IMail has included all of the fixes for the OpenSSL vulnerabilities
that included the Heartbleed, POODLE, and those found before June 12, 2015 in the release of IMail (version 12.5.3). In the mean time, you may download the files for IMail so you may manually install them so your current IMail server will not be vulnerable.
Please refer to the OpenSSL vulnerabilities
- DROWN – fixed in OpenSSL 1.0.1t (3 May 2016 Release)
- Zip file below with OpenSSL 1.0.1t
- Poodle – fixed in OpenSSL 1.0.1j
NOTE: There are still other steps that need to be taken for the POODLE vulnerability.
- IMail 12.5.3 shipped with OpenSSL 1.0.1.j
- Heartbleed – fixed in OpenSSL 1.0.1g
page for more information. Here is how to update OpenSSL in IMail to the latest version:
- Download the zip file from below.
- Stop services POP3, IMAP4, SMTP, and Queue Manager.
- Navigate to your IMail install directory.
- Replace libeay32.dll, openssl.exe, and ssleay32.dll with the files contained in this zip file.
- Start services POP3, IMAP4, SMTP, and Queue Manager.