In Zimbra you can optionally enable Postscreen as an additional Anti-SPAM strategy. Postscreen will offer additional protection against mail server overload. One postscreen process handles multiple inbound SMTP connections and decides which clients may talk to a Post-fix SMTP server process. By keeping spambots away, postscreen leaves more SMTP server processes available for legitimate clients […]
Author Archive | Barry de Graaff
Update Zimbra TLS cipher suites to disable Diffie-Hellmann
In a previous blog and wiki we have shown how to configure Zimbra with a strong TLS configuration. Since encryption is always evolving we have updated the previous blog and wiki to disable Diffie-Hellman. If you have applied the steps from the Cipher Suites wiki before, you can run the following commands as user zimbra […]
Email Security Protect your email account and data
Identity theft, fraudulent use of your credit card, ransomware… cybercrime is always evolving. There are some simple things you can do to protect your email data and accounts. How can you protect yourself from the most common and real threats like: Identity and credit card information theft Theft of proprietary data Precise phishing attacks Ransomware […]
Zimbra Patches: 9.0.0 Patch 29 + 8.8.15 Patch 36
Hello Zimbra Friends, Customers & Partners, Zimbra 9.0.0 Kepler Patch 29 and 8.8.15 James Prescott Joule Patch 36 are here. This patch fixes 2 issues that where introduced with Kepler 9.0.0-Patch-28 & 8815 Joule-Patch-35 Patch. In the previous patch ClamAV was upgraded to the latest upstream version, unfortunately this broke attachment scanning, this new patch […]
Zimbra Now Works with Thales’ SafeNet Trusted Access
By Barry de Graaff on December 7, 2022 in Product News, Community, Security & Privacy, Zimbra Web Client
Hello Zimbra Customers, Partners & Friends, We’re happy to announce that Zimbra now works with Thales’ SafeNet Trusted Access (STA) to provide single sign-on (SSO), policy configuration and multi-factor authentication (MFA). This makes it easy to meet compliance mandates such as GDPR and PCI DSS by letting you decide who has access to Zimbra and how their identity is verified. Thales’ SSO Application […]
How to use DOMPurify in your Zimlet for XSS sanitizing
Cross-Site Scripting (XSS) attacks are a type of injection attack, in which malicious scripts are injected into otherwise benign and trusted websites. In case you are developing a Zimlet you should not trust any form of user input. If you integrate 3rd party services via your Zimlet, you probably also want to sanitize any data […]