Tips for improving your Zimbra experience.
At some point, you will suffer a Zimbra account breach and an email flood. This blog post will describe how to handle this situation. Do I Have A Zimbra Account Breach? Once a Zimbra account breach happens, if you are monitoring your mail queues, you will see the Deferred queue …
While Fail2Ban’s automation works great, we find that reviewing the “Recipient address rejected” section of Zimbra’s Daily Mail Report yields evidence of potential Advanced Persistent Threats as well as probes from senders whom you’d like to block. Manually grepping through /var/log/zimbra.log* on the logger host to find the sender’s IP …
Enhancing Email Deliverability for B2B senders’ outbound transactional and marketing emails was a core track at last week’s InboxExpo. This post covers several key takeaways to help you improve your B2B email deliverability. In case you missed it, to further reduce spam and domain spoofing specifically, Google and Yahoo (affectionately …
This post contains our current Zimbra Fail2Ban Best Practices and will show you how to configure Fail2Ban optimally on your Zimbra servers. Bad actors, overly aggressive marketing companies and others clog up our Inboxes with unwanted emails, and increase the load on our Zimbra servers. While Fail2Ban will effectively block …
MariaDB is the single most common bottleneck we see when doing performance tuning on customers’ Zimbra servers. This Zimbra-specific MariaDB performance tuning guide will help your mailbox servers run faster and web client users to see noticeable speed improvements in the user interface’s responsiveness. Zimbra MariaDB Level Set Zimbra uses …
Zimbra servers make a lot of DNS requests, so having a locally available caching DNS server system for Zimbra to use is important. In helping customers with very active Zimbra servers, we have found that deploying BIND9 gets the job done when dnsmasq, Zimbra’s Unbound or even local Active Directory …
Zimbra mailbox servers on Ubuntu 18/20 can benefit from Linux kernel tuning to reduce swap file usage. This post will show you how. Note: this article is based in large part on information kindly provided by John Holder of Zimbra a week before his untimely passing. Over the years John …
We know that deploying MTA-STS better secures inbound email and can prevent MITM and downgrade attacks. But you need a public web server to host the ~/.well-known/mta-sts.txt file. Not everyone has access to a web server they can use for this purpose, and even if they did, securing, patching, monitoring …
Historically, Zimbra firewalling has focused on regulating only Inbound traffic, but we can better protect our Zimbra systems if we also regulate Outbound traffic by using a Stateful Firewall. What Is a Stateful Firewall? Stateful firewalls, which now account for the majority of SMB and enterprise grade firewalls, can track …
Sometimes we want to block specific domains from sending email to any of our users. If you followed the instructions to prevent nested address spoofing, the mechanism to perform system-wide sender domain blocking is already in place. If you haven’t yet deployed nested address spoofing, please go ahead and do …
