SecureConfiguration: Difference between revisions
(Created page with "{{ZC}}{{Article Infobox|{{admin}}||{{ZCS 8.0}}|}} = Best-Practice Recommendations for a Secure Zimbra Configuration = The following recommendations are provided to ensure a ...") |
No edit summary |
||
Line 7: | Line 7: | ||
* Require encrypted logins | * Require encrypted logins | ||
* Requiring secure interprocess communications | * Requiring secure interprocess communications | ||
== Services == | |||
Most secure is to only allow secure methods of accessing the system; however, be careful in making these changes, as all processes need to be configured to connect only to upstream encrypted listeners. | |||
1. Configure the proxy to only offer encrypted protocols | |||
zmprov ms `zmhostname` zimbraReverseProxyMailMode https | |||
2. Require Proxy to connect to upstream via SSL | |||
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled TRUE | |||
zimbraReverseProxyImapStartTlsMode | |||
== Encrypted Logins == | == Encrypted Logins == | ||
Line 25: | Line 40: | ||
zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE | zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE | ||
== | == Secure Interprocess Communication == | ||
Text | Text |
Revision as of 21:14, 28 June 2014
Article Information |
---|
This article applies to the following ZCS versions. |
Best-Practice Recommendations for a Secure Zimbra Configuration
The following recommendations are provided to ensure a best-practice security configuration. This includes the following:
- Require encrypted logins
- Requiring secure interprocess communications
Services
Most secure is to only allow secure methods of accessing the system; however, be careful in making these changes, as all processes need to be configured to connect only to upstream encrypted listeners.
1. Configure the proxy to only offer encrypted protocols
zmprov ms `zmhostname` zimbraReverseProxyMailMode https
2. Require Proxy to connect to upstream via SSL
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled TRUE
zimbraReverseProxyImapStartTlsMode
Encrypted Logins
1. HTTPS
zmprov gs `zmhostname` zimbraMailClearTextPasswordEnabled zmprov ms `zmhostname` zimbraMailClearTextPasswordEnabled FALSE
2. IMAP4-SSL
zmprov gs `zmhostname` zimbraImapCleartextLoginEnabled zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled FALSE
3. POP3-SSL
zmprov gs `zmhostname` zimbraPop3CleartextLoginEnabled zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE
Secure Interprocess Communication
Text