Postfix PCI Compliance in ZCS

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Article Information
This article applies to the following ZCS versions. ZCS 5.0

Reconfigure the Postfix SSL/TLS settings

1. Make a backup of /opt/zimbra/postfix/conf/main.cf in case you need to rollback or refer to after an upgrade.

2. Log in as root in the command line utility. Switch to the zimbra user account.

su - zimbra

3. Type the following commands:

postconf -e smtpd_tls_ciphers=medium
postconf -e smtpd_tls_protocols=\!SSLv2
postconf -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5"

The SSL/TLS settings are now reconfigured. The changes will take effect immediately.

4. To ensure that your changes are not overwritten by a future Zimbra upgrade, you can set them in the local config.

zmlocalconfig -e smtpd_tls_ciphers=medium
zmlocalconfig -e smtpd_tls_protocols=\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
zmlocalconfig -e smtpd_tls_exclude_ciphers="aNULL, MD5"

Reference - http://www.postfix.org/TLS_README.html

5. Use 'zmmtactl restart' to restart postfix.

Verified Against: unknown	Date Created: 11/30/2009
Article ID: https://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS	Date Modified: 2010-04-19

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Postfix PCI Compliance in ZCS

Reconfigure the Postfix SSL/TLS settings

Products

Support

Learn

Community