Postfix PCI Compliance in ZCS

Revision as of 23:11, 24 July 2014 by Quanah (talk | contribs)

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 6.0 Article ZCS 6.0 ZCS 7.0 Article ZCS 7.0

Reconfigure the Postfix SSL/TLS settings

Configuring Postfix for PCI Compliance

Reference - http://www.postfix.org/TLS_README.html

For ZCS 8.5, as the zimbra user

zmprov mcf zimbraMtaSmtpdTlsCiphers high
zmprov mcf zimbraMtaSmtpdTlsProtocols 'SSLv3,TLSv1,\!SSLv2'
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'

Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.

For ZCS 8.0 and previous

zmlocalconfig -e smtpd_tls_ciphers=high
postconf -e smtpd_tls_protocols=SSLv3,TLSv1,\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES

The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.

Verified Against: ZCS 7.2.0 Date Created: 11/30/2013
Article ID: https://wiki.zimbra.com/index.php?title=Postfix_PCI_Compliance_in_ZCS Date Modified: 2014-07-24



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search