Mission Critical Email

Zimbra Security and Hardening Service

Zimbra is a robust, mature and powerful collaboration suite that scales to millions of mailboxes, is eminently customizable, extremely reliable and performant, but which ships by default with a very “relaxed” set of security configurations. This is because many customers use Zimbra in closed or limited-access environments where Zimbra is integrated with legacy systems that rely on what are now considered to be insecure configurations, where the legacy systems often cannot be upgraded.

If your Zimbra system is public-facing (even if protected by a firewall and gateway email filtering), and especially if your workforce accesses Zimbra remotely over the public Internet, then Zimbra’s default shipping security configurations are insufficient to fully protect you from script kiddies and professional bad actors.

Over more than 15 years, we have developed, on our own and in collaboration with Zimbra, a set of security hardening configurations that we apply to every new Zimbra server we build for customers, as well as to our own multi-tenant Zimbra Hosting environment on Amazon Web Services.  These configurations are updated periodically, so whether we built your Zimbra system for you or not, now would be a good time to make sure your Zimbra system is fully up to date with our latest security hardening best practices.

Our $595 fixed-fee Security and Hardening Service (some restrictions apply, of course…) will leave your Zimbra system:

  • Obtaining an A+ score on the Qualys SSL Labs server testing suite.
  • No longer using known insecure cipher suites.
  • With enhanced protection from “man-in-the-middle” attacks.
  • With better protection against brute-force password cracking attempts.
  • Better protected against web crawlers.
  • Better protected against current-known Javascript exploits and cross-site scripting attacks.
  • Better protected against spoofed nested sender email address attacks.
  • With enhanced Zimbra SpamAssassin scanning.
  • With outbound email throttling customized appropriately for your environment.
  • Using a software firewall on each Zimbra server, appropriately configured for your environment.

Restrictions, and Terms and Conditions
To be able to offer this $595 fixed fee service, we of course need to have some restrictions.  But we are also happy to perform the same services on your Zimbra system on a billable-hour basis; just schedule a free 30-minute consult with us using the link below, and we’ll work to give you a good-faith estimate you can use to get budget approval. Here are the restrictions:

  1. Your Zimbra system must be version 8.8.15 or later, and not more than one patch behind the current patch level.
  2. Your Zimbra system must be comprised of not more than three Zimbra servers.
  3. Your Zimbra system must not be dual- or multi-homed (i.e. only one network interface).
  4. Your Zimbra system must not have any additional non-Zimbra software installed (other than that which is required for Zimbra and the base operating system to function; monitoring agents excluded), nor have any other customizations which in our view may interfere with our standard security hardening techniques.
  5. To do our work efficiently, we’ll need:
    1. SSH access to your Zimbra servers with the ability to become the root and Zimbra users, OR:
    2. Screen-sharing with remote control and shared clipboard access, e.g. where you have open SSH sessions to your Zimbra servers on a desktop whose screen you have shared with us via a Zoom meeting, and where we can copy and paste commands from our workstation directly in to the Zimbra SSH sessions on your remote desktop using a shared clipboard.
    3. Labor we incur to set up an alternate, mutually-agreed remote-access method of your preference will be billed at our regular labor rates.
  6. This Security and Hardening Service is provided in accordance with our Professional Services Terms and Conditions.

In other words, air-gapped Zimbra systems, and Zimbra systems comprised of four or more servers for example do not qualify for the fixed fee rate, though we of course would be happy to perform the same security hardening services for you on a billable-hour basis.

Ready To Get Started?
Terrific!  Just book and pay for a session using this link.

Have More Questions?
Great! Let’s peel the onion back a few more layers together!  Just book a free 30-minute pre-sale consult using this link.

Once we are finished, you’ll sleep much better knowing your Zimbra system is better protected!

Stay safe!
L. Mark Stone
Mission Critical Email LLC
17 September 2021