Postfix PCI Compliance in ZCS

Revision as of 00:01, 1 December 2009 by Scott Nelson Windels (talk | contribs) (adding first entry for postfix)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Working towards PCI Compliance for Zimbra 5.0.x

Reconfigure the Postfix SSL/TLS settings

1. Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.

2. Log in as root in the command line utility. Switch to the zimbra user account. 

su - zimbra

3. Type the following commands: 

postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
postconf -e smtpd_tls_mandatory_ciphers="medium, high"

The SSL/TLS settings are now reconfigured. The changes will take effect immediately.

4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config. 

zmlocalconfig -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
zmlocalconfig -e smtpd_tls_mandatory_ciphers="medium, high"
Retrieved from "http://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS&oldid=15610"
Jump to: navigation, search