Navigation

Archive | Security & Privacy

Zimbra with Let’s Encrypt Certificates a step-by-step guide (update)

By on August 10, 2022 in Community, Security & Privacy, Zimbra Server, Zimbra SkillZ

This article is a step-by-step instruction on setting up a Zimbra with Let’s Encrypt certificates. If you are running a multi server installation of Zimbra it is recommended you set-up a dedicated VM for obtaining the Let’s Encrypt certificate and follow this blog. Prerequisites This guide assumes you are using Ubuntu 20 and you have […]

Continue Reading

Deprecation of the “X-XSS-Protection” header

By on August 3, 2022 in Partners, PowerTips – Admins, Security & Privacy

Hello Zimbra Customers, Partners & Friends, In the past Zimbra recommended to set the X-XSS-Protection HTTP response header. This header used to enable additional protection against cross-site scripting (XSS) attacks in some web browsers. However this header is now deprecated and support is removed from most browsers. In case you have configured Zimbra to use […]

Continue Reading

Implementing Custom Authentication using a Zimbra extension (updated)

By on June 15, 2022 in Community, Open Source, Security & Privacy, Zimbra SkillZ, Zimlets

In this article you will learn how to implement Custom Authentication using a Zimbra extension. The Java project and source code can be found at https://github.com/Zimbra/zimbra-custom-authentication. Take a look at https://github.com/Zimbra/zm-extension-guide if you are new to Java or building Zimbra extensions. The zm-extension-guide covers all the things needed to build the Custom Authentication extension. Zimbra […]

Continue Reading

Zimbra SkillZ: How to use Zimbra with multiple HTTPS domains (Server Name Indication)

By on June 1, 2022 in Community, PowerTips – Admins, Security & Privacy, Zimbra Server, Zimbra SkillZ

This article is a short how-to on making your Zimbra reachable via multiple HTTPS domains. This will allow your users to reach Zimbra using different URL’s such as: https://mail.zimbra.com and https://mail.zimbra.org. Set-up initial TLS certificate Set-up Zimbra to work with the fist HTTPS domain. Install the certificate obtained from your Certificate Authority by using one […]

Continue Reading

Zimbra SkillZ: How to create the certificate chain

By on May 25, 2022 in Community, Security & Privacy, Zimbra Server, Zimbra SkillZ

Hello Zimbra Customers, Partners & Friends, This video is a practical how to on creating the certificate chain file. The certificate chain file usually named commercial_ca.crt and it is needed to deploy TLS certificates on Zimbra. If you’re interested, you can also read our Wiki article about Creating the Certificate Chain. Thanks, Your Zimbra Team

Continue Reading

Implementing a CSRF check on a Zimbra extension

By on May 18, 2022 in Community, Open Source, Security & Privacy, Zimbra SkillZ, Zimlets

Hello Zimbra Customers, Partners & Friends, In this article you will learn how to implement a CSRF check in a Zimbra extension. The Java project and source code can be found at https://github.com/Zimbra/zm-extension-guide. In many cases the Cross-Origin-Resource-Policy in the web browser and the setting of the SameSite=Strict attribute on the authentication cookie will provide […]

Continue Reading

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures