Difference between revisions of "Postfix PCI Compliance in ZCS"
m (Adding Article Footer and Categories) |
|||
| (18 intermediate revisions by 7 users not shown) | |||
| Line 1: | Line 1: | ||
| − | = | + | {{BC|Community Sandbox}} |
| + | __FORCETOC__ | ||
| + | <div class="col-md-12 ibox-content"> | ||
| + | =Postfix PCI Compilance in Zimbra Collaboration= | ||
| + | {{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}} | ||
| + | {{WIP}} | ||
| + | ==Reconfigure the Postfix SSL/TLS settings== | ||
| − | === | + | ===Configuring Postfix for PCI Compliance=== |
| − | + | Reference - http://www.postfix.org/TLS_README.html | |
| − | + | ====For ZCS 8.5, as the '''zimbra''' user==== | |
| + | zmprov mcf zimbraMtaSmtpdTlsCiphers high | ||
| + | zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3' | ||
| + | zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high | ||
| + | zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES' | ||
| − | + | Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant. | |
| − | + | ====For ZCS 8.0 and previous, as the '''zimbra''' user==== | |
| − | postconf -e | + | zmlocalconfig -e smtpd_tls_ciphers=high |
| − | postconf -e | + | postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2 |
| + | zmlocalconfig -e smtpd_tls_mandatory_ciphers=high | ||
| + | postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES | ||
| − | The SSL/TLS settings are now reconfigured. The changes will take effect | + | The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that '''smtpd_tls_protocols''' and '''smtpd_tls_exclude_ciphers''' will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous. |
| − | + | {{Article Footer|ZCS 7.2.0|11/30/2013}} | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | {{Article Footer| | ||
[[Category: SSL/TLS]] | [[Category: SSL/TLS]] | ||
| − | [[Category: ZCS | + | [[Category: ZCS 7.0]] |
| + | [[Category: ZCS 8.0]] | ||
| + | [[Category: ZCS 8.5]] | ||
Latest revision as of 20:22, 12 July 2015
Contents
Postfix PCI Compilance in Zimbra Collaboration
- This article is a Work in Progress, and may be unfinished or missing sections.
Reconfigure the Postfix SSL/TLS settings
Configuring Postfix for PCI Compliance
Reference - http://www.postfix.org/TLS_README.html
For ZCS 8.5, as the zimbra user
zmprov mcf zimbraMtaSmtpdTlsCiphers high zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3' zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.
For ZCS 8.0 and previous, as the zimbra user
zmlocalconfig -e smtpd_tls_ciphers=high postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2 zmlocalconfig -e smtpd_tls_mandatory_ciphers=high postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES
The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.
