Cipher Filtering for SMTP and SMTPS

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
6636aturner
Posts: 6
Joined: Sat Sep 13, 2014 2:42 am

Cipher Filtering for SMTP and SMTPS

Postby 6636aturner » Wed Aug 01, 2012 1:33 pm

I'm trying to restrict ALL Zimbra communications from using any ciphers other than RC4 (please don't ask why, not my idea).
I was able to make it happen via Cipher suites - Zimbra :: Wiki, however the described method does not restrict ciphers for SMTP or SMTPS. Does anyone know where the cipher suites can be defined and/or limited for SMTP and STMPS?


StephaneP
Posts: 4
Joined: Sat Sep 13, 2014 2:32 am

Cipher Filtering for SMTP and SMTPS

Postby StephaneP » Thu Aug 02, 2012 5:24 am

Sounds like you need to do this at Postfix configuration level: Postfix Configuration Parameters

Be careful: when changing configuration files directly, your changes are overriden when Zimbra is upgraded.
6636aturner
Posts: 6
Joined: Sat Sep 13, 2014 2:42 am

Cipher Filtering for SMTP and SMTPS

Postby 6636aturner » Wed Aug 08, 2012 11:51 am

[quote user="StephaneP"]Sounds like you need to do this at Postfix configuration level: Postfix Configuration Parameters

Be careful: when changing configuration files directly, your changes are overriden when Zimbra is upgraded.[/QUOTE]
Thanks StephaneP. I am trying to convince my client that simply blocking SMTP at the firewall and having all communications go over 443 is a much cleaner way of avoiding automated vulnerability scanners' reports of vulnerable ciphers, as our SSL entry point has been locked down. He mentioned that iPads and iPhones are using SMTP, is it possible those clients are just not set up for SSL?

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 16 guests