Postfix PCI Compliance in ZCS: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{{Article Infobox|{{admin}}|{{ZCS 6.0}}|{{ZCS 7.0}}|}} | {{Article Infobox|{{admin}}|{{ZCS 6.0}}|{{ZCS 7.0}}|}}==Reconfigure the Postfix SSL/TLS settings== | ||
===Configuring Postfix for PCI Compliance=== | |||
Reference - http://www.postfix.org/TLS_README.html | |||
====For ZCS 8.5, as the '''zimbra''' user==== | |||
zmprov mcf zimbraMtaSmtpdTlsCiphers high | |||
zmprov mcf zimbraMtaSmtpdTlsProtocols 'SSLv3,TLSv1,\!SSLv2' | |||
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high | |||
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES' | |||
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant. | |||
====For ZCS 8.0 and previous==== | |||
zmlocalconfig -e smtpd_tls_ciphers=high | zmlocalconfig -e smtpd_tls_ciphers=high | ||
postconf -e smtpd_tls_protocols=SSLv3,TLSv1,\!SSLv2 | |||
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high | zmlocalconfig -e smtpd_tls_mandatory_ciphers=high | ||
postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES | |||
The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that '''smtpd_tls_protocols''' and '''smtpd_tls_exclude_ciphers''' will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous. | |||
{{Article Footer|ZCS | {{Article Footer|ZCS 7.2.0|11/30/2013}} | ||
[[Category: SSL/TLS]] | [[Category: SSL/TLS]] | ||
[[Category: ZCS | [[Category: ZCS 7.0]] | ||
[[Category: ZCS | [[Category: ZCS 8.0]] | ||
[[Category: ZCS 8.5]] |
Revision as of 23:11, 24 July 2014
Article Information |
---|
This article applies to the following ZCS versions. |
Reconfigure the Postfix SSL/TLS settings
Configuring Postfix for PCI Compliance
Reference - http://www.postfix.org/TLS_README.html
For ZCS 8.5, as the zimbra user
zmprov mcf zimbraMtaSmtpdTlsCiphers high zmprov mcf zimbraMtaSmtpdTlsProtocols 'SSLv3,TLSv1,\!SSLv2' zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.
For ZCS 8.0 and previous
zmlocalconfig -e smtpd_tls_ciphers=high postconf -e smtpd_tls_protocols=SSLv3,TLSv1,\!SSLv2 zmlocalconfig -e smtpd_tls_mandatory_ciphers=high postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES
The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.