All Zimbra administrators should make sure the pax package is installed on their Zimbra server. Pax is needed by Amavis to extract the contents of compressed attachments for virus scanning. If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly (by Amavis) and will allow an […]
Zimbra and Nextcloud deepen integration
Many users run both Zimbra and Nextcloud services and for this reason Zimbra and Nextcloud are partnering up to bring users a better experience. Nextcloud and Zimbra share a common mission – providing the best digital collaboration tools, and keeping data private. That’s why it makes sense for Zimbra and Nextcloud to work together to […]
Proxy the Admin Console via Zimbra Proxy increase TLS security
The Admin Console web-ui is the go-to place for managing your Zimbra installation. Historically the Zimbra Admin Console was accessed directly without Zimbra Proxy. However there is no longer a need to access the Admin Console without using Zimbra Proxy. And to make sure the Admin Console uses the best TLS security you need to […]
Zimbra Email Security Webinar Series: TLS and DANE (updated)
Many Zimbra administrators have setup TLS encryption to protect their users’ login credentials and email in transit. But TLS is a complex standard, and often unknowingly misconfigured. Deploying TLS correctly does not require a university degree in cryptography, but rather a working knowledge of some key concepts and awareness of pitfalls to avoid. And, with […]
Are you using zen.spamhaus.org or dbl.spamhaus.org for fighting spam? Pay attention!
Spamhaus is making some changes in their policy enforcement, from their website: Are you currently using the Spamhaus Project’s DNS Blocklists (DNSBLs)? Do you access them via the Public Mirrors, for example, query “sbl.spamhaus.org” or “zen.spamhaus.org”? Do you use Cloudflare’s DNS? If you’ve answered “yes” to all three of those questions, you need to make […]
Configuring Fail2Ban on Zimbra
This article is a how-to guide on installing Fail2Ban to block attacking hosts using a null route or blackhole routes. This can help mitigate brute force attacks on Zimbra. Especially brute force attacks on SMTP are very common. Prerequisite: Fail2ban has been tested in combination with netfilter-persistent and iptables. If you use ufw or firewalld […]