Cross-Site Scripting (XSS) attacks are a type of injection attack, in which malicious scripts are injected into otherwise benign and trusted websites. In case you are developing a Zimlet you should not trust any form of user input. If you integrate 3rd party services via your Zimlet, you probably also want to sanitize any data […]
Archive | Zimbra SkillZ
Zimbra Email Security Webinar Series: TLS and DANE (updated)
Many Zimbra administrators have setup TLS encryption to protect their users’ login credentials and email in transit. But TLS is a complex standard, and often unknowingly misconfigured. Deploying TLS correctly does not require a university degree in cryptography, but rather a working knowledge of some key concepts and awareness of pitfalls to avoid. And, with […]
Are you using zen.spamhaus.org or dbl.spamhaus.org for fighting spam? Pay attention!
Spamhaus is making some changes in their policy enforcement, from their website: Are you currently using the Spamhaus Project’s DNS Blocklists (DNSBLs)? Do you access them via the Public Mirrors, for example, query “sbl.spamhaus.org” or “zen.spamhaus.org”? Do you use Cloudflare’s DNS? If you’ve answered “yes” to all three of those questions, you need to make […]
Zimbra with Let’s Encrypt Certificates a step-by-step guide (update)
By Barry de Graaff on August 10, 2022 in Community, Security & Privacy, Zimbra Server, Zimbra SkillZ
This article is a step-by-step instruction on setting up a Zimbra with Let’s Encrypt certificates. If you are running a multi server installation of Zimbra it is recommended you set-up a dedicated VM for obtaining the Let’s Encrypt certificate and follow this blog. Prerequisites This guide assumes you are using Ubuntu 20 and you have […]
Zimbra SkillZ: Add an External Email Warning in Zimbra via the Admin Console
Hello Zimbra Customers, Partners & Friends, New with 9.0.0 Patch 25, you can add an external email warning in Zimbra using the Admin Console. An external email warning message alerts you when you receive email from an external domain. This is done using a Sieve filter, and it can be enabled per account, COS, domain […]
Zimbra SkillZ: Using Sieve Filters on Zimbra via the Admin Console
Hello Zimbra Customers, Partners & Friends, This article is a short how-to on using Sieve filters on Zimbra via the Admin Console. Sieve is a powerful scripting language for filtering incoming email messages. While Zimbra supports user set incoming email filters, the Sieve filters are meant to be set up and installed by administrators. Here’s […]