Archive | Security & Privacy

Optimizing Zimbra security and TLS settings via a script

A partner has requested a script to implement the Security tips and TLS settings documented at https://wiki.zimbra.com/wiki/Cipher_suites and https://wiki.zimbra.com/wiki/Secopstips . At Zimbra we love scripts! This article shows a script that configures Zimbra with strong TLS and security settings. Prerequisites You have set up a correct hostname and DNS, to check, run the following as […]

Continue Reading 0

Did you know? Zimbra HTTP Strict Transport Security (HSTS)

The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. What does HSTS do for improving security? You have HSTS configured on Zimbra and have configured a correct TLS […]

Continue Reading 0

Protecting Zimbra with Sucuri web application firewall

You can enhance the security of your Zimbra servers by using a web application firewall (WAF). By using a web application firewall you can add the following protections to Zimbra: Geo blocking, geo fencing Blocking or allow IP addresses Emergency DDoS protection Block anonymous proxies Block top three attack countries Manage HTTP Security Headers Limited […]

Continue Reading 1

Did you know? Zimbra Postscreen provides additional protection against mail server overload

In Zimbra you can optionally enable Postscreen as an additional Anti-SPAM strategy. Postscreen will offer additional protection against mail server overload. One postscreen process handles multiple inbound SMTP connections and decides which clients may talk to a Post-fix SMTP server process. By keeping spambots away, postscreen leaves more SMTP server processes available for legitimate clients […]

Continue Reading 0

Update Zimbra TLS cipher suites to disable Diffie-Hellmann

In a previous blog and wiki we have shown how to configure Zimbra with a strong TLS configuration. Since encryption is always evolving we have updated the previous blog and wiki to disable Diffie-Hellman. If you have applied the steps from the Cipher Suites wiki before, you can run the following commands as user zimbra […]

Continue Reading 6

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures