Revision as of 21:14, 28 June 2014 by Thom (talk | contribs)

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 8.0 Article ZCS 8.0

Best-Practice Recommendations for a Secure Zimbra Configuration

The following recommendations are provided to ensure a best-practice security configuration. This includes the following:

  • Require encrypted logins
  • Requiring secure interprocess communications


Most secure is to only allow secure methods of accessing the system; however, be careful in making these changes, as all processes need to be configured to connect only to upstream encrypted listeners.

1. Configure the proxy to only offer encrypted protocols

zmprov ms `zmhostname` zimbraReverseProxyMailMode https

2. Require Proxy to connect to upstream via SSL

zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled TRUE

Encrypted Logins


zmprov gs `zmhostname` zimbraMailClearTextPasswordEnabled
zmprov ms `zmhostname` zimbraMailClearTextPasswordEnabled FALSE


zmprov gs `zmhostname` zimbraImapCleartextLoginEnabled
zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled FALSE


zmprov gs `zmhostname` zimbraPop3CleartextLoginEnabled
zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE

Secure Interprocess Communication


Verified Against: ZCS 8.0 Date Created: 06/28/2014
Article ID: Date Modified: 2014-06-28

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search