Products: IMail Server Plus, IMail Server Premium, IMail Server

OpenSSL Vulnerability Fixes

« Go Back

Information

 
Description
I hear about all the SSL vulnerabilities related to the OpenSSL that IMail uses, what has been fixed and how do I fix it?
Solution
IMail has included all of the fixes for the OpenSSL vulnerabilities that included the Heartbleed, POODLE, and those found before June 12, 2015 in the  release of IMail (version 12.5.3).   In the mean time, you may download the files for IMail so you may manually install them so your current IMail server will not be vulnerable.
  • DROWN – fixed in OpenSSL 1.0.1t (3 May 2016 Release)
    • Zip file below with OpenSSL 1.0.1t
  • Poodle – fixed in OpenSSL 1.0.1j
    NOTE: There are still other steps that need to be taken for the POODLE vulnerability.
    • IMail 12.5.3 shipped with OpenSSL 1.0.1.j
  • Heartbleed – fixed in OpenSSL 1.0.1g
 
Please refer to the OpenSSL vulnerabilities page for more information.
 
Here is how to update OpenSSL in IMail to the latest version:
  1. Download the zip file from below.
  2. Stop services POP3, IMAP4, SMTP, and Queue Manager.
  3. Navigate to your IMail install directory.
  4. Replace libeay32.dll, openssl.exe, and ssleay32.dll with the files contained in this zip file.
  5. Start services POP3, IMAP4, SMTP, and Queue Manager.



 
Version11.5; 12.0; 12.1; 12.2; 12.3; 12.4; 12.5; 12.5.1; 12.5.2; 12.5.3; 12.5.4

 
Customer Service Softwaresalesforce.comHome | Product