Insecure Exim TLS config

[dmromanov]

$ nmap -sV --script ssl-poodle -p 465 <domain>

Starting Nmap 6.40 ( http://nmap.org )
PORT     STATE  SERVICE VERSION
465/tcp  open   smtps?
| ssl-poodle: 
|   VULNERABLE:
|   SSL POODLE information leak
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2014-3566  OSVDB:113251
|     Description:
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
|           other products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_FALLBACK_SCSV properly implemented
|     References:
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
|       http://osvdb.org/113251
|       https://www.imperialviolet.org/2014/10/14/poodle.html
|_      https://www.openssl.org/~bodo/ssl-poodle.pdf

Solution is to disable SSLv3 via Exim's tls_require_ciphers parameter.