Postfix PCI Compliance in ZCS: Difference between revisions
No edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{ | {{BC|Community Sandbox}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Postfix PCI Compilance in Zimbra Collaboration= | |||
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}} | |||
{{WIP}} | |||
==Reconfigure the Postfix SSL/TLS settings== | |||
===Configuring Postfix for PCI Compliance=== | ===Configuring Postfix for PCI Compliance=== |
Latest revision as of 20:22, 12 July 2015
Postfix PCI Compilance in Zimbra Collaboration
- This article is a Work in Progress, and may be unfinished or missing sections.
Reconfigure the Postfix SSL/TLS settings
Configuring Postfix for PCI Compliance
Reference - http://www.postfix.org/TLS_README.html
For ZCS 8.5, as the zimbra user
zmprov mcf zimbraMtaSmtpdTlsCiphers high zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3' zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.
For ZCS 8.0 and previous, as the zimbra user
zmlocalconfig -e smtpd_tls_ciphers=high postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2 zmlocalconfig -e smtpd_tls_mandatory_ciphers=high postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES
The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.