OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.
http://seclists.org/oss-sec/2013/q2/362
http://seclists.org/oss-sec/2013/q2/366