Zimbra Email and Collaboration Server

Zimbra Server is the core of Zimbra Collaboration Server; it is designed with an extremely stable and modular architecture using proven open source technologies. Zimbra Server provides tremendous flexibility because it contains all of the components necessary to run your Linux or Mac based email and calendar messaging infrastructure out of the box; it also connects to just about every popular end-user client through the many standard protocols it supports.

Secure Email and Anti-Spam

One of Zimbra's core values is to holistically emphasize safety and security. Hence we have built in best-of-breed measures to make Zimbra Collaboration Server highly secure. This applies to both end users (virus, spam, phishing protection) and to the overall ZCS architecture / deployment framework (authentication, encryption).

Integrated Anti-virus (AV)

Integrated Anti-Spam (AS)

Similar to our AV solution, ZCS also comes with built in anti-spam filtering on the server using open source tools SpamAssassin and DSPAM. These tools support ongoing training (what is spam and what isn't), allowing organizations to optimize performance in their own environment. Each package is enabled during ZCS installation, receives regular updates, and spam training is automatically on to let users train spam filters as they move messages in and out of their Junk folders.

Zimbra Security Framework Overview

To support highly secure deployments Zimbra Collaboration Server is designed with a classic network security model where server-side systems must be trusted, but the client-side need not be. Thus, with the server physically protected businesses and organizations can deliver secure messaging and collaboration to their end users anywhere, even on their home computers, public Internet kiosks, etc. (without being forced to deploy costly Virtual Private Networks).

Key security framework methodologies:

• Network privacy and server authentication - ZCS is able to use SSL/TLS encryption of all network communications (signified by "https:" URLS)
• Client authentication token required - "auth" tokens contain a cryptographically secure representation of the user's individual and machine/network identity, as well as an expiration time. This auth-token prevents classic data-injection attacks on the server.
• End-to-end data encryption - ZCS has multiple implementation options for encryption between the client and server. ZCS is compatible with encryption technologies such Secure Multipurpose Internet Mail Extensions (S-MIME) or Pretty Good Privacy (PGP).

Other Web Client Security Benefits

The ZCS web client is an Ajax-based application. While it does rely on standard web platform technologies, Ajax has many inherit advantages over traditional products:

• Web client is downloaded - Ajax client code is downloaded on demand from the trusted ZCS server after a particular user logs-in. No software is left on the client for a malicious person to tamper with.
• No persistent caching of user data - A substantial exposure with traditional web mail clients is that they cache HTML data including message contents, addresses, etc. This is a significant security vulnerability Ajax applications like the ZCS client avoid because no user data is cached on disk.
• Server-side control of Zimlet mash-ups - Zimlets and other mash-ups are precluded from accessing arbitrary services on the Internet. This means the ZCS server can act as a secure, proxy gateway for accessing intranet applications, and can govern which web services are accessible for mash-up within the Zimbra Ajax web client.