Results 1 to 7 of 7

Thread: Is Zimbra Desktop Secure?

  1. #1
    timlphillips is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default Is Zimbra Desktop Secure?

    I have used Zimbra in the past, but stopped after my email account was hacked or simply found by someone out there by chance.
    I found that in the past, the Desktop version was transmitting my data in plain text, which I can surely say that is why I got hacked.
    Since Zimbra has changed ownership, can anyone tell me for certain if the newer versions are encrypted in it's data transmissions?

    I want to use Zimbra again for my Yahoo mail accounts but am very reserved about trusting it unless I can be certain that it is secure.

    Thank you for any help on the subject.

  2. #2
    xeon is offline Advanced Member
    Join Date
    Oct 2008
    Posts
    212
    Rep Power
    6

    Default

    If your account is using POP3 or IMAP then your password will always be sent over clear text regardless of the client. You should be using secure POP3S or IMAPS which uses SSL to encrypt your data.

  3. #3
    timlphillips is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default Is Zimbra Desktop Secure?

    Thank you XEON. The thing is, that when I log into my Yahoo accounts through Yahoo, they are a secure transaction as there is the https page address header as well as the padlock icon during the login. What was happening with Zimbra was that when it was checking my mail, it was using a non-secure process to login to my accounts. Why? I don't know for sure as with any free program, there is very limited support to find out why or how. It is a POP3 account, but as I said, when I login to my Yahoo Mail accounts on Yahoo's mail login page, the login page is secure.
    I was mainly trying to find out if any newer version of Zimbra actually uses an ssl process for logging in to these accounts.

  4. #4
    fcash is offline Elite Member
    Join Date
    Jun 2007
    Location
    BC, Canada
    Posts
    281
    Rep Power
    8

    Default

    If your Zimbra admin was not smart enough to enable HTTPS logins, or an automatic redirect from HTTP to HTTPS, then you should be complaining to them, and not to the Zimbra devs.

    All the tools are there to enable HTTPS logins with HTTP access to the Zimbra web client. And to even force all web traffic over an HTTPS connection (this is how our Zimbra NE server is configured).

    Also, POP3 the protocol is a plain-text protocol. Period. No matter which client you use (Thunderbird, Outlook, Outlook Express, Pegasus Mail, The Bat!, etc). Which means, usernames and passwords are sent in plain-text. If you want it encrypted, you have to manually configured your e-mail client to use POP3S (aka POP3-over-SSL). And connect to a server that supports POP3S.

    Same for IMAP4. The protocol itself is plain-text. Period. No matter which client you use (Thunderbird, Outlook, Outlook Express, Pegasus Mail, The Bat!, etc). Which means, usernames and passwords are send in plain-text. If you want an encrypted connection, then you need to manually configure the client to use IMAPS (aka IMAP-over-SSL). And connect to a server that supports IMAPS.

    For the Zimbra Desktop, it's the same as every e-mail program out there: you have to manually configure it to use an encrypted channel. For example, the ZD supports HTTP or HTTPS connections to a Zimbra server; HTTPS connections to a GMail account; HTTPS connections to a Yahoo! account; POP3 or POP3S connections to a POP3 server; and IMAP or IMAPS connections to an IMAP server.

    Don't blame the Zimbra devs if your Zimbra server (or client) is misconfigured. The knobs are there to enable HTTPS, POP3S, and IMAPS connections.
    Freddie

  5. #5
    timlphillips is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default Is Zimbra Desktop Secure?

    Thank you fcash for the information you have provided explaining the ins and outs of how the Zimbra Desktop can be configured. Although blunt and to the point as it was, please refer to my original post which simply expressed my concern and the simple question: Is Zimbra Desktop Secure?

    Please also note that in no way did I attempt to place blame on anyone whatsoever. The blame is entirely mine for not exploring the configurations that Zimbra has available in it. You seem that you think I have stepped on someones toes. For that, I am sorry to have asked the simple question:

    Is Zimbra Desktop Secure?

    Thank you sir and forgive me for not being as experienced as you on this subject matter.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Quote Originally Posted by timlphillips View Post
    Is Zimbra Desktop Secure?
    It is as secure as the connection to your mail server requires. If the mail server you connect to requires a secure connection then ZD will use that, if it doesn't require a secure connection then ZD will use that - the type of connection is determined by the server you're connected to and not Zimbra Desktop.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    fcash is offline Elite Member
    Join Date
    Jun 2007
    Location
    BC, Canada
    Posts
    281
    Rep Power
    8

    Default

    IOW, the client is as secure as the server it connects to.

    Just like every other e-mail client out there.
    Freddie

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. postfix relay=none status=bounced for local mails
    By vdd in forum Administrators
    Replies: 1
    Last Post: 08-06-2009, 08:05 AM
  2. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  3. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •