- •Table of Contents
- •Preface
- •More than Just Email
- •Introducing Zimbra
- •What's in a Name?
- •Building Better Collaboration
- •Front-End
- •Back-End
- •The Benefits of Zimbra
- •Summary
- •Before the Installation
- •Hardware
- •Software
- •Editing the HOSTS File
- •Configuring DNS
- •Turning Off Sendmail
- •Installing on Red Hat Enterprise Linux 4
- •Installing the Red Hat Operating System
- •Installing Zimbra Collaboration Suite
- •Installing on SUSE ES 9
- •Preparing SUSE ES 9 for Zimbra
- •Installing on MAC OS X
- •Preparing MAC OS X Server for Zimbra
- •Installing the Zimbra Collaboration Suite
- •Post-Installation Steps
- •Configuring the Firewall
- •Uninstalling Zimbra
- •Summary
- •An Overview of the Administration Console
- •A. Content Pane
- •B. Search Bar
- •C. Monitoring
- •Server Management
- •Creating a New Domain
- •Configuring Global Settings
- •Class of Service
- •User Management
- •Creating User Accounts
- •Creating an Alias
- •Creating a Distribution List
- •Administering Zimbra from the Command Line
- •Managing Services with zmcontrol
- •Creating Accounts with zmprov
- •Summary
- •The Web Client System Requirements
- •A Bird's Eye View of the Web Client
- •Working with Email
- •Checking Email
- •Composing Email
- •Tags
- •Conversations
- •Managing Contacts
- •Sharing Address Books
- •Managing Schedules
- •Adding Appointments
- •Creating Multiple Calendars
- •Sharing Calendars
- •The Zimbra Documents
- •Creating Documents Pages
- •Sharing Documents
- •Saving Time with the Zimbra Assistant
- •Saving Even More Time with Keyboard Shortcuts
- •Sending an Email with Shortcuts
- •Summary
- •Built-In Security
- •Web Client Security
- •Mail Transfer Agent
- •Anti-Spam
- •Anti-Virus
- •Securing the Operating System
- •Host-Based Firewall
- •Services
- •Updates and Patching
- •Securing the Network
- •Firewalls
- •Virtual Private Networks
- •Summary
- •Exploring User Options
- •General Options
- •Mail Options
- •Mail Filters
- •Address Book
- •Calendar
- •Shortcuts
- •Configuring POP Accounts
- •Configuring Mail Identities
- •Building Searches
- •Building Our Search
- •Using a Saved Search
- •Summary
- •The PST Import Wizard
- •The Zimbra Connector for Outlook
- •A Look at Zimbra Integration
- •Contacts
- •Appointments
- •Sharing Outlook Folders
- •Summary
- •Preparing the Zimbra Server for Zimbra Mobile
- •Configuring Windows Mobile to Sync with Zimbra
- •Configuring Palm OS to Sync with Zimbra
- •Summary
- •An Overview of Zimlets
- •Mouse-Over Zimlet Example
- •The Date Zimlet
- •The Yahoo! Maps Zimlet
- •Managing Zimlets
- •Managing Zimlets through the Administrator Console
- •Assigning Zimlets to a COS
- •Assigning Zimlets to an Account
- •A Look at Configuring the RSS Zimlet
- •The RSS Zimlet in Action
- •Allowing RSS Feeds for Additional Sites
- •Managing Backups
- •Restoring Mailboxes
- •Using the Command Line for Backups
- •Summary
- •The Need for Monitoring
- •Availability
- •Scalability
- •Security
- •Working with Mail Queues
- •Monitoring Log Files
- •Summary
- •Index
This material is copyright and is licensed for the sole use by Kliwon Klimis on 28th October 2008 425 cilce, , frood, grradt, 525254
Securing Zimbra
possible attackers, there is still a case for having users create a secure tunnel to the local network, before accessing their email.
There are many benefits and unfortunately downsides to requiring a virtual private network (VPN) connection for web email access. Obviously, a VPN creates a secure environment that allows for encrypting the email transmission, requires less open ports on the firewall, and keeps access to the web server to local traffic only.
The downsides include the fact that a user needs to go through several loops just to check their email from an outside location. This may be fine for telecommuters (who are probably using a VPN anyways to access other services on the network), but for sales people and "road warriors", this could be troublesome. One type of VPN I have used that offers the ability for users to check their email from any computer, while still requiring VPN access is what is referred to as an SSL VPN.
These SSL VPNs allow users to browse to a specific URL in their internet browser, does a quick scan of the host computer to make sure there are no known malware on the system, and asks for user authentication. Once authenticated, the user is presented with a link to check their email. Only the email is now tunnelled through the VPN and the rest of the host computer is not. This allows for less overhead on the host computer and on the VPN itself. It also creates an easy way for users to check email on the road, while protecting your network from unwanted visitors
and malware.
If a VPN solution is not an option for all of your users to access the Zimbra web client, I would recommend that at least the admin console (https://zimbra. emailcs.com:7071) is accessible only through a VPN. That way port 7071 could be closed and that is the one area of Zimbra you do not want unwanted visitors.
Summary
This chapter discussed the importance and methods that could be used to secure your Zimbra environment. We began by looking at Zimbra's built-in security tools including: web client security, anti-spam, and anti-virus. We then looked at securing the operating system or host that Zimbra is running on with a focus on securing ports, disabling unnecessary services, and being sure to keep the system patched and updated on a regular basis. Lastly, we looked at securing the network with a discussion on creating a demilitarized zone (DMZ), configuring firewalls, and the use of Virtual Private Networks (VPN).
In the next chapter, we will look at adding some finishing touches to our Zimbra implementation by enhancing the user experience through customizing user settings and branding Zimbra to match your corporate look and feel.
[ 130 ]