Upload
zimbra
View
70.116
Download
1
Embed Size (px)
Citation preview
1
What’s New
March 2017Contains proprietary and confidential information owned by Synacor, Inc. © / 2016 Synacor, Inc.
ZIMBRA 8.7.X
2
TODAY’S DISCUSSION
Server Features • Zimbra Package Repository• Postscreen• SSL SNI for HTTPS
Security ImprovementsTwo-Factor Authentication
EWS ImprovementsUnified CommunicationsOther notable enhancementsZimbra Desktop 7.2.8Q&A
3
ISSUES RESOLVED SINCE ZIMBRA 8.0
1854
2832
970
2284
0
500
1000
1500
2000
2500
3000
8.0 8.5 8.6 8.7
BugFix
4
BACKEND FEATURES
5
ZIMBRA PACKAGE REPOSITORY
Zimbra 8.7+ now uses a package repository for the majority of 3rd party libraries• Smaller installer size• Zimbra can push rapid updates to 3rd
party packages without having to release a patch, ideal for security updates
• Customers can update 3rd party packages to latest version without having to apply patch
• Will be expanding this concept to the rest of the product over time 0 200 400 600 800 1000 1200
InstallerSizeinMB
8.6
8.7
6
ZIMBRA PACKAGE REPOSITORY
7
POSTSCREEN
• Pre-screening process for clients that implements tests to reduce the load on the SMTPD process• By keeping spambots away, Postscreen leaves more SMTP server processes
available for legitimate clients, and delays the onset of server overload conditions
• Zimbra Collaboration Postscreen maintains a temporary white-list for clients that have passed a number of tests. When an SMTP client IP address is whitelisted, Postscreen hands off the connection immediately to a Postfix SMTP server process. This minimizes the overhead for legitimate mail.
8
ZIMBRA ARCHITECTURE W/O POSTSCREEN
9
ZIMBRA ARCHITECTURE WITH POSTSCREEN
10
POSTSCREEN RESOURCES
Whitepaper Technical Wiki
11
SSL SNI ARCHITECTURE
12
SSL SERVER NAME IDENTIFICATION (SNI) FOR HTTPS
• Zimbra SSL Server Name Indication (SNI) allows the proxy server to submit various certificates in the same IPv4 address and TCP port number, which allows multiple domains (HTTPS) to be served at the same IP address without having to use the same certificate.
• Zimbra SSL SNI is excellent for service providers who service numerous domains.
13
SSL SNI RESOURCES
Whitepaper Technical Wiki
14
SECURITY IMPROVEMENTS
15
SECURITY INFORMATION
• As always, it is highly recommended that you revisit settings after upgrading to ensure that values are set as expected/desired in your environment and security settings meet your requirements. • https://wiki.zimbra.com/wiki/Security/Collab/87• https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
• PEN Test – Netragard's final report available (20160613-Netragard-Report-ZCS-8.7-final.pdf )
16
TWO-FACTOR AUTHENTICATION
• Time-based one-time passcode (TOTP) security layer
• App-specific passwords for support across all clients
• Reduces successful user ID theft, fraud, and phishing attacks
• COS, Domain, and User feature• Admins can require use
17
DEMO
18
TWO-FACTOR AUTHENTICATION RESOURCES
Whitepaper Technical Wiki
19
MISCELLANEOUS SECURITY IMPROVEMENTS
8.7 SSL Related Changes • SSLv3 disabled (OpenJDK, OpenSSL) • Default 2048b DH Parameters (OpenSSL)• Removed RC4 cipher• Enabled Nginx SSL Session Cache (resumption) • zmlookup via HTTPS (default port 7072)• HTTPS SNI Support (zimbraReverseProxySNIEnabled)
