Tag Archives | zimbra security

Zimbra SkillZ: Enhance email confidentiality using MTA-STS

Hi Zimbra Customers, Partners & Friends, Do you want to prevent man-in-the-middle attacks and enhance your email confidentiality? You can with MTA-STS. MTA-STS is short for Mail Transfer Agent (MTA) Strict Transport Security (STS). MTA-STS enforces encryption and secure communications between SMTP servers via TLS (Transport Layer Security). With MTA-STS fully implemented, it prevents man-in-the-middle […]

Continue Reading 3

Zimbra Now with TLS 1.3 Support!

Hello Zimbra Partners, Customers & Friends, In the latest Zimbra patch, Zimbra 9.0.0 “Kepler” Patch 13 and 8.8.15 “James Prescott Joule” Patch 20, the following packages are now GA: OpenSSL 1.1.1h support for TLS 1.3. OpenSSL 1.1.1h with FIPS module support. Postfix 3.5.6 support for TLSv1.3 Nginx 1.19.0 support for TLSv1.3 Why is this important […]

Continue Reading 3

Zimbra Admin Reminder … Block “memcrashd” Port 11211

Hello Zimbra Friends & Admins, This is a friendly reminder that Zimbra memcached may face the “memcrashd” attack on port 11211. By default, memcached listens on a server IP address that is accessible on the network and via the internet if there is no firewall. If your Zimbra memcache servers are behind a firewall, we […]

Continue Reading

Zimbra Wiki to Latest Patches & More!

Hello Zimbra Friends,   Looking for the latest Zimbra Patch?   This Zimbra wiki page lists all Zimbra product releases with a link to the current Patch: https://wiki.zimbra.com/wiki/Zimbra_Releases   Click a Patch link for additional details + installation instructions. Important Patch install info: Patches are cumulative, so you usually don’t need to install any prior patches. […]

Continue Reading

[REPOST] Recent Zimbra XXE / SSRF Vulnerability Disclosure

This is a reposting of Rene’s original blog announcement on March 18, 2019. Please read and be sure that your Zimbra Patches are up-to-date! Hello Zimbra Friends, Background The Zimbra Security team has been working with security researcher An Trinh in advance of his recently-published blog post. In the blog, Trinh details his findings regarding […]

Continue Reading