The next commands are used to optimize and secure my Zimbra Collaboration 8.8 Open Source Edition (executed as user zimbra in the CLI):
zmdhparam set -new 3072 zmprov mcf zimbraMtaSmtpTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsCiphers high zmlocalconfig -e postfix_enable_smtpd_policyd=yes zmprov mcf zimbraMtaEnableSmtpdPolicyd TRUE zmprov mcf +zimbraMtaRestriction "check_policy_service unix:private/policy" zmprov mcf zimbraMtaSmtpTlsSecurityLevel may postconf -e smtpd_tls_security_level=may postconf -e tls_preempt_cipherlist=yes postconf -e tls_session_ticket_cipher=aes-256-cbc zmprov mcf zimbraMtaRecipientDelimiter + zmprov modifyConfig zimbraFileUploadMaxSize 40960000 zmprov modifyConfig zimbraMtaMaxMessageSize 51200000 zmprov modifyConfig zimbraMailContentMaxSize 102400000 zmlocalconfig -e antispam_enable_rule_updates=true zmlocalconfig -e antispam_enable_restarts=true zmlocalconfig -e antispam_enable_rule_compilation=true zmprov mcf zimbraMtaSmtpdTlsExcludeCiphers 'MEDIUM,LOW,EXPORT,aNULL,eNULL,MD5,DES,RC4' zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:!MEDIUM:!LOW:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'