Results 1 to 7 of 7

Thread: Securing Zimbra

  1. #1
    hellspawn is offline Member
    Join Date
    Jan 2011
    Posts
    14
    Rep Power
    4

    Default Securing Zimbra

    Recently I decided to install the zimbra open source edition on a virtual machine at home. I gave it a good administrator password during installation, will be setting up a firewall, and set zimbra to always redirect users to the https page, so the client connections are always encrypted.

    As far as security goes, is there anything else that I'm missing that I should do before I let clients connect to my zimbra server over the internet?
    I realize that security is a huge topic, but I'm just wondering if there is anything obvious that I am missing that must be done before a nearly default install of zimbra can be opened to the internet.

    PS. I have already run tests to see if it actually works, and I can send and receive email without a problem from gmail, so I'm not worried about functionality here - only security.

  2. #2
    hellspawn is offline Member
    Join Date
    Jan 2011
    Posts
    14
    Rep Power
    4

    Default

    Anyone? I could really use some advice.

  3. #3
    maxxer's Avatar
    maxxer is online now Trained Alumni
    Join Date
    Feb 2009
    Location
    Lecco, Italy
    Posts
    552
    Rep Power
    7

    Default

    As long as you secured your operating system Zimbra itself doesn't have any special configuration. It's pretty safe as is. Use secure passwords and open just ports you need outside and you're done.
    YetOpen S.r.l. ~ Your open source partner
    Lecco (LC) - ITALY
    http://www.yetopen.it

  4. #4
    hellspawn is offline Member
    Join Date
    Jan 2011
    Posts
    14
    Rep Power
    4

    Default

    Quote Originally Posted by maxxer View Post
    As long as you secured your operating system Zimbra itself doesn't have any special configuration. It's pretty safe as is. Use secure passwords and open just ports you need outside and you're done.
    Awesome! Thanks!

  5. #5
    prashant's Avatar
    prashant is offline Zimbra Employee
    Join Date
    Jul 2007
    Posts
    343
    Rep Power
    8

    Default

    Keep zmtlsctl mode to https.
    ~=Prashant=~

  6. #6
    hellspawn is offline Member
    Join Date
    Jan 2011
    Posts
    14
    Rep Power
    4

    Default

    Quote Originally Posted by prashant View Post
    Keep zmtlsctl mode to https.
    I set it to "redirect" so that clients that punch in an HTTP url get redireted to the HTTPS one. Is there some problem doing it that way?

  7. #7
    prashant's Avatar
    prashant is offline Zimbra Employee
    Join Date
    Jul 2007
    Posts
    343
    Rep Power
    8

    Default

    Quote Originally Posted by hellspawn View Post
    I set it to "redirect" so that clients that punch in an HTTP url get redireted to the HTTPS one. Is there some problem doing it that way?
    No Problem...
    ~=Prashant=~

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Securing a zimbra server, fail2ban
    By batfastad in forum Administrators
    Replies: 9
    Last Post: 03-27-2014, 07:06 AM
  2. Securing Ubuntu Server running Zimbra
    By AutootuA in forum Administrators
    Replies: 5
    Last Post: 02-17-2010, 07:53 AM
  3. Securing Zimbra Desktop
    By xpinx2pin in forum General Questions
    Replies: 0
    Last Post: 08-04-2009, 01:18 AM
  4. Securing Zimbra in a DMZ
    By fivefive1978 in forum Migration
    Replies: 0
    Last Post: 01-16-2008, 12:31 PM
  5. Securing Zimbra MTA
    By tron in forum Administrators
    Replies: 14
    Last Post: 02-16-2006, 09:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •