Zimbra Password Blacklist?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
cyber7
Advanced member
Advanced member
Posts: 192
Joined: Sat Sep 13, 2014 1:14 am
Location: Cape Town
ZCS/ZD Version: Release 9.0.0_GA_3924.RHEL7_64_2020
Contact:

Zimbra Password Blacklist?

Post by cyber7 »

Good day
is there a way to add a "password blacklist dictionary" and how do I stop users from using the same words_incremented-number policies?

words_incremented-number examples:
Password12, Password13, Password14...

Password Blacklist Dictionary:
password (upper/lower combination)
user
...

kind regards
aubrey
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 632
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12

Re: Zimbra Password Blacklist?

Post by ccelis5215 »

cyber7 wrote:Good day
is there a way to add a "password blacklist dictionary" and how do I stop users from using the same words_incremented-number policies?

words_incremented-number examples:
Password12, Password13, Password14...

Password Blacklist Dictionary:
password (upper/lower combination)
user
...

kind regards
aubrey
Hello,

I think there isn't ... https://zimbra.github.io/adminguide/lat ... _passwords

ccelis
User avatar
cyber7
Advanced member
Advanced member
Posts: 192
Joined: Sat Sep 13, 2014 1:14 am
Location: Cape Town
ZCS/ZD Version: Release 9.0.0_GA_3924.RHEL7_64_2020
Contact:

Re: Zimbra Password Blacklist?

Post by cyber7 »

This is soo bad on so many levels!
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra Password Blacklist?

Post by phoenix »

cyber7 wrote:This is soo bad on so many levels!
It certainly is but in these days of closed Zimbra development and bug reporting there isn't much that any forum members can do to raise the visibility of this type of problem. Whatever happened to the Zimbra Product Management portal that gave us an insight into upcoming features, gone the way of the dinosaurs I'm afraid. :(

The best you can do is to raise a support case or file a bug report in the NE bug reporting systems if you have access to it.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
cyber7
Advanced member
Advanced member
Posts: 192
Joined: Sat Sep 13, 2014 1:14 am
Location: Cape Town
ZCS/ZD Version: Release 9.0.0_GA_3924.RHEL7_64_2020
Contact:

Re: Zimbra Password Blacklist?

Post by cyber7 »

This is so true, Bill.
We are in the 21st century with a top-class product with sub-standard security. I would like to know what developers are doing addressing security issues within the Zimbra Suite. It is such a pity, as you know, we have come a long way and from early days with Zimbra! Problem is that with the open attacks onto our society and social footprints, more and more customers is going to look the Microsoft way. I am certainly being forced in a corner with this issue and have to address security problems within my company as a matter of urgency.

Our "umbrella" company (If you recall, I am NON-Profit) got slapped with a #100,000 (That is POUND) fine for not securing systems. My CEO is now looking directly at Zimbra and forcing me to answers...

kind regards
cyber7 (aka Aubrey Kloppers; Cape Town; South Africa)
Post Reply