Zimbra Password Blacklist?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
cyber7
Advanced member
Advanced member
Posts: 151
Joined: Sat Sep 13, 2014 1:14 am
Location: Cape Town
ZCS/ZD Version: 8.8.8p5+
Contact:

Zimbra Password Blacklist?

Postby cyber7 » Mon Jun 18, 2018 7:19 am

Good day
is there a way to add a "password blacklist dictionary" and how do I stop users from using the same words_incremented-number policies?

words_incremented-number examples:
Password12, Password13, Password14...

Password Blacklist Dictionary:
password (upper/lower combination)
user
...

kind regards
aubrey


User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 566
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.0.9.GA.6191.UBUNTU12.64 FOSS

Re: Zimbra Password Blacklist?

Postby ccelis5215 » Mon Jun 18, 2018 3:43 pm

cyber7 wrote:Good day
is there a way to add a "password blacklist dictionary" and how do I stop users from using the same words_incremented-number policies?

words_incremented-number examples:
Password12, Password13, Password14...

Password Blacklist Dictionary:
password (upper/lower combination)
user
...

kind regards
aubrey


Hello,

I think there isn't ... https://zimbra.github.io/adminguide/latest/index.html#_managing_passwords

ccelis
User avatar
cyber7
Advanced member
Advanced member
Posts: 151
Joined: Sat Sep 13, 2014 1:14 am
Location: Cape Town
ZCS/ZD Version: 8.8.8p5+
Contact:

Re: Zimbra Password Blacklist?

Postby cyber7 » Tue Jun 19, 2018 5:59 am

This is soo bad on so many levels!
phoenix
Ambassador
Ambassador
Posts: 25514
Joined: Fri Sep 12, 2014 9:56 pm

Re: Zimbra Password Blacklist?

Postby phoenix » Tue Jun 19, 2018 6:07 am

cyber7 wrote:This is soo bad on so many levels!
It certainly is but in these days of closed Zimbra development and bug reporting there isn't much that any forum members can do to raise the visibility of this type of problem. Whatever happened to the Zimbra Product Management portal that gave us an insight into upcoming features, gone the way of the dinosaurs I'm afraid. :(

The best you can do is to raise a support case or file a bug report in the NE bug reporting systems if you have access to it.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
cyber7
Advanced member
Advanced member
Posts: 151
Joined: Sat Sep 13, 2014 1:14 am
Location: Cape Town
ZCS/ZD Version: 8.8.8p5+
Contact:

Re: Zimbra Password Blacklist?

Postby cyber7 » Tue Jun 19, 2018 6:16 am

This is so true, Bill.
We are in the 21st century with a top-class product with sub-standard security. I would like to know what developers are doing addressing security issues within the Zimbra Suite. It is such a pity, as you know, we have come a long way and from early days with Zimbra! Problem is that with the open attacks onto our society and social footprints, more and more customers is going to look the Microsoft way. I am certainly being forced in a corner with this issue and have to address security problems within my company as a matter of urgency.

Our "umbrella" company (If you recall, I am NON-Profit) got slapped with a #100,000 (That is POUND) fine for not securing systems. My CEO is now looking directly at Zimbra and forcing me to answers...

kind regards
cyber7 (aka Aubrey Kloppers; Cape Town; South Africa)

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 24 guests