Postfix PCI Compliance in ZCS

Revision as of 00:01, 1 December 2009 by Scott Nelson Windels (talk | contribs) (adding first entry for postfix)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Working towards PCI Compliance for Zimbra 5.0.x

Reconfigure the Postfix SSL/TLS settings

1. Make a backup of /opt/zimbra/postfix/conf/ in case you need to rollback or refer to after an upgrade.

2. Log in as root in the command line utility. Switch to the zimbra user account.

su - zimbra

3. Type the following commands:

postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
postconf -e smtpd_tls_mandatory_ciphers="medium, high"

The SSL/TLS settings are now reconfigured. The changes will take effect immediately.

4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.

zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
zmlocalconfig -e smtpd_tls_mandatory_ciphers="medium, high"
Jump to: navigation, search