This is something that comes up all the time when clients are having PCI compliance scans done on their servers – qmail, by default, allows SSLv2 to be used.
To disable it is very easy. Edit or create /var/qmail/control/tlsserverciphers and add the following line to it:
ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
Now restart qmail, and you’re done!
Have you ever wondered what all those SMTP status codes mean? It’s not that hard to read. Each code consists of three numbers. The format for this is class.subject.detail, for example 2.5.0 (also written as 250).
Here is a list of the classes:
2.x.x – Succes 4.x.x – Temporary failure 5.x.x – Permanent failureHere are the subjects:
x.0.x – Other or undefined x.1.x – Addressing related
