Postfix PCI Compliance in ZCS: Difference between revisions
Line 7: | Line 7: | ||
====For ZCS 8.5, as the '''zimbra''' user==== | ====For ZCS 8.5, as the '''zimbra''' user==== | ||
zmprov mcf zimbraMtaSmtpdTlsCiphers high | zmprov mcf zimbraMtaSmtpdTlsCiphers high | ||
zmprov mcf zimbraMtaSmtpdTlsProtocols ' | zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3' | ||
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high | zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high | ||
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES' | zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES' |
Revision as of 17:08, 8 November 2014
Article Information |
---|
This article applies to the following ZCS versions. |
Reconfigure the Postfix SSL/TLS settings
Configuring Postfix for PCI Compliance
Reference - http://www.postfix.org/TLS_README.html
For ZCS 8.5, as the zimbra user
zmprov mcf zimbraMtaSmtpdTlsCiphers high zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3' zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'
Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.
For ZCS 8.0 and previous, as the zimbra user
zmlocalconfig -e smtpd_tls_ciphers=high postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2 zmlocalconfig -e smtpd_tls_mandatory_ciphers=high postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES
The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.