8.7 Security Other • saslauthd on port 7073 (SMTP auth vs. ZWC, etc.) • multi-domain enhancements• many third party package updates
20
EXCHANGE WEB SERVICES (EWS)
21
EWS ENHANCEMENTS IN 8.7
Bug95132Signed/EncryptedEmailsappearasnormalinMacOutlook
Bug95988Calendar.appviaEWSsetupdoesn’tworkwithZCSCalendar
Bug98235SupportforOffice2016,OutlookforMac
55fixedBugsforEWSin8.7
22
UNIFIED COMMUNICATIONS
23
UNIFIED COMMUNICATIONS – PRESENCE
24
UNIFIED COMMUNICATIONS — VOICEMAIL
25
UNIFIED COMMUNICATIONS — MAKING A CALL
26
8.7 MISCELLANEOUS IMPROVEMENTS
27
Bug101582SupportforOffice2016withZimbraConnector,ZCO
Bug97334/97335AccessibilityforCalendarandContactsonWebClient
Bug97773Upgradetopostfix3.0series
Bug96261AddlocalizationforLao[Lo]
Bug101192Disablelinkswithinspam
Bug95484SupportforIE12
28
8.7.1 MISCELLANEOUS IMPROVEMENTS
29
Bug103683AddsupportforUbuntu16.04LTS
Bug105134Outlook2016MacEWSexpandingdistributionlistcrashesOutlook
Bug105945,105942,107024and106204SolveddifferentBugswhichpreventedtorunasuccessfulUpdate/UpgradetoZCS8.7
Bug1061628.7requiresbriefcasetobepublicifimageisinsidesignature
30
8.7.2 MISCELLANEOUS IMPROVEMENTS
31
Bug104578PaginationsupportforSyncGalRequest
Bug104127Maillistviewisnotrefreshedwhendeletingmailsinmessageview
Bug107106Convertd failedafterupgradeto8.7.1from8.7.0
Bug107153Imagewithinsignatureisbrokeninreply/forwardwindow
32
8.7.3 MISCELLANEOUS IMPROVEMENTS
33
Bug107623EWSsyncbrokenwhenSOAPresponseislarge
Bug101023zimbraHelpAdvancedURL,zimbraHelpStandardURL andzimbraHelpAdminURL doesnotwork
Bug106379"/opt/zimbra/libexec/zmfixperms --verbose--extended"changing/opt/zimbra/common/sbinpermissiontozimbra:zimbraBug107058
Fix"Unescaped leftbraceinregexisdeprecated,passedthroughinregex;markedby<-- HEREinm/\${<-- HEREzimbra_home}/at/opt/zimbra/libexec/zmupgrade.pm"forUBUNUTU16
34
8.7.4 MISCELLANEOUS IMPROVEMENTS
35
Bug106811XXE[CWE-611]
Bug104278WhileprintingmailsfromZWCinIEandFirefox,wordwrappingissplittingwordsbetweentwolines.
Bug107635oo_linux_install_path isnotsetinfreshinstallation
36
8.7.5 MISCELLANEOUS IMPROVEMENTS
37
Bug81415NewS/MIMEZimletTechnicalPreview,noJavaapplet
AdminGuideinGitHubWearemovingourDocumentationtoASCIIDoconGitHub,whereyoucangraborimproveit
Bug107583and106285- 8.7.2calendarmonthviewbrokenformultipledayspanningeventsand- HorizontalscrollbarworksincorrectlyinCalendar
Bug107058Printissue:text getscutonrightwhenprintingmailsusingIE
38
8.7.6 MISCELLANEOUS IMPROVEMENTS
39
Bug107797StartingZimbraCollaboration8.7.6,ZimbraincludesafreeandGPLv2ChatproductembeddedinsideZimbra
Bug107798StartingZimbraCollaboration8.7.6,ZimbraincludesafreeandGPLv2OwnCloud/NextCloud productembeddedinsideZimbra
EphemeralbackendZCS8.7.6releaseincludesabetareleaseofamajorchangeinZimbraarchitecturethatallowsenablingprotectionagainstCSRFandcookie-reuseattackswithoutincreasingloadonLDAP
SecurityfixesImproperlimitationoffilepaths[CWE-22]Improperhandlingofprivileges[CWE-280]
40
8.7.7 MISCELLANEOUS IMPROVEMENTS
41
Bug107824Allcontextmenuoptionsstoppedworkingafterdeletingtrashedappointmentandtryingtotakeactionfromusercalendar'sappointment
Bug107825WeeklyRecurringMeetingnotgettingsyncedinOutlook2016
Bug106438Caldav SharedCalendarSyncnotworkingcorrectlyonlatestmacversions
42
8.7.9 MISCELLANEOUS IMPROVEMENTS
43
