Difference between revisions of "Postfix PCI Compliance in ZCS"

(Adding ArticleInfobox)
Line 9: Line 9:
 
3. Type the following commands:
 
3. Type the following commands:
  
  postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
+
  postconf -e smtpd_tls_ciphers=medium
  postconf -e smtpd_tls_mandatory_ciphers="high"
+
postconf -e smtpd_tls_protocols=\!SSLv2
 +
  postconf -e smtpd_tls_mandatory_ciphers=high
 
  postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5"
 
  postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5"
  
Line 17: Line 18:
 
4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.
 
4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.
  
  zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
+
  zmlocalconfig -e smtpd_tls_ciphers=medium
  zmlocalconfig -e smtpd_tls_mandatory_ciphers="high"
+
zmlocalconfig -e smtpd_tls_protocols=\!SSLv2
 +
  zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
 
  zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5"
 
  zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5"
  
 
Reference - http://www.postfix.org/TLS_README.html
 
Reference - http://www.postfix.org/TLS_README.html
  
 +
5.      Use 'zmmtactl restart' to restart postfix.
  
  

Revision as of 00:07, 16 April 2010

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 5.0 Article ZCS 5.0

Reconfigure the Postfix SSL/TLS settings

1. Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.

2. Log in as root in the command line utility. Switch to the zimbra user account.

su - zimbra

3. Type the following commands:

postconf -e smtpd_tls_ciphers=medium
postconf -e smtpd_tls_protocols=\!SSLv2
postconf -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5"

The SSL/TLS settings are now reconfigured. The changes will take effect immediately.

4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.

zmlocalconfig -e smtpd_tls_ciphers=medium
zmlocalconfig -e smtpd_tls_protocols=\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5"

Reference - http://www.postfix.org/TLS_README.html

5. Use 'zmmtactl restart' to restart postfix.


Verified Against: unknown Date Created: 11/30/2009
Article ID: https://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS Date Modified: 2010-04-16



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search