May 2020 Zeta Alliance Weekly Call Summaries

Industry info, happenings near you, and new product integrations. Hosting an event? Invite people here.
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by barrydegraaff »

Please see the blog: Is Zimbra Open Source? Yes! FAQs about Zimbra OSE for YOU!
https://blog.zimbra.com/2020/05/is-zimb ... e-for-you/
--
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by fs.schmidt »

ghen wrote:
fs.schmidt wrote:Since you have discussed about updating the Nginx package, is there any work to implement the SMTP proxy in Zimbra Nginx Proxy? I mean, Zimbra already uses proxy for almost every protocol but the SMTP, which would make it much easier to work with multiple tenants and multiple certificates.
Basically postfix already is the "proxy" between the outside world and your mailbox backend, which you can scale on its own. Why would you want to put an extra proxy layer in front of that?
It would make easier to work with domain certificates (each domain with its own certificate).

I mean, if you use a certificate domain it won't work for the smtp protocol (I mean for the users - 465 and submission). If you host multiple tenants on Zimbra and they use POP/IMAP accounts (some people use the Outlook Connector) they need to use SMTP to send emails and it will only use the zimbra certificate and not the domain certificate.
Best regards.
Fabio S. Schmidt
http://www.bktech.com.br
Brasília - Brazil
bwicksall
Posts: 7
Joined: Sun Jul 01, 2018 8:25 pm
ZCS/ZD Version: 10.0.5_GA_4574

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by bwicksall »

barrydegraaff wrote:Please see the blog: Is Zimbra Open Source? Yes! FAQs about Zimbra OSE for YOU!
https://blog.zimbra.com/2020/05/is-zimb ... e-for-you/
I'm really not comfortable with where this is all going with Zimbra 9. We are a small Nonprofit shop and don't have the time to get into building Zimbra installs. This will most likely force us to switch to G Suite for Nonprofits.

I don't expect full functionality for free but I do expect to at least have Synacor supported installers. I also don't like the fact the the modern user interface has become one of the features you don't get for free.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by phoenix »

bwicksall wrote:
barrydegraaff wrote:Please see the blog: Is Zimbra Open Source? Yes! FAQs about Zimbra OSE for YOU!
https://blog.zimbra.com/2020/05/is-zimb ... e-for-you/
I'm really not comfortable with where this is all going with Zimbra 9. We are a small Nonprofit shop and don't have the time to get into building Zimbra installs. This will most likely force us to switch to G Suite for Nonprofits.
If you want a build of ZCS 9 then take a look here: http://www.beezim.fr/pages/zimbra-9-oss/
bwicksall wrote:I don't expect full functionality for free but I do expect to at least have Synacor supported installers. I also don't like the fact the the modern user interface has become one of the features you don't get for free.
It's been evident to me for some time that Synacor has no interest in these forums and thereby missing a golden opportunity to improve their sales and public image by contributing here. If you read the posts in this thread you'll see that one user has said the new UI isn't that great and doesn't have much different functionality than the Classic UI.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by BradC »

...not the appropriate thread for this comment...
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by phoenix »

BradC wrote:...not the appropriate thread for this comment...
You could say that about anything that's no, strictly speaking, about the Zeta Alliance Weekly Call. These comments are about topics raised in some of the weekly summaries and therefore perfectly at home here and these are, after all, Public Forums. if you do find any comments unacceptable then report the post or ask a Moderator or Admin to move/remove it.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by BradC »

phoenix wrote:
BradC wrote:...not the appropriate thread for this comment...
You could say that about anything that's no, strictly speaking, about the Zeta Alliance Weekly Call. These comments are about topics raised in some of the weekly summaries and therefore perfectly at home here and these are, after all, Public Forums. if you do find any comments unacceptable then report the post or ask a Moderator or Admin to move/remove it.
I should have clarified, it was my comment I removed.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by phoenix »

