New setup but with encryption

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
tehseen
Posts: 20
Joined: Sat Oct 26, 2019 12:46 pm

New setup but with encryption

Post by tehseen »

Greetings,

I'm thinking to setup a new mail server, but I have few concern hope community can help me in this.

1- Email must be encrypted
2- Email-Server must be secure and if it is possible to have encrypted inbox.

In case of cpanel etc once your server is compromised attacker may read any one email etc. To avoid such situation any suggestion would be appreciated .

Regards
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: New setup but with encryption

Post by BradC »

E-mail has many links in a chain.

What are the actual threats you are trying to protect against? Be as specific as you can.
tehseen
Posts: 20
Joined: Sat Oct 26, 2019 12:46 pm

Re: New setup but with encryption

Post by tehseen »

Thank you for your prompt response. users inbox may have client sensitive information , such his payment info etc. I want to secure that in case of server compromise threat actor may not be able to jump into other users inbox. I would appreciate your response in this regards , to make sure email send / receive encrypted using zimbra.

Regards
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: New setup but with encryption

Post by BradC »

All mail blobs are unencrypted as are backups. Very much like physical access, if the server is compromised all bets are off. Even if they were encrypted, the key would need to be easily available to allow the server to work with the data.

You could run the Zimbra instance in a virtual machine with the backing store encrypted, so they'd have to compromise the host, then the Zimbra VM to get access, but it's just another layer that can still be compromised.

You could encrypt E-mail using a third party product, but then both sender and recipient need the software and keys. Simplest solution would be to find another method of transporting and storing sensitive information, because E-mail isn't secure.
Post Reply