Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Desktop > General Questions
Reload this Page Is Zimbra Desktop Secure?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-30-2010, 10:57 AM
Junior Member
  
Posts: 6
Default Is Zimbra Desktop Secure?
I have used Zimbra in the past, but stopped after my email account was hacked or simply found by someone out there by chance.
I found that in the past, the Desktop version was transmitting my data in plain text, which I can surely say that is why I got hacked.
Since Zimbra has changed ownership, can anyone tell me for certain if the newer versions are encrypted in it's data transmissions?

I want to use Zimbra again for my Yahoo mail accounts but am very reserved about trusting it unless I can be certain that it is secure.

Thank you for any help on the subject.
Reply With Quote
  #2 (permalink)  
Old 06-30-2010, 11:27 AM
Advanced Member
  
Posts: 212
Default
If your account is using POP3 or IMAP then your password will always be sent over clear text regardless of the client. You should be using secure POP3S or IMAPS which uses SSL to encrypt your data.
Reply With Quote
  #3 (permalink)  
Old 06-30-2010, 11:44 AM
Junior Member
  
Posts: 6
Default Is Zimbra Desktop Secure?
Thank you XEON. The thing is, that when I log into my Yahoo accounts through Yahoo, they are a secure transaction as there is the https page address header as well as the padlock icon during the login. What was happening with Zimbra was that when it was checking my mail, it was using a non-secure process to login to my accounts. Why? I don't know for sure as with any free program, there is very limited support to find out why or how. It is a POP3 account, but as I said, when I login to my Yahoo Mail accounts on Yahoo's mail login page, the login page is secure.
I was mainly trying to find out if any newer version of Zimbra actually uses an ssl process for logging in to these accounts.
Reply With Quote
  #4 (permalink)  
Old 06-30-2010, 04:07 PM
Elite Member
  
Posts: 281
Default
If your Zimbra admin was not smart enough to enable HTTPS logins, or an automatic redirect from HTTP to HTTPS, then you should be complaining to them, and not to the Zimbra devs.

All the tools are there to enable HTTPS logins with HTTP access to the Zimbra web client. And to even force all web traffic over an HTTPS connection (this is how our Zimbra NE server is configured).

Also, POP3 the protocol is a plain-text protocol. Period. No matter which client you use (Thunderbird, Outlook, Outlook Express, Pegasus Mail, The Bat!, etc). Which means, usernames and passwords are sent in plain-text. If you want it encrypted, you have to manually configured your e-mail client to use POP3S (aka POP3-over-SSL). And connect to a server that supports POP3S.

Same for IMAP4. The protocol itself is plain-text. Period. No matter which client you use (Thunderbird, Outlook, Outlook Express, Pegasus Mail, The Bat!, etc). Which means, usernames and passwords are send in plain-text. If you want an encrypted connection, then you need to manually configure the client to use IMAPS (aka IMAP-over-SSL). And connect to a server that supports IMAPS.

For the Zimbra Desktop, it's the same as every e-mail program out there: you have to manually configure it to use an encrypted channel. For example, the ZD supports HTTP or HTTPS connections to a Zimbra server; HTTPS connections to a GMail account; HTTPS connections to a Yahoo! account; POP3 or POP3S connections to a POP3 server; and IMAP or IMAPS connections to an IMAP server.

Don't blame the Zimbra devs if your Zimbra server (or client) is misconfigured. The knobs are there to enable HTTPS, POP3S, and IMAPS connections.
__________________
Freddie
Reply With Quote
  #5 (permalink)  
Old 06-30-2010, 05:00 PM
Junior Member
  
Posts: 6
Default Is Zimbra Desktop Secure?
Thank you fcash for the information you have provided explaining the ins and outs of how the Zimbra Desktop can be configured. Although blunt and to the point as it was, please refer to my original post which simply expressed my concern and the simple question: Is Zimbra Desktop Secure?

Please also note that in no way did I attempt to place blame on anyone whatsoever. The blame is entirely mine for not exploring the configurations that Zimbra has available in it. You seem that you think I have stepped on someones toes. For that, I am sorry to have asked the simple question:

Is Zimbra Desktop Secure?

Thank you sir and forgive me for not being as experienced as you on this subject matter.
Reply With Quote
  #6 (permalink)  
Old 06-30-2010, 11:34 PM
Zimbra Consultant & Moderator
  
Posts: 20,316
Default
Quote:
Originally Posted by timlphillips View Post
Is Zimbra Desktop Secure?
It is as secure as the connection to your mail server requires. If the mail server you connect to requires a secure connection then ZD will use that, if it doesn't require a secure connection then ZD will use that - the type of connection is determined by the server you're connected to and not Zimbra Desktop.
__________________
Regards


Bill
Reply With Quote
  #7 (permalink)  
Old 07-06-2010, 10:42 AM
Elite Member
  
Posts: 281
Default
IOW, the client is as secure as the server it connects to.

Just like every other e-mail client out there.
__________________
Freddie
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.