The latest release of the Dovecot IMAP server (2.2.16) is vulnerable to a remote denial of service (DoS) and has been assigned CVE-2015-3420.
Hanno Böck, who found the vulnerability, reports that the imap-login process can be remotely terminated on a handshake failure.
The vulnerability can be triggered by trying to establish a SSLv3 connection to a dovecot server having disabled that option.
It has been advised to disable the use of SSLv3 in favor of TLS since the POODLE attack.
