Security advise please
Very pressed for time here so some quick questions if you dont mind.
Using Zimbra 5.0.9_GA_2533 Ubuntu8 64bit - FOSS edition
Followed the single server install and also blocked all ports except 80/443/25 and 465
Added obvious user security stuff like password lockout after 3 attempts.
I am not sure whether I have it all covered, is this secure to go live with the web GUI on the internet? I was going to keep it intranet only and just expose SMTP.
Can any of you more experienced users who have had time with this see any (potential or known) problems here?
Ive been running a zimbra server on ubuntu with http, https, imap, imaps, smtp and smtps open to the interwebs for about 3 years without problems, your setup looks fine from what you have said.
You can do a few more things to make it harder for the kiddiez, eg put the zimbra box in a dmz, rate limiting, dnsbls etc, but the standard setup seems pretty safe as it is.
The server is already behind a pix firewall and a M$ ISA server as I dont get a direct link to the net. However some of the incoming ports are direct and smtp is both ways.
I have made it redirect and force ssl (https) so that is the only way to logon. I turned off pop3 and imap although I think secure pop3 is still on.
Still havent setup AV and A-Spam as im not sure how it connects out as of yet.
Thanks for the info so far
I was trying to deduce how to add the user class of service at the same time. Look at the syntax and commands I cannot see howto other than using another command (so two for each user)
Then further down I see "zmprov ca email@example.com password zimbraCOS cosIDnumberstring"
So I can see from the example how to do it but not from the docs! Is there a list of attributes available or something, I dont find this clear! I am fairly new to Zimbra so maybe missing something