Postfix PCI Compliance in ZCS: Difference between revisions

m (Adding Article Footer and Categories)
No edit summary
 
(18 intermediate revisions by 7 users not shown)
Line 1: Line 1:
=Working towards PCI Compliance for Zimbra 5.0.x=
{{BC|Community Sandbox}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=Postfix PCI Compilance in Zimbra Collaboration=
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}}
{{WIP}}
==Reconfigure the Postfix SSL/TLS settings==


===Reconfigure the Postfix SSL/TLS settings===
===Configuring Postfix for PCI Compliance===


1.  Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.
Reference - http://www.postfix.org/TLS_README.html


2. Log in as root in the command line utility. Switch to the zimbra user account.
====For ZCS 8.5, as the '''zimbra''' user====
zmprov mcf zimbraMtaSmtpdTlsCiphers high
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'


su - zimbra
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.


3. Type the following commands:
====For ZCS 8.0 and previous, as the '''zimbra''' user====


  postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
zmlocalconfig -e smtpd_tls_ciphers=high
  postconf -e smtpd_tls_mandatory_ciphers="medium, high"
  postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
  postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES


The SSL/TLS settings are now reconfigured.  The changes will take effect immediately.
The SSL/TLS settings are now reconfigured.  The changes will take effect within 2 minutes.  Note that '''smtpd_tls_protocols''' and '''smtpd_tls_exclude_ciphers''' will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.


4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.
{{Article Footer|ZCS 7.2.0|11/30/2013}}
 
zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
zmlocalconfig -e smtpd_tls_mandatory_ciphers="medium, high"
 
 
{{Article Footer|unknown|11/30/2009}}


[[Category: SSL/TLS]]
[[Category: SSL/TLS]]
[[Category: ZCS 5.0]]
[[Category: ZCS 7.0]]
[[Category: ZCS 8.0]]
[[Category: ZCS 8.5]]

Latest revision as of 20:22, 12 July 2015

  1. Zimbra Tech Center
  2. Community Sandbox
  3. Postfix PCI Compliance in ZCS

Postfix PCI Compilance in Zimbra Collaboration

   KB 3123        Last updated on 2015-07-12  




0.00
(0 votes)

Reconfigure the Postfix SSL/TLS settings

Configuring Postfix for PCI Compliance

Reference - http://www.postfix.org/TLS_README.html

For ZCS 8.5, as the zimbra user

zmprov mcf zimbraMtaSmtpdTlsCiphers high
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'

Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.

For ZCS 8.0 and previous, as the zimbra user

zmlocalconfig -e smtpd_tls_ciphers=high
postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES

The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.

Verified Against: ZCS 7.2.0 Date Created: 11/30/2013
Article ID: https://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS Date Modified: 2015-07-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Retrieved from "http://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS&oldid=60132"
Jump to: navigation, search