Difference between revisions of "Postfix PCI Compliance in ZCS"
(→For ZCS 8.5, as the zimbra user) |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | {{ | + | {{BC|Community Sandbox}} |
| + | __FORCETOC__ | ||
| + | <div class="col-md-12 ibox-content"> | ||
| + | =Postfix PCI Compilance in Zimbra Collaboration= | ||
| + | {{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}} | ||
| + | {{WIP}} | ||
| + | ==Reconfigure the Postfix SSL/TLS settings== | ||
===Configuring Postfix for PCI Compliance=== | ===Configuring Postfix for PCI Compliance=== | ||
Latest revision as of 20:22, 12 July 2015
Contents
Postfix PCI Compilance in Zimbra Collaboration
- This article is a Work in Progress, and may be unfinished or missing sections.
Reconfigure the Postfix SSL/TLS settings
Configuring Postfix for PCI Compliance
Reference - http://www.postfix.org/TLS_README.html
For ZCS 8.5, as the zimbra user
zmprov mcf zimbraMtaSmtpdTlsCiphers high zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3' zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.
For ZCS 8.0 and previous, as the zimbra user
zmlocalconfig -e smtpd_tls_ciphers=high postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2 zmlocalconfig -e smtpd_tls_mandatory_ciphers=high postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES
The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.
