Results 1 to 4 of 4

Thread: [SOLVED] Security recommendations for Zimbra public interface?

  1. #1
    jreinhart is offline Senior Member
    Join Date
    Jul 2008
    Location
    Los Angeles, CA
    Posts
    51
    Rep Power
    7

    Default [SOLVED] Security recommendations for Zimbra public interface?

    Hi all,

    I'm planning on a deployment of Zimbra that would allow access to the web interface from the internet...this, of course, is to allow users to access their mail externally.

    I've got a firewall in place and my planned deployment is to put the Zimbra server on Ubuntu in the DMZ, then specify that the firewall allow certain traffic to the DMZ from the WAN, but I was just curious if there were any security precations I should take to prevent theft of passwords upon authentication, which would lead to subsequent breaches in security.

    Should I set up the mail to be viewed on HTTPS, or is the HTTP web interface secure enough?

    Thanks in advance,

    - Jesse

  2. #2
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    you can do a mix of both. i forget waht mode it is of zmtlsctl (you can search the forums and find it) but it will redirect clients to https for login, then back to http after login. so that way your password is encrypted but don't need the overhead of ssl for e-mail reading and what not.

  3. #3
    randall is offline Advanced Member
    Join Date
    Jun 2007
    Location
    Philippines
    Posts
    193
    Rep Power
    8

    Default

    Quote Originally Posted by bdial View Post
    you can do a mix of both. i forget waht mode it is of zmtlsctl (you can search the forums and find it) but it will redirect clients to https for login, then back to http after login. so that way your password is encrypted but don't need the overhead of ssl for e-mail reading and what not.
    I think this is what bdial is referring to in his post.

    Hope this helps.

  4. #4
    jreinhart is offline Senior Member
    Join Date
    Jul 2008
    Location
    Los Angeles, CA
    Posts
    51
    Rep Power
    7

    Default

    Awesome! Thanks for the tips...you guys rock.

    I'm continually impressed by this product's features and functionality. Honestly I'm surprised that nobody has done this before now!

    - Jesse

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra and Exchange coexistence.
    By kajetan in forum Migration
    Replies: 10
    Last Post: 10-13-2010, 04:01 AM
  2. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  3. GAL not working with Active Directory
    By ardiederich in forum Installation
    Replies: 13
    Last Post: 02-12-2008, 08:01 PM
  4. Is LMTP On External Interface A Security Issue?
    By freedomics in forum Installation
    Replies: 2
    Last Post: 08-27-2007, 12:37 PM
  5. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •