Postfix PCI Compliance in ZCS: Difference between revisions
(Adding ArticleInfobox) |
No edit summary |
||
Line 9: | Line 9: | ||
3. Type the following commands: | 3. Type the following commands: | ||
postconf -e | postconf -e smtpd_tls_ciphers=medium | ||
postconf -e smtpd_tls_mandatory_ciphers= | postconf -e smtpd_tls_protocols=\!SSLv2 | ||
postconf -e smtpd_tls_mandatory_ciphers=high | |||
postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5" | postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5" | ||
Line 17: | Line 18: | ||
4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config. | 4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config. | ||
zmlocalconfig -e | zmlocalconfig -e smtpd_tls_ciphers=medium | ||
zmlocalconfig -e smtpd_tls_mandatory_ciphers= | zmlocalconfig -e smtpd_tls_protocols=\!SSLv2 | ||
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high | |||
zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5" | zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5" | ||
Reference - http://www.postfix.org/TLS_README.html | Reference - http://www.postfix.org/TLS_README.html | ||
5. Use 'zmmtactl restart' to restart postfix. | |||
Revision as of 00:07, 16 April 2010
Article Information |
---|
This article applies to the following ZCS versions. |
Reconfigure the Postfix SSL/TLS settings
1. Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.
2. Log in as root in the command line utility. Switch to the zimbra user account.
su - zimbra
3. Type the following commands:
postconf -e smtpd_tls_ciphers=medium postconf -e smtpd_tls_protocols=\!SSLv2 postconf -e smtpd_tls_mandatory_ciphers=high postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5"
The SSL/TLS settings are now reconfigured. The changes will take effect immediately.
4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.
zmlocalconfig -e smtpd_tls_ciphers=medium zmlocalconfig -e smtpd_tls_protocols=\!SSLv2 zmlocalconfig -e smtpd_tls_mandatory_ciphers=high zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5"
Reference - http://www.postfix.org/TLS_README.html
5. Use 'zmmtactl restart' to restart postfix.