Navigation

Are you using zen.spamhaus.org or dbl.spamhaus.org for fighting spam? Pay attention!

By on August 25, 2022 in Community, Partners, PowerTips – Admins, Zimbra SkillZ

Spamhaus is making some changes in their policy enforcement, from their website: Are you currently using the Spamhaus Project’s DNS Blocklists (DNSBLs)? Do you access them via the Public Mirrors, for example, query “sbl.spamhaus.org” or “zen.spamhaus.org”? Do you use Cloudflare’s DNS? If you’ve answered “yes” to all three of those questions, you need to make […]

Continue Reading

Configuring Fail2Ban on Zimbra

By on August 24, 2022 in Product News, Community, Open Source, Security & Privacy

This article is a how-to guide on installing Fail2Ban to block attacking hosts using a null route or blackhole routes. This can help mitigate brute force attacks on Zimbra. Especially brute force attacks on SMTP are very common. Prerequisite: Fail2ban has been tested in combination with netfilter-persistent and iptables. If you use ufw or firewalld […]

Continue Reading

Nextcloud Talk Zimlet

By on August 17, 2022 in Product News, Community, Open Source, Zimlets

Zimbra loves Nextcloud! And that is why Zimbra and Nextcloud work together to make both products integrate seamlessly. The Nextcloud Talk Zimlet add a button in the new appointment window that allows you to create a Nextcloud Talk meeting from the Zimbra Calendar. Screenshots Installing This Zimlet depends on the installation of Nextcloud Zimlet for […]

Continue Reading

Authentication Bypass in MailboxImportServlet vulnerability

By on August 10, 2022 in Product News, Security & Privacy

Zimbra 8.8.15 patch 33 and Zimbra 9.0.0 patch 26 contain an important security update that fixes an authentication bypass in MailboxImportServlet (CVE-2022-37042 and CVE-2022-27925). If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible. […]

Continue Reading

Zimbra with Let’s Encrypt Certificates a step-by-step guide (update)

By on August 10, 2022 in Community, Security & Privacy, Zimbra Server, Zimbra SkillZ

This article is a step-by-step instruction on setting up a Zimbra with Let’s Encrypt certificates. If you are running a multi server installation of Zimbra it is recommended you set-up a dedicated VM for obtaining the Let’s Encrypt certificate and follow this blog. Prerequisites This guide assumes you are using Ubuntu 20 and you have […]

Continue Reading

Deprecation of the “X-XSS-Protection” header

By on August 3, 2022 in Partners, PowerTips – Admins, Security & Privacy

Hello Zimbra Customers, Partners & Friends, In the past Zimbra recommended to set the X-XSS-Protection HTTP response header. This header used to enable additional protection against cross-site scripting (XSS) attacks in some web browsers. However this header is now deprecated and support is removed from most browsers. In case you have configured Zimbra to use […]

Continue Reading

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures