Zimbra 8.8.15 patch 33 and Zimbra 9.0.0 patch 26 contain an important security update that fixes an authentication bypass in MailboxImportServlet (CVE-2022-37042 and CVE-2022-27925). If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible. […]
Archive | Security & Privacy
Zimbra with Let’s Encrypt Certificates a step-by-step guide (update)
This article is a step-by-step instruction on setting up a Zimbra with Let’s Encrypt certificates. If you are running a multi server installation of Zimbra it is recommended you set-up a dedicated VM for obtaining the Let’s Encrypt certificate and follow this blog. Prerequisites This guide assumes you are using Ubuntu 20 and you have […]
Deprecation of the “X-XSS-Protection” header
Hello Zimbra Customers, Partners & Friends, In the past Zimbra recommended to set the X-XSS-Protection HTTP response header. This header used to enable additional protection against cross-site scripting (XSS) attacks in some web browsers. However this header is now deprecated and support is removed from most browsers. In case you have configured Zimbra to use […]
Implementing Custom Authentication using a Zimbra extension (updated)
In this article you will learn how to implement Custom Authentication using a Zimbra extension. The Java project and source code can be found at https://github.com/Zimbra/zimbra-custom-authentication. Take a look at https://github.com/Zimbra/zm-extension-guide if you are new to Java or building Zimbra extensions. The zm-extension-guide covers all the things needed to build the Custom Authentication extension. Zimbra […]
Zimbra SkillZ: How to use Zimbra with multiple HTTPS domains (Server Name Indication)
This article is a short how-to on making your Zimbra reachable via multiple HTTPS domains. This will allow your users to reach Zimbra using different URL’s such as: https://mail.zimbra.com and https://mail.zimbra.org. Set-up initial TLS certificate Set-up Zimbra to work with the fist HTTPS domain. Install the certificate obtained from your Certificate Authority by using one […]
Zimbra SkillZ: How to create the certificate chain
Hello Zimbra Customers, Partners & Friends, This video is a practical how to on creating the certificate chain file. The certificate chain file usually named commercial_ca.crt and it is needed to deploy TLS certificates on Zimbra. If you’re interested, you can also read our Wiki article about Creating the Certificate Chain. Thanks, Your Zimbra Team