Review your Zimbra configuration after updating to the latest patch

It has come to our attention that in some cases postconf settings are not retained when updating to the latest patch (9.0.0.P34, 8.8.15.P41, 10.0.2).

Make sure to re-apply any customizations, including TLS cipher configurations you had previously configured using the postconf command.

In addition, the latest patch also enabled OpenSSL in FIPS mode, more details on that in an upcoming blog. For now we advise you to review the wiki and update your configuration.

3 Responses to Review your Zimbra configuration after updating to the latest patch

  1. Thomas Maeder August 9, 2023 at 11:49 PM #

    Confirmed – I had to redo postconf settings.

    We always do the following when we update the Zimbra MTA to find possible modified (or lost) configurations:

    $ tar cf – /opt/zimbra/conf /opt/zimbra/common/conf | gzip > conf-before-update.tar.gz

    do the update

    $ tar cf – /opt/zimbra/conf /opt/zimbra/common/conf | gzip > conf-after-update.tar.gz

    $ diff <(zcat conf-before-update.tar.gz | tar tfv – | grep -v '^d' | sort | tr -s ' ' | cut -d ' ' -f1,2,3,6) <(zcat conf-after-update.tar.gz | tar tfv – | grep -v '^d' | sort | tr -s ' ' | cut -d ' ' -f1,2,3,6)

    • Joaquim Homrighausen August 18, 2023 at 12:40 AM #

      That’s a great idea. This should be something Zimbra does “automagically”, or at least put up as a technical wiki article/post/recommendation.

    • Avatar photo
      Barry de Graaff August 21, 2023 at 3:34 AM #

      We will implement this in the future, however sometimes with newer versions of Postfix and other dependencies a reset to default settings will still be needed.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures