In the past few days news sites and a few blogs have picked up a document written by Fortify Software regarding “JavaScript Hijacking”. We’ve also had a few customers and our community ask for Zimbra’s view on the topic. First and foremost we take security very seriously. We’ve talked about securing ajax in the past but would like to reinforce a couple points in light of the most recent news.
To continue the Zimbra blog series on Ajax (recent entries include Ajax innovation is about the server, Ajax optimization techniques (presented at OSCON), OpenAjax update, and Ajax’s impact on scaling), we wanted to offer some general thoughts on securing Ajax applications gleaned, of course, from our Zimbra experience.
Some of you may already know about this but for those who don’t or forgot. After setting up your mail server you should run a mail relay test. This will run several tests against your MTA and verify it’s properly configured. By default Zimbra ships postfix such that it’s not a relay. However any custom config may open your server up for abuse. Always better to check before a spammer finds you!
