Our email services were vulnerable to the POODLE attack, but patched just hours after the announcement of the fix.  We no longer accept SSLv2 or SSLv3 requests.  Be sure your clients are set to have TLS encryption instead of SSL encryption protocols.

Our email services were never vulnerable to the Heartbleed bug.  You can read the Google Advisory for more information.