BradC wrote:
phoenix wrote:
BradC wrote:...not the appropriate thread for this comment...
You could say that about anything that's no, strictly speaking, about the Zeta Alliance Weekly Call. These comments are about topics raised in some of the weekly summaries and therefore perfectly at home here and these are, after all, Public Forums. if you do find any comments unacceptable then report the post or ask a Moderator or Admin to move/remove it.
I should have clarified, it was my comment I removed.
Ah, OK. :D
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
rleiker
Advanced member
Advanced member
Posts: 149
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by rleiker »

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders: May 19, 2020 Conference Call Summary

Upcoming 8.8.15 Patch 10 and 9.0 Patch 3 Releases
David B. reported that 8.8.15 Patch 10 and 9.0 Patch 3 is expected to be released soon, likely on or near June 1st. He said that it is anticipated that ActiveSync 16.1, which was released in beta within an earlier patch, is expected to leave beta with the release of both upcoming patches. ActiveSync 16.1 will become the new minimum version in Zimbra at that time, and may result in many client devices performing a full sync, post-installation of Patch 10 and Patch 3. Refer to the May 5th call summary notes for a discussion of some of the implications related to globally upgrading/downgrading end-user devices to a new ActiveSync version: http://forums.zimbra.com/viewtopic.php? ... f6#p297273 .

Zimbra Nginx and OpenSSL Upgrades
Barry D. and Steve D. followed up on a topic discussed during the May 12th call related to upgrading the old versions of Nginx and OpenSSL that are distributed in the current versions of Zimbra (http://forums.zimbra.com/viewtopic.php? ... 10#p297344). Steve D. said that a new version of Nginx is currently in testing and is anticipated to be included within Zimbra releases for both 8.8.15 and 9 during the month of June. Barry D. said that a new version of OpenSSL is anticipated to be included in a future Zimbra version later this year, in the 3rd quarter.

Repeated Registry Update Prompts From the Zimbra Connector for Outlook (ZCO)
Noah P. reported that many of his customers are encountering a recurring issue with ZCO, where Windows and Office Updates are overwriting Windows registry keys required by ZCO. Upon starting Outlook, ZCO is designed to check for these registry keys, and to re-add them, as necessary. He explained that when ZCO attempts to re-add the missing keys, it prompts for a Windows administrator password. For Windows users following best practices, by running with a non-privileged account, the users do not always have an administrator password available, so the registry keys are not re-added. This results in ZCO repeatedly prompting to re-add the missing keys each time Outlook is started. Noah reported observing that these missing registry keys also result in the Outlook search feature no longer working and suspects this issue may have first appeared in ZCO at some point in the last 6 months.

David B. said that as it relates to ZCO, there are two types of registry keys: some are operating system related, which can only be added/modified by running the ZCO installer and other registry keys are app related, which can be only be modified when Outlook is running. John H. suggested that Noah should have the users experiencing this issue upgrade to ZCO version 9, as it fixes known issues related to the Outlook search feature. He also mentioned that if the Outlook search is not working prior to the upgrade to ZCO 9, that a rebuild of the Outlook search index will need to be performed first, before upgrading to ZCO 9.

Targeted ActiveSync Version Upgrades for End User Devices
Randy L. asked if examples or documentation are available for using the built-in Zimbra ActiveSync filter feature to selectively upgrade end user devices to newer ActiveSync versions, such as the new ActiveSync 16.1 version that is anticipated to leave beta in the June Zimbra patches. This would include, for example, targeting newer Android or iOS devices for ActiveSync 16.1, while keeping all other devices running an earlier ActiveSync version. John H. said he recalled seeing one or two examples on the Zextras documentation site, but was not sure of its exact location. John & Barry D. suggested asking this question again on a later call when Cine (a Zextras employee) is present. John H. also suggested opening a Zimbra support case to ask this question so it can be researched further.

Blank Email Messages in the Zimbra 9 Modern UI and the Zimbra Bug Fix Process
Robert W. reported encountering a bug in the Zimbra 9 Modern UI that results in blank email messages being received. He said that this does not appear to affect the Classic UI. David B. said that sometimes blank emails can be caused due to unexpected encoding of attachments in a message. Steve D. said Zimbra 9 Patch 3 is likely to be released in the middle or end of next week which addresses several email display issues.

