This document summarizes the features and improvements in Zimbra Collaboration version 8.7. It discusses the new Zimbra package repository, Postscreen spam filtering, SSL SNI for HTTPS, two-factor authentication, Exchange Web Services improvements, unified communications features, and other enhancements. It also provides overviews of resolved issues and improvements in subsequent 8.7 point releases. Finally, it summarizes new features in Zimbra Desktop version 7.2.8 such as two-factor authentication support, password locking, and auto archive.
5. 5
ZIMBRA PACKAGE REPOSITORY
Zimbra 8.7+ now uses a package
repository for the majority of 3rd party
libraries
• Smaller installer size
• Zimbra can push rapid updates to 3rd
party packages without having to
release a patch, ideal for security
updates
• Customers can update 3rd party
packages to latest version without
having to apply patch
• Will be expanding this concept to the
rest of the product over time 0 200 400 600 800 1000 1200
Installer Size in MB
8.6
8.7
7. 7
POSTSCREEN
• Pre-screening process for clients that implements tests to reduce the load on the
SMTPD process
• By keeping spambots away, Postscreen leaves more SMTP server processes
available for legitimate clients, and delays the onset of server overload
conditions
• Zimbra Collaboration Postscreen maintains a temporary white-list for clients that
have passed a number of tests. When an SMTP client IP address is whitelisted,
Postscreen hands off the connection immediately to a Postfix SMTP server process.
This minimizes the overhead for legitimate mail.
12. 12
SSL SERVER NAME IDENTIFICATION (SNI) FOR HTTPS
• Zimbra SSL Server Name Indication (SNI) allows the proxy server to submit various
certificates in the same IPv4 address and TCP port number, which allows multiple
domains (HTTPS) to be served at the same IP address without having to use the
same certificate.
• Zimbra SSL SNI is excellent for service providers who service numerous domains.
15. 15
SECURITY INFORMATION
• As always, it is highly recommended that you revisit settings after upgrading to
ensure that values are set as expected/desired in your environment and security
settings meet your requirements.
• https://wiki.zimbra.com/wiki/Security/Collab/87
• https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
• PEN Test – Netragard's final report available
(20160613-Netragard-Report-ZCS-8.7-final.pdf )
16. 16
TWO-FACTOR AUTHENTICATION
• Time-based one-time passcode
(TOTP) security layer
• App-specific passwords for support
across all clients
• Reduces successful user ID theft,
fraud, and phishing attacks
• COS, Domain, and User feature
• Admins can require use
21. 21
EWS ENHANCEMENTS IN 8.7
Bug 95132
Signed/Encrypted
Emails appear as
normal in Mac
Outlook
Bug 95988
Calendar.app via
EWS setup doesn’t
work with ZCS
Calendar
Bug 98235
Support for Office
2016, Outlook for
Mac
55 fixed Bugs for EWS in 8.7
43. 43
Feature improvements
- Added full working Search feature:
- Smart case insensitive query
parsing
- Preview and most operations
available
- Added NewFolder button in Move
Dialog
- Added Zimbra Drive icon and
browser tab title
- Added some checks to prevent
illegal actions
Bug 107449
EWS: Resolve Name should
return all the contact
information
Bug 107946
WS: Map all attributes returned
in AD search result to Contact
in ResolveName response
Bug 107891
Upgrade from 877 to 878 failed
due to ldap schema violation
Bug 107899
Upgrade from 850 to 878 failing
for RHEL6
early release
49. 49
ZIMBRA DESKTOP 7.2.8
Two factor authentication
Starting in Zimbra Desktop 7.2.8, we support it natively on our Desktop. Requires ZCS 8.7 and NE
Password Lock
If a user enables this feature, access to Zimbra Desktop becomes password protected, and the user needs to enter a
Zimbra account password.
Auto Archive
Using this feature, old emails are archived locally, to local folders, and these emails are deleted from the server
automatically. A really handy option to keep our Mailboxes at the minimum weight at the Server level.
Support for Traditional Chinese (Taiwan) Language
For all the Taiwanese speakers we have good news! Now Zimbra Desktop 7.2.8 and above supports Traditional
Chinese (Taiwan). 歡迎光臨
50. 50
ZIMBRA DESKTOP 7.2.8
Two factor authentication
We introduced Zimbra Collaboration 2FA since v8.7, and
starting in Zimbra Desktop 7.2.8, we support it natively on our
Desktop client as well. The first step is to configure 2FA on the
Web Client.
Zimbra Two-Factor authentication requires an upgrade of your
Network Edition License Key, which is free of charge if you
have a valid License. Contact your regional sales manager
Then when you try to add an account protected already with
Zimbra 2FA, or if you had one already added on Zimbra
Desktop and configure 2FA later, the Zimbra Desktop will
prompt you for a Code from one of the TOTP applications.
Once you add a valid 2FA code from a TOTP application, you
will be able to see all of your accounts and launch the Desktop
51. 51
ZIMBRA DESKTOP 7.2.8
Password Lock
Starting with Zimbra Desktop 7.2.8, the end user can
protect Zimbra Desktop with a password. You will find this
new feature in Preferences > All accounts > General >
Enable Password Lock
Once enabled, you will see a new lock icon on the top bar.
You can click on that icon or just close Zimbra Desktop to
be prompted for your Zimbra Desktop main account
password.
This is the window that will prompt you for the main
account password. This is a really useful way to protect your
Zimbra Desktop content, preventing it from being read by
another user who might have physical access to the
computer.
After a successful login, you will see a banner message on
the top bar saying Password Verified
52. 52
ZIMBRA DESKTOP 7.2.8
Auto archive
Using this feature, old emails are archived locally, to local
folders, and these emails are deleted from the server
automatically. A really handy option to keep our Mailboxes at
the minimum weight at the Server level.
Additional layer of “possession” (vs. knowledge) security to reduce incidents of fraud, identity theft, and successful phishing attempts for users
TOTP based token authentication using compatible application (ex: Google Authenticator, Authy, etc. )
App-specific passwords allow for compatibility with single-factor authentication applications (ex: Outlook, Thunderbird, Mail.app, etc. )
Passwords can be revoked if concerns over security
Passwords are computer generated and extremely secure
One-time passwords available for emergency access to account
Codes can be invalidated
Codes can only be used once as name implies
Two-factor authentication can be controlled at Domain, COS, and user levels
Administrators can require users to use a second factor for secure email