This blog post is outdated since Zimbra version 9.0.0.P34, 8.8.15.P41, 10.0.2 where Zimbra introduced OpenSSL FIPS. Please follow the updated steps at https://wiki.zimbra.com/wiki/Cipher_suites. In a previous blog and wiki we have shown how to configure Zimbra with a strong TLS configuration. Since encryption is always evolving we have updated the previous blog and wiki to […]
Archive | Security & Privacy
Email Security Protect your email account and data
Identity theft, fraudulent use of your credit card, ransomware… cybercrime is always evolving. There are some simple things you can do to protect your email data and accounts. How can you protect yourself from the most common and real threats like: Identity and credit card information theft Theft of proprietary data Precise phishing attacks Ransomware […]
Zimbra Now Works with Thales’ SafeNet Trusted Access
Hello Zimbra Customers, Partners & Friends, We’re happy to announce that Zimbra now works with Thales’ SafeNet Trusted Access (STA) to provide single sign-on (SSO), policy configuration and multi-factor authentication (MFA). This makes it easy to meet compliance mandates such as GDPR and PCI DSS by letting you decide who has access to Zimbra and how their identity is verified. Thales’ SSO Application […]
How to use DOMPurify in your Zimlet for XSS sanitizing
Cross-Site Scripting (XSS) attacks are a type of injection attack, in which malicious scripts are injected into otherwise benign and trusted websites. In case you are developing a Zimlet you should not trust any form of user input. If you integrate 3rd party services via your Zimlet, you probably also want to sanitize any data […]
Did you know? SELinux is not a Zimbra feature
This blog is about something that is not a Zimbra feature, yes you read it correctly, usually on the blog we highlight new or existing features. But this blog is a little different. Every now and then people write in the Zimbra forums or comment on blog posts saying they run Zimbra with SELinux in […]
Zimbra not affected by critical OpenSSL issue
The OpenSSL project is releasing a critical fix for OpenSSL version 3.x. Zimbra is using OpenSSL version 1.1.1q which is an older still supported version of OpenSSL. The version in Zimbra is not affected by the fix, which means no patches are needed for Zimbra. You should install operating system security updates and other 3rd […]