Postfix PCI Compliance in ZCS: Difference between revisions
m (Adding Article Footer and Categories) |
No edit summary |
||
Line 1: | Line 1: | ||
===Reconfigure the Postfix SSL/TLS settings=== | ===Reconfigure the Postfix SSL/TLS settings=== | ||
Line 12: | Line 10: | ||
postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1" | postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1" | ||
postconf -e smtpd_tls_mandatory_ciphers=" | postconf -e smtpd_tls_mandatory_ciphers="high" | ||
postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5" | |||
The SSL/TLS settings are now reconfigured. The changes will take effect immediately. | The SSL/TLS settings are now reconfigured. The changes will take effect immediately. | ||
Line 19: | Line 18: | ||
zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1" | zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1" | ||
zmlocalconfig -e smtpd_tls_mandatory_ciphers=" | zmlocalconfig -e smtpd_tls_mandatory_ciphers="high" | ||
zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5" | |||
Reference - http://www.postfix.org/TLS_README.html | |||
Revision as of 19:43, 1 December 2009
Reconfigure the Postfix SSL/TLS settings
1. Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.
2. Log in as root in the command line utility. Switch to the zimbra user account.
su - zimbra
3. Type the following commands:
postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1" postconf -e smtpd_tls_mandatory_ciphers="high" postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5"
The SSL/TLS settings are now reconfigured. The changes will take effect immediately.
4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.
zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1" zmlocalconfig -e smtpd_tls_mandatory_ciphers="high" zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5"
Reference - http://www.postfix.org/TLS_README.html