This chapter serves as an administration guide to secure Zimbra.
The topics covered in this chapter are:
- Internal solutions (updating the ClamAV antivirus, using DSPAM and ASSP as other antispam solutions, improving the main SpamAssassin antispam, and so on)
- External solutions (Barracuda, MailCleaner, and so on)
By the end of this chapter, the user should be able to increase the security inside Zimbra.
Zimbra has a high-level security system, but it has some problems, especially in antivirus/antispam integrated solutions, which are:
- Zimbra integrates only one antivirus solution by default, which is a weakness.
- Zimbra updates the ClamAV package to the latest version with every Zimbra release. This means that the user must wait for the next release of Zimbra to have the latest version of ClamAV, even if the actual version contains a bug! (here there is always a solution to upgrade ClamAV without waiting for the new release of Zimbra, but it contains a lot of problems; I will explain that later).
- The second antispam solution integrated with Zimbra (DSPAM) is not activated by default.
- The user cannot modify the postfix configuration files directly. Some of the postfix files are rewritten when changes are made in the administration console. Any changes the user makes will be overwritten.
- The same problem exists for upgrading SpamAssassin/DSPAM: the user can only upgrade them with the new release of Zimbra.
- Sender Policy Framework (SPF) is not enabled in the Zimbra SpamAssassin package; neither are Razor nor Pyzor.
- The Distributed Checksum Clearinghouses (DCC) plugin is not installed.
To solve most of these problems and to improve Zimbra security, after a deep search we find that we may use the following two types of solutions:
- Internal solutions (we will cover these in detail just after this paragraph)
- External solution: Having a frontal antispam/antivirus gateway e-mail server; the choice of the best external solution will be the subject of a major part of this chapter in detail later.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.