Recently, a critical vulnerability affecting Zimbra’s postjournal service (CVE-2024-45519) was identified and is now disclosed on various security websites. The good news? Postjournal service is not enabled by default and Zimbra has already patched this vulnerability. This patch was published in early September. Read the blog post here. Patch Release: Multiple security issues related to […]
Author Archive | Barry de Graaff
Enhance Zimbra Security with AuditD and ACLs
Auditd (Linux Audit Daemon) can be used to capture detailed information about file accesses, system calls, and user actions. Auditd provides administrators the ability to track changes and identify suspicious activities and potentially get an early warning on system compromise by hackers. Adding Auditd to your system will give you more detailed logs, but it […]
Prevent Host header injection vulnerability in Zimbra
This is an old issue but Zimbra installations can have a very long life span, in addition it is a good precaution to validate your configuration, just in case. Zimbra Proxy has the ability to strictly enforce which values are allowed in the Host header passed in by the client. This is enabled by default […]
Enhance password security by rejecting common and leaked passwords
In this article you will learn: How to prevent users from choosing common passwords How to add leaked passwords to the list of passwords to reject Enabled the Reject Common Passwords feature You can enable the Zimbra Reject Common Passwords on a per account basis or for an entire Class Of Service (CoS). To enable […]
How to disable Zimbra two factor trusted devices
By Barry de Graaff on June 26, 2024 in Did You Know, Partners, PowerTips – Admins, Security & Privacy
It is well known that you can enable 2FA in Zimbra Network Edition to enhance account security. All details on Zimbra 2FA can be found at https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication Zimbra also enables by default the Trusted Devices feature. This allows users to enter their 2FA token only once for each device. Consider turning off the Trusted Devices […]
Upgrade & Migration Guides for upgrading to Zimbra 10
We have released the Upgrade & Migration Guides for upgrading Zimbra 8.8.15 and 9 to Zimbra version 10. For Non-NG setup you can use the following guides: In-Place Upgrade Guide (Single and Multi-Node setup)Rolling-Upgrade Guide (Multi-Node setup)For NG setup 9.0.0, 8.8.15 for both Network Edition and FOSS you can use the following guides: In-Place Upgrade […]