Featureimprovements- AddedfullworkingSearchfeature:- Smartcaseinsensitivequeryparsing- Previewandmostoperationsavailable- AddedNewFolder buttoninMoveDialog- AddedZimbraDriveiconandbrowsertabtitle- Addedsomecheckstopreventillegalactions
Bug107449EWS:ResolveNameshouldreturnallthecontactinformation
Bug107946WS:MapallattributesreturnedinADsearchresulttoContactinResolveName response
Bug107891Upgradefrom877to878failedduetoldap schemaviolation
Bug107899Upgradefrom850to878failingforRHEL6
early release
44
8.7.10 MISCELLANEOUS IMPROVEMENTS
45
ZCO8.7.10hasbeenreleasedUpto11Bugsfixedforthisversion
Bug107584Nodataunder"Download"directoryafterfreshinstallationorupgrade
Bug107878XXE[CWE-79]
46
8.7.11 MISCELLANEOUS IMPROVEMENTS
47
Bug107979S/MIMEcertificatenotseeninContactProperties
Bug102930EWSSharing- Handlesyncofsharedfoldersonremotenode
Bug107901XXE[CWE-384]
48
ZIMBRA DESKTOP v7.2.8
49
ZIMBRA DESKTOP 7.2.8
Two factor authenticationStarting in Zimbra Desktop 7.2.8, we support it natively on our Desktop. Requires ZCS 8.7 and NE
Password LockIf a user enables this feature, access to Zimbra Desktop becomes password protected, and the user needs to enter a Zimbra account password.
Auto ArchiveUsing this feature, old emails are archived locally, to local folders, and these emails are deleted from the server automatically. A really handy option to keep our Mailboxes at the minimum weight at the Server level.
Support for Traditional Chinese (Taiwan) LanguageFor all the Taiwanese speakers we have good news! Now Zimbra Desktop 7.2.8 and above supports Traditional Chinese (Taiwan). 歡迎光臨
50
ZIMBRA DESKTOP 7.2.8
Two factor authenticationWe introduced Zimbra Collaboration 2FA since v8.7, and starting in Zimbra Desktop 7.2.8, we support it natively on our Desktop client as well. The first step is to configure 2FA on the Web Client.
Zimbra Two-Factor authentication requires an upgrade of your Network Edition License Key, which is free of charge if you have a valid License. Contact your regional sales manager
Then when you try to add an account protected already with Zimbra 2FA, or if you had one already added on Zimbra Desktop and configure 2FA later, the Zimbra Desktop will prompt you for a Code from one of the TOTP applications.
Once you add a valid 2FA code from a TOTP application, you will be able to see all of your accounts and launch the Desktop
51
ZIMBRA DESKTOP 7.2.8
Password LockStarting with Zimbra Desktop 7.2.8, the end user can protect Zimbra Desktop with a password. You will find this new feature in Preferences > All accounts > General > Enable Password Lock
Once enabled, you will see a new lock icon on the top bar. You can click on that icon or just close Zimbra Desktop to be prompted for your Zimbra Desktop main account password.
This is the window that will prompt you for the main account password. This is a really useful way to protect your Zimbra Desktop content, preventing it from being read by another user who might have physical access to the computer.
After a successful login, you will see a banner message on the top bar saying Password Verified
52
ZIMBRA DESKTOP 7.2.8
Auto archiveUsing this feature, old emails are archived locally, to local folders, and these emails are deleted from the server automatically. A really handy option to keep our Mailboxes at the minimum weight at the Server level.
53
Q&AThank you!