Patch Security Severity: Medium Deployment Risk: Medium This release focuses on essential security and improving user experience for the following editions Zimbra Daffodil 10.0.8 (Release Notes) Zimbra 9.0.0 Kepler Patch-40 (Release Notes) Patch updated on Apr 22 include the following in their respective releases What’s New Performance Enabled concurrent socket connection for OpenJDK External Storage […]
Archive | Security & Privacy
Disable login using email alias
Historically in Zimbra it has been possible to log in using the account email address, but also using an email alias. For security reasons it is recommended to disable the log in by use of an alias. Follow below steps to find out if alias login is enabled on your Zimbra deployment, and configure it […]
Custom SpamAssassin Rules in Zimbra
In this article you will learn how to add custom SpamAssassin Rules to Zimbra. This way you can filter email that may have fooled your spam filtering or mitigate vulnerabilities such as CVE-2024-21413 where file:// hyperlinks cause problems in MS Outlook. SpamAssasin localrules In this example we are going to filter email that contains the […]
Patch Release: Improved Language Support, Modern UI, Distribution Lists & Other Security Enhancements
Patch Security Severity: Low Deployment Risk: Medium This release focuses on improving user experience, enhancing group communication and essential security for the following editions Zimbra Daffodil 10.0.7 (Release Notes) Zimbra 9.0.0 Kepler Patch-39 (Release Notes) Patch updated on 28 Feb include the following in their respective releases What’s New Improved Language Support (Zimbra Daffodil) OnlyOffice […]
How to implement (external LDAP) authentication in a Zimbra Java Extension
Frequent readers of the Zimbra blog will know that Zimbra can be extended/customized by using Zimlets. By creating your own Zimlets you can add functionality to the UI (front-end) and the Java back-end, allowing you to cater to specific customer needs. Zimlets can be enabled globally or per user (group) Details on this can be […]
SMTP Smuggling in Zimbra Postfix a technical deepdive
E-mail providers like Microsoft Exchange Online and GMX allowed to pass <LF>.<CR><LF> sequence unfiltered from their outbound (sending mails) SMTP server to the inbound (receiving mails) SMTP server (postfix in our case). In the case of Postfix serving as an outbound/inbound (sending mails/receiving mails) server, it does not ignore the sequence ‘<LF>.<CR><LF>’; rather, it interprets […]