Search found 228 matches
- Fri Apr 26, 2024 10:52 am
- Forum: Installation and Upgrade
- Topic: New Patches - Zimbra 10.0.8 and Zimbra 9.0.0 Patch 40
- Replies: 20
- Views: 1262
Re: New Patches - Zimbra 10.0.8 and Zimbra 9.0.0 Patch 40
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories Does anyone know if there is any intention to post Zimbra Ratings on some of these Security Vulnerabilities. I realize these are educated guesses but it looks like this practice was discontinued with 10.0.2, 8.8.15P41, and 9.0.0P34. Did I miss...
- Fri Apr 26, 2024 9:40 am
- Forum: Administrators
- Topic: Admin Account authentication now honors zimbraAuthFallbackToLocal when using external/custom authentication
- Replies: 1
- Views: 31
Admin Account authentication now honors zimbraAuthFallbackToLocal when using external/custom authentication
Zimbra support various authentication sources for authenticating users. Examples include external LDAP, Active Directory and custom authentication plugins. Prior to Zimbra 10.0.8 the setting of zimbraAuthFallbackToLocal had no effect on administrative accounts. Meaning you could use the username and...
- Wed Feb 14, 2024 7:45 am
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1085
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
Meanwhile you can remove cpio from your OS installation if it is not used by anything else. The only thing in Zimbra that is using it is the init script for zmconvertd, so if you do not use that service, it should be OK to remove cpio.
- Thu Jan 25, 2024 6:40 am
- Forum: Zimlets
- Topic: Rocket Chat Zimlet IFrame not allowed in modern browsers
- Replies: 3
- Views: 8811
Re: Rocket Chat Zimlet IFrame not allowed in modern browsers
RocketChat iFrame integration only supports log-in, there is nothing that performs a log-out.
- Thu Dec 28, 2023 9:19 am
- Forum: Administrators
- Topic: SMTP Smuggling - Spoofing E-Mails Worldwide
- Replies: 11
- Views: 72828
Re: SMTP Smuggling - Spoofing E-Mails Worldwide
See also: https://blog.zimbra.com/2023/12/zimbra-and-smtp-smuggling-attack-on-postfix/ I did configure `smtpd_discard_ehlo_keywords=chunking` on my personal Postfix mail server, and I see in the logs: discarding EHLO keywords: CHUNKING This is also logged for some legitimate email, but even with the...
- Tue Dec 19, 2023 1:49 pm
- Forum: Administrators
- Topic: Another Letsencrypt method
- Replies: 154
- Views: 532475
- Tue Dec 19, 2023 1:47 pm
- Forum: Administrators
- Topic: Another Letsencrypt method
- Replies: 154
- Views: 532475
Re: Another Letsencrypt method
Support for ECDSA TLS (elliptic curve cryptography ECC) certificates has been added to Zimbra zmcertmgr from Zimbra versions 10.0.6, Joule-8.8.15-Patch-45, Kepler-9.0.0-Patch-38. Meaning you can run certbot without the need for --key-type rsa or using a manual key length. The wiki has been updated: ...
- Wed Nov 22, 2023 6:12 am
- Forum: Administrators
- Topic: after 1 month using new client modern
- Replies: 17
- Views: 49535
Re: after 1 month using new client modern
I have added more details on the enabling of this Zimlet in https://blog.zimbra.com/2023/11/how-to- ... gear-menu/
- Tue Nov 21, 2023 5:15 pm
- Forum: Administrators
- Topic: after 1 month using new client modern
- Replies: 17
- Views: 49535
Re: after 1 month using new client modern
To enable to option to go to Classic from Modern UI gear menu, you have to enable this Zimlet:
It will then show as follows:- Thu Nov 16, 2023 8:43 am
- Forum: Administrators
- Topic: Where to find the latest Zimbra (upgrade) documentation?
- Replies: 0
- Views: 64576
Where to find the latest Zimbra (upgrade) documentation?
The latest documentation for Zimbra Network Edition can be found on our documentation Github page, here are some direct links: https://zimbra.github.io/documentation/zimbra-10/index.html Upgrade Instructions (EN) https://zimbra.github.io/documentation/zimbra-10/upgrade.html System Requirements (EN) ...