> https://robotattack.org > These tests appear to be aimed at website testing. Any ideas how to
> test a mail server for the robot attack?
In addition to the fact that (non-antique) OpenSSL is not vulnerable to
the attack, the way it works would be difficult to use against any
post-connection TLS initiation (i.e. STARTTLS for SMTP & IMAP4, STLS for
POP3) because it would generate substantial log noise, which it would
not for HTTPS (or probably for "wrappermode" SMTPS.) If you log deeply
enough to see the attack, it gets lost in the background noise.