SecureConfiguration
Article Information |
---|
This article applies to the following ZCS versions. |
Best-Practice Recommendations for a Secure Zimbra Configuration
The following recommendations are provided to ensure a best-practice security configuration. This includes the following:
- Require encrypted logins
- Requiring secure interprocess communications
Services
Most secure is to only allow secure methods of accessing the system; however, be careful in making these changes, as all processes need to be configured to connect only to upstream encrypted listeners.
1. Configure the proxy to only offer encrypted protocols
zmprov ms `zmhostname` zimbraReverseProxyMailMode https
2. Require Proxy to connect to upstream via SSL
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled TRUE
zimbraReverseProxyImapStartTlsMode
Encrypted Logins
1. HTTPS
zmprov gs `zmhostname` zimbraMailClearTextPasswordEnabled zmprov ms `zmhostname` zimbraMailClearTextPasswordEnabled FALSE
2. IMAP4-SSL
zmprov gs `zmhostname` zimbraImapCleartextLoginEnabled zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled FALSE
3. POP3-SSL
zmprov gs `zmhostname` zimbraPop3CleartextLoginEnabled zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled FALSE
Secure Interprocess Communication
Text