Postfix PCI Compliance in ZCS

Postfix PCI Compilance in Zimbra Collaboration

   KB 3123        Last updated on 07/12/2015  

(0 votes)
 - This article is a Community contribution and may include unsupported customizations.
 - This article is a Work in Progress, and may be unfinished or missing sections.

Reconfigure the Postfix SSL/TLS settings

Configuring Postfix for PCI Compliance

Reference -

For ZCS 8.5, as the zimbra user

zmprov mcf zimbraMtaSmtpdTlsCiphers high
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high
zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'aNULL,MD5,DES'

Within 2 minutes, zmconfigd will update postfix for you, and the system will be PCI compliant.

For ZCS 8.0 and previous, as the zimbra user

zmlocalconfig -e smtpd_tls_ciphers=high
postconf -e smtpd_tls_protocols=\!SSLv3,\!SSLv2
zmlocalconfig -e smtpd_tls_mandatory_ciphers=high
postconf -e smtpd_tls_exclude_ciphers=aNULL,MD5,DES

The SSL/TLS settings are now reconfigured. The changes will take effect within 2 minutes. Note that smtpd_tls_protocols and smtpd_tls_exclude_ciphers will need to be set after every upgrade as there is no way to preserve them in ZCS 8.0 and previous.

Verified Against: ZCS 7.2.0 Date Created: 11/30/2013
Article ID: Date Modified: 07/12/2015

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search