In this article you will learn: How to prevent users from choosing common passwords How to add leaked passwords to the list of passwords to reject Enabled the Reject Common Passwords feature You can enable the Zimbra Reject Common Passwords on a per account basis or for an entire Class Of Service (CoS). To enable […]
Archive | Security & Privacy
How to disable Zimbra two factor trusted devices
By Barry de Graaff on June 26, 2024 in Did You Know, Partners, PowerTips – Admins, Security & Privacy
It is well known that you can enable 2FA in Zimbra Network Edition to enhance account security. All details on Zimbra 2FA can be found at https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication Zimbra also enables by default the Trusted Devices feature. This allows users to enter their 2FA token only once for each device. Consider turning off the Trusted Devices […]
NEW! Patch Release: Compression support on S3 external volumes, Enabled Concurrent Socket Connection for OpenJDK & Other Enhancements
Patch Security Severity: Medium Deployment Risk: Medium This release focuses on essential security and improving user experience for the following editions Zimbra Daffodil 10.0.8 (Release Notes) Zimbra 9.0.0 Kepler Patch-40 (Release Notes) Patch updated on Apr 22 include the following in their respective releases What’s New Performance Enabled concurrent socket connection for OpenJDK External Storage […]
Disable login using email alias
Historically in Zimbra it has been possible to log in using the account email address, but also using an email alias. For security reasons it is recommended to disable the log in by use of an alias. Follow below steps to find out if alias login is enabled on your Zimbra deployment, and configure it […]
Custom SpamAssassin Rules in Zimbra
In this article you will learn how to add custom SpamAssassin Rules to Zimbra. This way you can filter email that may have fooled your spam filtering or mitigate vulnerabilities such as CVE-2024-21413 where file:// hyperlinks cause problems in MS Outlook. SpamAssasin localrules In this example we are going to filter email that contains the […]
Patch Release: Improved Language Support, Modern UI, Distribution Lists & Other Security Enhancements
Patch Security Severity: Low Deployment Risk: Medium This release focuses on improving user experience, enhancing group communication and essential security for the following editions Zimbra Daffodil 10.0.7 (Release Notes) Zimbra 9.0.0 Kepler Patch-39 (Release Notes) Patch updated on 28 Feb include the following in their respective releases What’s New Improved Language Support (Zimbra Daffodil) OnlyOffice […]