Merge pull request #1 from smtpd/master

Update from original.

config.sample/dkim/dkim_key_gen.sh

@@ -44,7 +44,7 @@ With SPF:
 
 With DMARC:
 
-_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@'$DOMAIN; pct=100"
+_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@$DOMAIN; pct=100"
 
 With DomainKeys (deprecated)
 

lib/Qpsmtpd/SMTP.pm

@@ -843,7 +843,7 @@ sub received_line {
         $smtp .= "S" if $esmtp;    # RFC3848
         $sslheader = "("
           . $self->connection->notes('tls_socket')->get_cipher()
-          . " encrypted) ";
+          . " encrypted)";
     }
     if (defined $self->{_auth} && $self->{_auth} == OK) {
         my $mech = $self->{_auth_mechanism};
@@ -869,7 +869,7 @@ sub received_line {
           . $self->config('me')
           . " (qpsmtpd/"
           . $self->version
-          . ") with $sslheader$smtp; "
+          . ") with $smtp $sslheader; "
           . (strftime('%a, %d %b %Y %H:%M:%S %z', localtime));
     }
     $self->transaction->header->add('Received', $header_str, 0);

plugins/tls

@@ -86,6 +86,9 @@ sub init {
     local $^W;    # this bit is very noisy...
     my $ssl_ctx =
       IO::Socket::SSL::SSL_Context->new(
+                                        # Disable SSLv2 and SSLv3 to avoid POODLE attacks. This is already
+                                        # the default in sufficiently recent versions of IO::Socket::SSL
+                                        SSL_version => 'SSLv23:!SSLv3:!SSLv2',
                                         SSL_use_cert    => 1,
                                         SSL_cert_file   => $self->tls_cert,
                                         SSL_key_file    => $self->tls_key,