Marc G. pointed out that this is another example of a lack of visibility in to the bug reporting and patching process within Synacor, in addition to when fixes are estimated to be released. He suggested that since Synacor uses Jira for its internal bug tracking system, they might consider using Jira’s APIs to make bug reports and bug fix status updates visible to Zimbra partners, which would not require granting partners complete visibility of everything in Jira, so that partners can effectively communicate to their customers more clearly about the status of bug fixes. Steve D. said that an update on this often discussed need is coming very soon, but said this effort has slowed recently due to the resource that was working on this capability becoming temporarily unavailable due to a health-related emergency.

Zimbra Proposed Password Security Enhancements for 2020
David B. presented several proposed password security enhancements already underway at Synacor for Zimbra, which include (in order of priority):
  • Password conformance improvements: proactively alert users when an entered password does not meet complexity requirements set by the Zimbra Administrator, as they type their password, rather than waiting for the user to click a Login/Submit button.
  • Password strength indicator and hints: display a password strength meter and helpful hints to assist users in avoiding easily guessed passwords.
  • Actionable user feedback for authentication failures: when a user’s entered password fails to authenticate, offer specific feedback to help the user pinpoint the issue, rather than a generic message about a user name/password mismatch or a message about an account being inaccessible due to maintenance mode.
  • Introduction of 2FA (2-factor authentication) for the Zimbra Administration Console
  • User managed lock out reset: when a user’s mailbox is automatically locked out due to too many failed logins, enable the user to use a process to unlock their own mailbox and avoid a call to their local Zimbra help desk or service provider support.
  • Authentication rate limiting (stretch goal): enable a Zimbra admin to set additional rate limits on the number of authentication attempts within a given time period.
David also highlighted two password management features available in the current Zimbra versions:
  • Self-managed password resets (in 8.8.15, 9, and Zimbra Cloud [Zimbra X])
  • Allow displaying a user password while being entered (Zimbra 9 and Zimbra Cloud)
Noah P. asked if there were plans to introduce a feature to set geographic restrictions for Zimbra logins, such as blocking a particular IP block or country. David said this will be considered for possible future inclusion.

For setting up 2FA, either for end users or the Zimbra Administration Console, it was asked if QR codes could be implemented, as commonly found in competing products. David said that QR codes have already been implemented in Zimbra 9’s Modern UI, but there was no mention of adding this capability in 8.8.15.

Robert W. asked about adding a password generator feature in Zimbra. David said that with the many passwords generator options available (examples: within web browsers, password managers, etc.), he was not sure where this feature enhancement would be the most helpful in Zimbra, and cautioned that a secure process would still be needed to communicate the generated password to the user.

Randy L asked about adding support for incorporating a list of known bad passwords, such as the top 100 most commonly used passwords, to prevent users from selecting a password on the list. David said that this feature was introduced in Zimbra 9, and is currently managed solely from the Zimbra CLI. He explained that in Zimbra 9 Patch 4, this feature is anticipated to be exposed in the Zimbra Administration Console. Randy L. also asked about a feature enhancement discussed in earlier Zeta Alliance calls related to hiding the recovery email address when a user uses the self-service password reset feature currently available in 8.8.15 and 9.0, making it more difficult for attackers to determine which email account a password reset will be sent to. David made note of this suggestion.

Clarification on the Zimbra LTS (Long-Term Support) Release
Mark S. asked which Zimbra version is now considered the LTS release. David B. confirmed that 8.8.15 is now the LTS release: https://www.zimbra.com/support/support- ... lifecycle/) and said he would check to ensure this is consistently communicated throughout the Zimbra site.
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: May 2020 Zeta Alliance Weekly Call Summaries

Post by BradC »

rleiker wrote:Noah P. asked if there were plans to introduce a feature to set geographic restrictions for Zimbra logins, such as blocking a particular IP block or country. David said this will be considered for possible future inclusion.
We do this in the entry gateway firewall for all exposed services. If you want to deny them the ability to log in, might as well deny them the ability to even see the server.

Blocking by country has been problematic depending on which GeoIP database is used, and keeping it up to date has been hellish. With the IPv4 address exhaustion blocks change hands faster than the databases can get updated.
Post Reply