Postfix PCI Compliance in ZCS

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 5.0 Article ZCS 5.0

Reconfigure the Postfix SSL/TLS settings

1. Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.

2. Log in as root in the command line utility. Switch to the zimbra user account.

su - zimbra

3. Type the following commands:

postconf -e smtpd_tls_ciphers=medium
postconf -e smtpd_tls_protocols=\!SSLv2
postconf -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5"

The SSL/TLS settings are now reconfigured. The changes will take effect immediately.

4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.

zmlocalconfig -e smtpd_tls_ciphers=medium
zmlocalconfig -e smtpd_tls_protocols=\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5"

Reference - http://www.postfix.org/TLS_README.html

5. Use 'zmmtactl restart' to restart postfix.


Verified Against: unknown Date Created: 11/30/2009
Article ID: https://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS Date Modified: 2010-04-19



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search