Hi all,

I'm planning on a deployment of Zimbra that would allow access to the web interface from the internet...this, of course, is to allow users to access their mail externally.

I've got a firewall in place and my planned deployment is to put the Zimbra server on Ubuntu in the DMZ, then specify that the firewall allow certain traffic to the DMZ from the WAN, but I was just curious if there were any security precations I should take to prevent theft of passwords upon authentication, which would lead to subsequent breaches in security.

Should I set up the mail to be viewed on HTTPS, or is the HTTP web interface secure enough?

Thanks in advance,

- Jesse