Checking my mailbox setup sending a mail to mailtest@unlocktheinbox.com I’ve been warned that Yunohost Postfix and Dovecot configuration are vulnerable to POODLE, as they allow connexion trough SSLv3.
if you want to read more about it in english or in french
POSTFIX
It can be fixed disabling the SSLV3 protocol for both packages. You will need to adjust your configuration adding the following line
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
You’ll want to look in the # TLS parameters section of /etc/postfix/main.cf. This will force Postfix SMTP to not use SSLv3 or SSLv2. You will also need to restart Postfix:
sudo service postix restart
DOVECOT
the following fix only works with Dovecot versions 2.1 and above. (Yunohost has 2.1.7 version installed)
You should modifiy the /etc/dovecot/dovecot.conf configuration file and add the following line
ssl_protocols = !SSLv2 !SSLv3
Right after the ssl_key line, so it will look like
ssl_key = </etc/ssl/private/yunohost_key.pem
ssl_protocols = !SSLv2 !SSLv3
then you can restart dovecot
sudo service dovecot restart