Results 1 to 4 of 4

Thread: Security advise please

Hybrid View

  1. #1
    Join Date
    Mar 2009
    Posts
    3
    Rep Power
    6

    Default Security advise please

    Very pressed for time here so some quick questions if you dont mind.

    Using Zimbra 5.0.9_GA_2533 Ubuntu8 64bit - FOSS edition

    Followed the single server install and also blocked all ports except 80/443/25 and 465

    Added obvious user security stuff like password lockout after 3 attempts.

    I am not sure whether I have it all covered, is this secure to go live with the web GUI on the internet? I was going to keep it intranet only and just expose SMTP.

    Can any of you more experienced users who have had time with this see any (potential or known) problems here?

  2. #2
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default

    Hi Linuxdude
    Ive been running a zimbra server on ubuntu with http, https, imap, imaps, smtp and smtps open to the interwebs for about 3 years without problems, your setup looks fine from what you have said.
    You can do a few more things to make it harder for the kiddiez, eg put the zimbra box in a dmz, rate limiting, dnsbls etc, but the standard setup seems pretty safe as it is.

  3. #3
    Join Date
    Mar 2009
    Posts
    3
    Rep Power
    6

    Default

    The server is already behind a pix firewall and a M$ ISA server as I dont get a direct link to the net. However some of the incoming ports are direct and smtp is both ways.

    I have made it redirect and force ssl (https) so that is the only way to logon. I turned off pop3 and imap although I think secure pop3 is still on.

    Still havent setup AV and A-Spam as im not sure how it connects out as of yet.

    Thanks for the info so far

  4. #4
    Join Date
    Mar 2009
    Posts
    3
    Rep Power
    6

    Default zmprov

    Looking at

    http://www.zimbra.com/docs/ne/latest...2.html#1073991

    I was trying to deduce how to add the user class of service at the same time. Look at the syntax and commands I cannot see howto other than using another command (so two for each user)

    Then further down I see "zmprov ca name@domain.com password zimbraCOS cosIDnumberstring"

    So I can see from the example how to do it but not from the docs! Is there a list of attributes available or something, I dont find this clear! I am fairly new to Zimbra so maybe missing something

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 05:42 PM
  2. ZIMBRA Security through iptables.
    By nishith in forum Administrators
    Replies: 2
    Last Post: 06-06-2008, 11:51 PM
  3. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 06:08 AM
  4. Security Vulnerability Alert
    By jholder in forum Announcements
    Replies: 0
    Last Post: 04-21-2007, 02:34 PM
  5. High Performance, Security, Redundancy
    By gjhorne in forum Installation
    Replies: 1
    Last Post: 03-31-2007, 12:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •