Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What's new in Zimbra Collaboration 8.7.x

70,701 views

Published on

Zimbra is the leader in Open Source Email and Collaboration. In July 2016 we've released the v8.7 with enhancements for Service Providers like SSL SNI and a new Packaging System, as well as new Security Features like Postscreen to protect the MTA from SPAM and bad connections, and 2FA, giving to the users the opportunity to protect their Mailbox by using an external TOTP application in addition to their regular password. Zimbra Collaboration 8.7.1 was released in October 2016 fixing some upgrade issues from older ZCS issues, and adding Official Support for Ubuntu 16.04 LTS.

Published in: Software
  • Be the first to comment

What's new in Zimbra Collaboration 8.7.x

  1. 1. 1 What’s New March 2017 Contains proprietary and confidential information owned by Synacor, Inc. © / 2016 Synacor, Inc. ZIMBRA 8.7.X
  2. 2. 2 TODAY’S DISCUSSION Server Features • Zimbra Package Repository • Postscreen • SSL SNI for HTTPS Security Improvements Two-Factor Authentication EWS Improvements Unified Communications Other notable enhancements Zimbra Desktop 7.2.8 Q&A
  3. 3. 3 ISSUES RESOLVED SINCE ZIMBRA 8.0 1854 2832 970 2284 0 500 1000 1500 2000 2500 3000 8.0 8.5 8.6 8.7 Bug Fix
  4. 4. 4 BACKEND FEATURES
  5. 5. 5 ZIMBRA PACKAGE REPOSITORY Zimbra 8.7+ now uses a package repository for the majority of 3rd party libraries • Smaller installer size • Zimbra can push rapid updates to 3rd party packages without having to release a patch, ideal for security updates • Customers can update 3rd party packages to latest version without having to apply patch • Will be expanding this concept to the rest of the product over time 0 200 400 600 800 1000 1200 Installer Size in MB 8.6 8.7
  6. 6. 6 ZIMBRA PACKAGE REPOSITORY
  7. 7. 7 POSTSCREEN • Pre-screening process for clients that implements tests to reduce the load on the SMTPD process • By keeping spambots away, Postscreen leaves more SMTP server processes available for legitimate clients, and delays the onset of server overload conditions • Zimbra Collaboration Postscreen maintains a temporary white-list for clients that have passed a number of tests. When an SMTP client IP address is whitelisted, Postscreen hands off the connection immediately to a Postfix SMTP server process. This minimizes the overhead for legitimate mail.
  8. 8. 8 ZIMBRA ARCHITECTURE W/O POSTSCREEN
  9. 9. 9 ZIMBRA ARCHITECTURE WITH POSTSCREEN
  10. 10. 10 POSTSCREEN RESOURCES Whitepaper Technical Wiki
  11. 11. 11 SSL SNI ARCHITECTURE
  12. 12. 12 SSL SERVER NAME IDENTIFICATION (SNI) FOR HTTPS • Zimbra SSL Server Name Indication (SNI) allows the proxy server to submit various certificates in the same IPv4 address and TCP port number, which allows multiple domains (HTTPS) to be served at the same IP address without having to use the same certificate. • Zimbra SSL SNI is excellent for service providers who service numerous domains.
  13. 13. 13 SSL SNI RESOURCES Whitepaper Technical Wiki
  14. 14. 14 SECURITY IMPROVEMENTS
  15. 15. 15 SECURITY INFORMATION • As always, it is highly recommended that you revisit settings after upgrading to ensure that values are set as expected/desired in your environment and security settings meet your requirements. • https://wiki.zimbra.com/wiki/Security/Collab/87 • https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • PEN Test – Netragard's final report available (20160613-Netragard-Report-ZCS-8.7-final.pdf )
  16. 16. 16 TWO-FACTOR AUTHENTICATION • Time-based one-time passcode (TOTP) security layer • App-specific passwords for support across all clients • Reduces successful user ID theft, fraud, and phishing attacks • COS, Domain, and User feature • Admins can require use
  17. 17. 17 DEMO
  18. 18. 18 TWO-FACTOR AUTHENTICATION RESOURCES Whitepaper Technical Wiki
  19. 19. 19 MISCELLANEOUS SECURITY IMPROVEMENTS 8.7 SSL Related Changes • SSLv3 disabled (OpenJDK, OpenSSL) • Default 2048b DH Parameters (OpenSSL) • Removed RC4 cipher • Enabled Nginx SSL Session Cache (resumption) • zmlookup via HTTPS (default port 7072) • HTTPS SNI Support (zimbraReverseProxySNIEnabled) 8.7 Security Other • saslauthd on port 7073 (SMTP auth vs. ZWC, etc.) • multi-domain enhancements • many third party package updates
  20. 20. 20 EXCHANGE WEB SERVICES (EWS)
  21. 21. 21 EWS ENHANCEMENTS IN 8.7 Bug 95132 Signed/Encrypted Emails appear as normal in Mac Outlook Bug 95988 Calendar.app via EWS setup doesn’t work with ZCS Calendar Bug 98235 Support for Office 2016, Outlook for Mac 55 fixed Bugs for EWS in 8.7
  22. 22. 22 UNIFIED COMMUNICATIONS
  23. 23. 23 UNIFIED COMMUNICATIONS – PRESENCE
  24. 24. 24 UNIFIED COMMUNICATIONS — VOICEMAIL
  25. 25. 25 UNIFIED COMMUNICATIONS — MAKING A CALL
  26. 26. 26 8.7 MISCELLANEOUS IMPROVEMENTS
  27. 27. 27 Bug 101582 Support for Office 2016 with Zimbra Connector, ZCO Bug 97334/97335 Accessibility for Calendar and Contacts on Web Client Bug 97773 Upgrade to postfix 3.0 series Bug 96261 Add localization for Lao [Lo] Bug 101192 Disable links within spam Bug 95484 Support for IE12
  28. 28. 28 8.7.1 MISCELLANEOUS IMPROVEMENTS
  29. 29. 29 Bug 103683 Add support for Ubuntu 16.04 LTS Bug 105134 Outlook 2016 Mac EWS expanding distribution list crashes Outlook Bug 105945, 105942, 107024 and 106204 Solved different Bugs which prevented to run a successful Update/Upgrade to ZCS 8.7 Bug 106162 8.7 requires briefcase to be public if image is inside signature
  30. 30. 30 8.7.2 MISCELLANEOUS IMPROVEMENTS
  31. 31. 31 Bug 104578 Pagination support for SyncGalRequest Bug 104127 Mail list view is not refreshed when deleting mails in message view Bug 107106 Convertd failed after upgrade to 8.7.1 from 8.7.0 Bug 107153 Image within signature is broken in reply/forward window
  32. 32. 32 8.7.3 MISCELLANEOUS IMPROVEMENTS
  33. 33. 33 Bug 107623 EWS sync broken when SOAP response is large Bug 101023 zimbraHelpAdvancedURL, zimbraHelpStandardURL and zimbraHelpAdminURL does not work Bug 106379 "/opt/zimbra/libexec/zmfixp erms --verbose --extended" changing /opt/zimbra/common/sbin permission to zimbra:zimbraBug 107058 Fix "Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/zmupgrade.pm" for UBUNUTU16
  34. 34. 34 8.7.4 MISCELLANEOUS IMPROVEMENTS
  35. 35. 35 Bug 106811 XXE [CWE-611] Bug 104278 While printing mails from ZWC in IE and Firefox, word wrapping is splitting words between two lines. Bug 107635 oo_linux_install_path is not set in fresh installation
  36. 36. 36 8.7.5 MISCELLANEOUS IMPROVEMENTS
  37. 37. 37 Bug 81415 New S/MIME Zimlet Technical Preview, no Java applet Admin Guide in GitHub We are moving our Documentation to ASCIIDoc on GitHub, where you can grab or improve it Bug 107583 and 106285 - 8.7.2 calendar month view broken for multiple day spanning events and - Horizontal scroll bar works incorrectly in Calendar Bug 107058 Print issue:text gets cut on right when printing mails using IE
  38. 38. 38 8.7.6 MISCELLANEOUS IMPROVEMENTS
  39. 39. 39 Bug 107797 Starting Zimbra Collaboration 8.7.6, Zimbra includes a free and GPLv2 Chat product embedded inside Zimbra Bug 107798 Starting Zimbra Collaboration 8.7.6, Zimbra includes a free and GPLv2 OwnCloud/NextCloud product embedded inside Zimbra Ephemeral backend ZCS 8.7.6 release includes a beta release of a major change in Zimbra architecture that allows enabling protection against CSRF and cookie-reuse attacks without increasing load on LDAP Security fixes Improper limitation of file paths [CWE-22] Improper handling of privileges [CWE-280]
  40. 40. 40 8.7.7 MISCELLANEOUS IMPROVEMENTS
  41. 41. 41 Bug 107824 All context menu options stopped working after deleting trashed appointment and trying to take action from user calendar's appointment Bug 107825 Weekly Recurring Meeting not getting synced in Outlook 2016 Bug 106438 Caldav Shared Calendar Sync not working correctly on latest mac versions
  42. 42. 42 8.7.9 MISCELLANEOUS IMPROVEMENTS
  43. 43. 43 Feature improvements - Added full working Search feature: - Smart case insensitive query parsing - Preview and most operations available - Added NewFolder button in Move Dialog - Added Zimbra Drive icon and browser tab title - Added some checks to prevent illegal actions Bug 107449 EWS: Resolve Name should return all the contact information Bug 107946 WS: Map all attributes returned in AD search result to Contact in ResolveName response Bug 107891 Upgrade from 877 to 878 failed due to ldap schema violation Bug 107899 Upgrade from 850 to 878 failing for RHEL6 early release
  44. 44. 44 8.7.10 MISCELLANEOUS IMPROVEMENTS
  45. 45. 45 ZCO 8.7.10 has been released Up to 11 Bugs fixed for this version Bug 107584 No data under "Download" directory after fresh installation or upgrade Bug 107878 XXE [CWE-79]
  46. 46. 46 8.7.11 MISCELLANEOUS IMPROVEMENTS
  47. 47. 47 Bug 107979 S/MIME certificate not seen in Contact Properties Bug 102930 EWS Sharing - Handle sync of shared folders on remote node Bug 107901 XXE [CWE-384]
  48. 48. 48 ZIMBRA DESKTOP v7.2.8
  49. 49. 49 ZIMBRA DESKTOP 7.2.8 Two factor authentication Starting in Zimbra Desktop 7.2.8, we support it natively on our Desktop. Requires ZCS 8.7 and NE Password Lock If a user enables this feature, access to Zimbra Desktop becomes password protected, and the user needs to enter a Zimbra account password. Auto Archive Using this feature, old emails are archived locally, to local folders, and these emails are deleted from the server automatically. A really handy option to keep our Mailboxes at the minimum weight at the Server level. Support for Traditional Chinese (Taiwan) Language For all the Taiwanese speakers we have good news! Now Zimbra Desktop 7.2.8 and above supports Traditional Chinese (Taiwan). 歡迎光臨
  50. 50. 50 ZIMBRA DESKTOP 7.2.8 Two factor authentication We introduced Zimbra Collaboration 2FA since v8.7, and starting in Zimbra Desktop 7.2.8, we support it natively on our Desktop client as well. The first step is to configure 2FA on the Web Client. Zimbra Two-Factor authentication requires an upgrade of your Network Edition License Key, which is free of charge if you have a valid License. Contact your regional sales manager Then when you try to add an account protected already with Zimbra 2FA, or if you had one already added on Zimbra Desktop and configure 2FA later, the Zimbra Desktop will prompt you for a Code from one of the TOTP applications. Once you add a valid 2FA code from a TOTP application, you will be able to see all of your accounts and launch the Desktop
  51. 51. 51 ZIMBRA DESKTOP 7.2.8 Password Lock Starting with Zimbra Desktop 7.2.8, the end user can protect Zimbra Desktop with a password. You will find this new feature in Preferences > All accounts > General > Enable Password Lock Once enabled, you will see a new lock icon on the top bar. You can click on that icon or just close Zimbra Desktop to be prompted for your Zimbra Desktop main account password. This is the window that will prompt you for the main account password. This is a really useful way to protect your Zimbra Desktop content, preventing it from being read by another user who might have physical access to the computer. After a successful login, you will see a banner message on the top bar saying Password Verified
  52. 52. 52 ZIMBRA DESKTOP 7.2.8 Auto archive Using this feature, old emails are archived locally, to local folders, and these emails are deleted from the server automatically. A really handy option to keep our Mailboxes at the minimum weight at the Server level.
  53. 53. 53 Q&A Thank you!

×