everything was ok. However, it seems like the ISPConfig update clashed with something and that's when it stopped. Reversed my changes from the how-to, and it seems to be ok again now. PS I don't have Dovecot installed. What does it actually do?
