Frequent readers of the Zimbra blog will know that Zimbra can be extended/customized by using Zimlets. By creating your own Zimlets you can add functionality to the UI (front-end) and the Java back-end, allowing you to cater to specific customer needs. Zimlets can be enabled globally or per user (group) Details on this can be […]
Archive | Security & Privacy
SMTP Smuggling in Zimbra Postfix a technical deepdive
E-mail providers like Microsoft Exchange Online and GMX allowed to pass <LF>.<CR><LF> sequence unfiltered from their outbound (sending mails) SMTP server to the inbound (receiving mails) SMTP server (postfix in our case). In the case of Postfix serving as an outbound/inbound (sending mails/receiving mails) server, it does not ignore the sequence ‘<LF>.<CR><LF>’; rather, it interprets […]
Zimbra and SMTP Smuggling attack on Postfix
Recently an SMTP Smuggling attack on Postfix was published, as mentioned by the Postfix project: Days before a 10+ day holiday break and associated production change freeze, SEC Consult has published an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than <CR><LF>. […]
Patch Release For Deprecated Files Deletion, OpenJDK Security Enhancement, Migration Support to Zimbra Daffodil (v10)
Patch Severity: High. This release addresses critical bug fixes and essential security updates Patch Release for the following editions Zimbra Daffodil 10.0.6 (Release Notes) Zimbra 9.0.0 Kepler Patch-38 (Release Notes) Zimbra 8.8.15 Joule Patch-45 (Release Notes) Patch updated on 18 Dec include the following in their respective releases What’s New OpenJDK has been upgraded to […]
How to stay informed about Zimbra security announcements?
Zimbra can be updated using apt update or yum update, and it is highly recommended to install Zimbra updates (patches) as they are released, especially in case of patches that include security fixes. Here are a few ways to stay informed on Zimbra Security updates: Subscribe to these RSS feeds: https://wiki.zimbra.com/security-advisory-feed.php (no details, can be […]
Patch for Zimbra Daffodil 10.0.5, 9.0.0 Patch-37 & 8.8.15 Patch-44
Daffodil Migration Patch: Assist Users in Moving to Daffodil This patch has newly added functions that will aid in the upgrade/migration process to Daffodil. To safeguard your system, we recommend you always upgrade to the latest patch and regularly refer to our blog and the Zimbra Security Center for steps to ensure your system is safe. Patch Release […]