Difference between revisions of "Postfix PCI Compliance in ZCS"

(For ZCS 8.5, as the zimbra user)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Article Infobox|{{admin}}|{{ZCS 6.0}}|{{ZCS 7.0}}|{{ZCS 8.0}}|{{ZCS 8.5}}|}}==Reconfigure the Postfix SSL/TLS settings==
+
{{BC|Community Sandbox}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Postfix PCI Compilance in Zimbra Collaboration=
 +
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}}
 +
{{WIP}}
 +
==Reconfigure the Postfix SSL/TLS settings==
  
 
===Configuring Postfix for PCI Compliance===
 
===Configuring Postfix for PCI Compliance===
Line 7: Line 13:
 
====For ZCS 8.5, as the '''zimbra''' user====
 
====For ZCS 8.5, as the '''zimbra''' user====
 
  zmprov mcf zimbraMtaSmtpdTlsCiphers high
 
  zmprov mcf zimbraMtaSmtpdTlsCiphers high
  zmprov mcf zimbraMtaSmtpdTlsProtocols 'TLSv1,\!SSLv2,\!SSLv3'
+
  zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
 
  zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
 
  zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
 
  zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
 
  zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
Line 16: Line 22:
  
 
  zmlocalconfig -e smtpd_tls_ciphers=high
 
  zmlocalconfig -e smtpd_tls_ciphers=high
  postconf -e smtpd_tls_protocols=SSLv3,TLSv1,\!SSLv2
+
  postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2
 
  zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
 
  zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
 
  postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES
 
  postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES

Latest revision as of 20:22, 12 July 2015

Postfix PCI Compilance in Zimbra Collaboration

   KB 3123        Last updated on 2015-07-12  




0.00
(0 votes)

Reconfigure the Postfix SSL/TLS settings

Configuring Postfix for PCI Compliance

Reference - http://www.postfix.org/TLS_README.html

For ZCS 8.5, as the zimbra user

zmprov mcf zimbraMtaSmtpdTlsCiphers high
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'

Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.

For ZCS 8.0 and previous, as the zimbra user

zmlocalconfig -e smtpd_tls_ciphers=high
postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES

The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.

Verified Against: ZCS 7.2.0 Date Created: 11/30/2013
Article ID: https://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS Date Modified: 2015-07-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search