# Postfix Vulnerability Scan



## xy16644 (Apr 14, 2014)

This weekend I ran another Vulnerability Scan against my email server since upgrading my OpenSSL and having my SSL certificate re-issued. To my surprise the following risks were in the report:

SSL Server Has SSLv2 Enabled Vulnerability on Port 25

SSL Server Allows Anonymous Authentication Vulnerability on Port 25 and 587

What I find strange is that the report I have run before never mentioned the above vulnerabilities. In my main.cf file I set:


```
smtpd_tls_protocols = !SSLv2
```

To disable SSLv2. Should I also disable SSLv3?

How do I turn off Anonymous Authentication?


----------

