Did you know that as of this month Microsoft will randomly select customers and disable Basic Authentication on their Exchange Online services? While from a pure security perspective username and password authentication is outdated, you may still have issues with devices that can only support username and password authentication. For example legacy business applications, multifunction […]
Archive | PowerTips – Admins
Zimbra installation integrity check
The script in this article allows Zimbra administrators to create checksums of all the files in a Zimbra installation. The output of the script can be used to identify unintended changes and newly created files. Such changes can for example be caused by hackers. You can use this script pro-actively by scheduling it in a […]
Security Update – make sure to install pax/spax
All Zimbra administrators should make sure the pax package is installed on their Zimbra server. Pax is needed by Amavis to extract the contents of compressed attachments for virus scanning. If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly (by Amavis) and will allow an […]
Proxy the Admin Console via Zimbra Proxy increase TLS security
The Admin Console web-ui is the go-to place for managing your Zimbra installation. Historically the Zimbra Admin Console was accessed directly without Zimbra Proxy. However there is no longer a need to access the Admin Console without using Zimbra Proxy. And to make sure the Admin Console uses the best TLS security you need to […]
Are you using zen.spamhaus.org or dbl.spamhaus.org for fighting spam? Pay attention!
Spamhaus is making some changes in their policy enforcement, from their website: Are you currently using the Spamhaus Project’s DNS Blocklists (DNSBLs)? Do you access them via the Public Mirrors, for example, query “sbl.spamhaus.org” or “zen.spamhaus.org”? Do you use Cloudflare’s DNS? If you’ve answered “yes” to all three of those questions, you need to make […]
Deprecation of the “X-XSS-Protection” header
Hello Zimbra Customers, Partners & Friends, In the past Zimbra recommended to set the X-XSS-Protection HTTP response header. This header used to enable additional protection against cross-site scripting (XSS) attacks in some web browsers. However this header is now deprecated and support is removed from most browsers. In case you have configured Zimbra to use […]