Tag Archives | security

Enhance password security by rejecting common and leaked passwords

In this article you will learn: How to prevent users from choosing common passwords How to add leaked passwords to the list of passwords to reject Enabled the Reject Common Passwords feature You can enable the Zimbra Reject Common Passwords on a per account basis or for an entire Class Of Service (CoS). To enable […]

Continue Reading 0

How to disable Zimbra two factor trusted devices

It is well known that you can enable 2FA in Zimbra Network Edition to enhance account security. All details on Zimbra 2FA can be found at https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication Zimbra also enables by default the Trusted Devices feature. This allows users to enter their 2FA token only once for each device. Consider turning off the Trusted Devices […]

Continue Reading 0

How to implement (external LDAP) authentication in a Zimbra Java Extension

Frequent readers of the Zimbra blog will know that Zimbra can be extended/customized by using Zimlets. By creating your own Zimlets you can add functionality to the UI (front-end) and the Java back-end, allowing you to cater to specific customer needs. Zimlets can be enabled globally or per user (group) Details on this can be […]

Continue Reading 0

How to stay informed about Zimbra security announcements?

Zimbra can be updated using apt update or yum update, and it is highly recommended to install Zimbra updates (patches) as they are released, especially in case of patches that include security fixes. Here are a few ways to stay informed on Zimbra Security updates: Subscribe to these RSS feeds: https://wiki.zimbra.com/security-advisory-feed.php (no details, can be […]

Continue Reading 3

Zimbra not affected by NGINX CVE-2023-44487

Recently a number of partners have asked if Zimbra is affected by NGINX CVE-2023-44487. When we take a look at the NGINX blog post on CVE-2023-44487 it mentions the following: …it is essential that the following updates are made to NGINX configuration files, minimizing the server’s attack surface: keepalive_requests should be kept at the default […]

Continue Reading 0

What are the benefits of using Zimbra OpenSSL in FIPS mode?

If you installed or upgraded to Zimbra version 9.0.0.P34, 8.8.15.P41, 10.0.2 or higher, Zimbra will use OpenSSL 3.0.x and FIPS compliance for OpenSSL will be enabled by default. To check if your Zimbra OpenSSL is using FIPS you can run the following command, that should fail with Error setting digest: /opt/zimbra/common/bin/openssl md5 /dev/null There are […]

Continue Reading 0

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures