1

Topic: OpenSSL Vulnerability

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

As we all have this information. I am using OpenBSD as my OS with iredmail. Can anyone show me on how to do the following.
1. Rebuild patched source code of OpenBSD base system to upgrade OpenSSL
2. install a binary patch from https://stable.mtier.org/

I have downloaded a patch from https://stable.mtier.org/ and installed it successly but my system still saying am vulnerable. Am I required to remove the original OpenSSL and install the binpatch?

How can I build or remove the OpenSSL that came with my system or iredmail?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: OpenSSL Vulnerability

djbahati1 wrote:

but my system still saying am vulnerable

How did you check it?
Did you update your SSL certificate?

3

Re: OpenSSL Vulnerability

ZhangHuangbin wrote:
djbahati1 wrote:

but my system still saying am vulnerable

How did you check it?
Did you update your SSL certificate?

You can check using https://filippo.io/Heartbleed/ or compiling and using in your own machine in https://gobuild.io/download/github.com/ … artbleeder