Difference between revisions of "Postfix PCI Compliance in ZCS"

(adding first entry for postfix)
 
 
(19 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 +
{{BC|Community Sandbox}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Postfix PCI Compilance in Zimbra Collaboration=
 +
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}}
 +
{{WIP}}
 +
==Reconfigure the Postfix SSL/TLS settings==
  
=Working towards PCI Compliance for Zimbra 5.0.x=
+
===Configuring Postfix for PCI Compliance===
  
===Reconfigure the Postfix SSL/TLS settings===
+
Reference - http://www.postfix.org/TLS_README.html
  
1Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.
+
====For ZCS 8.5, as the '''zimbra''' user====
 +
zmprov mcf zimbraMtaSmtpdTlsCiphers high
 +
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
 +
  zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
 +
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
  
2. Log in as root in the command line utility. Switch to the zimbra user account.
+
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.
  
su - zimbra
+
====For ZCS 8.0 and previous, as the '''zimbra''' user====
  
3. Type the following commands:
+
zmlocalconfig -e smtpd_tls_ciphers=high
 +
postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2
 +
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
 +
postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES
  
  postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
+
The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that '''smtpd_tls_protocols''' and '''smtpd_tls_exclude_ciphers''' will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.
  postconf -e smtpd_tls_mandatory_ciphers="medium, high"
 
  
The SSL/TLS settings are now reconfigured. The changes will take effect immediately.
+
{{Article Footer|ZCS 7.2.0|11/30/2013}}
  
4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.
+
[[Category: SSL/TLS]]
 
+
[[Category: ZCS 7.0]]
zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
+
[[Category: ZCS 8.0]]
zmlocalconfig -e smtpd_tls_mandatory_ciphers="medium, high"
+
[[Category: ZCS 8.5]]

Latest revision as of 20:22, 12 July 2015

Postfix PCI Compilance in Zimbra Collaboration

   KB 3123        Last updated on 2015-07-12  




0.00
(0 votes)

Reconfigure the Postfix SSL/TLS settings

Configuring Postfix for PCI Compliance

Reference - http://www.postfix.org/TLS_README.html

For ZCS 8.5, as the zimbra user

zmprov mcf zimbraMtaSmtpdTlsCiphers high
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'

Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.

For ZCS 8.0 and previous, as the zimbra user

zmlocalconfig -e smtpd_tls_ciphers=high
postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES

The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.

Verified Against: ZCS 7.2.0 Date Created: 11/30/2013
Article ID: https://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS Date Modified: 2015-07-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search