SecureConfiguration: Difference between revisions

(Created page with "{{ZC}}{{Article Infobox|{{admin}}||{{ZCS 8.0}}|}} = Best-Practice Recommendations for a Secure Zimbra Configuration = The following recommendations are provided to ensure a ...")
 
No edit summary
Line 7: Line 7:
* Require encrypted logins
* Require encrypted logins
* Requiring secure interprocess communications
* Requiring secure interprocess communications
== Services ==
Most secure is to only allow secure methods of accessing the system; however, be careful in making these changes, as all processes need to be configured to connect only to upstream encrypted listeners.
1. Configure the proxy to only offer encrypted protocols
zmprov ms `zmhostname` zimbraReverseProxyMailMode https
2. Require Proxy to connect to upstream via SSL
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled TRUE
zimbraReverseProxyImapStartTlsMode


== Encrypted Logins ==
== Encrypted Logins ==
Line 25: Line 40:
  zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE
  zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE


== Header 2 ==
== Secure Interprocess Communication ==


Text
Text

Revision as of 21:14, 28 June 2014

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 8.0 Article ZCS 8.0


Best-Practice Recommendations for a Secure Zimbra Configuration

The following recommendations are provided to ensure a best-practice security configuration. This includes the following:

  • Require encrypted logins
  • Requiring secure interprocess communications

Services

Most secure is to only allow secure methods of accessing the system; however, be careful in making these changes, as all processes need to be configured to connect only to upstream encrypted listeners.

1. Configure the proxy to only offer encrypted protocols

zmprov ms `zmhostname` zimbraReverseProxyMailMode https

2. Require Proxy to connect to upstream via SSL

zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled TRUE
zimbraReverseProxyImapStartTlsMode


Encrypted Logins

1. HTTPS

zmprov gs `zmhostname` zimbraMailClearTextPasswordEnabled
zmprov ms `zmhostname` zimbraMailClearTextPasswordEnabled FALSE

2. IMAP4-SSL

zmprov gs `zmhostname` zimbraImapCleartextLoginEnabled
zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled FALSE

3. POP3-SSL

zmprov gs `zmhostname` zimbraPop3CleartextLoginEnabled
zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE

Secure Interprocess Communication

Text


Verified Against: ZCS 8.0 Date Created: 06/28/2014
Article ID: https://wiki.zimbra.com/index.php?title=SecureConfiguration Date Modified: 2014-06-28



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search