In a previous blog we introduced Zimbra’s new Storage Management, in this article we introduce you to zms3config a command line application that allows you to manage Zimbra’s S3 configuration. The zms3config is the CLI utility to manage the Global S3 buckets which can be shared across mailstore nodes. Bucket configurations can be created from any node […]
SMTP Smuggling in Zimbra Postfix a technical deepdive
E-mail providers like Microsoft Exchange Online and GMX allowed to pass <LF>.<CR><LF> sequence unfiltered from their outbound (sending mails) SMTP server to the inbound (receiving mails) SMTP server (postfix in our case). In the case of Postfix serving as an outbound/inbound (sending mails/receiving mails) server, it does not ignore the sequence ‘<LF>.<CR><LF>’; rather, it interprets […]
SPF, DKIM and DMARC for bulk mailers to Gmail and Yahoo
In recent posts by Google and Yahoo new bulk mailer requirements are announced. These requirements go into effect in February and require bulk mailers to implement SPF, DKIM and DMARC if they want their email to be delivered to gmail and yahoo email addresses going forward. Many Zimbra partners have already implemented DMARC and as […]
CentOS 7 and CentOS8 Stream EOL dates are closing in
Keeping your Zimbra up-to-date by installing patches is essential for maintaining the security of your Zimbra servers. However patches are only available for supported (not end-of-life) versions. Recently the 8.8 versions of Zimbra went end-of-life and the Zimbra 9 versions are going end-of-life soon as well. Make sure all your Zimbra servers are on a […]
Using Sieve to send email notifications
You can set up Zimbra to send notifications to a different email address for emails that arrive in your Inbox or any folder via the Preferences panel: You can also create a filter to forward emails to a specified email address using the Filters panel: In this article you will learn how to use Sieve […]
Zimbra and SMTP Smuggling attack on Postfix
Recently an SMTP Smuggling attack on Postfix was published, as mentioned by the Postfix project: Days before a 10+ day holiday break and associated production change freeze, SEC Consult has published an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than <CR><LF>. […]