Let’s get back to dealing with security and especially email security, going to address a delicate and extremely important topic like Phishing and see what measures can be taken in Zimbra to respond to this type of threat.
Phishing is a cybercrime where the victim is contacted via email, phone or text message by someone posing as a legitimate institution. The user is lured by these messages and asked to provide sensitive data such as, for example, personally identifiable information, bank and credit card details, and passwords. The information collected is then used to gain access to important accounts and lead to identity theft and damage of various kinds, not least of which is financial.
An easy-to-solve problem?
One might consider the problem to be easily solved. In fact, it would be enough to explain the basics of security to a company’s users, how to spot suspicious email or web addresses even if they may seem trustworthy on the surface. Similarly, how to evaluate email attachments coming from such addresses. But this procedure, easy only on paper, is not even remotely a guarantee of success, if only because very often an employee of a company has neither the time nor the attention to examine in detail the mails and the attachments they contain. At this point, it becomes crucial for the IT department to identify the correct software solution to the problem, to provide the right protection and prevent attacks.
A first solution to the problem, within Zimbra Collaboration Suite, is provided by the bundle of Amavis, SpamAssassin and ClamAV, which is responsible for filtering incoming mail in Zimbra. This solution allows you to cut off most of the incoming phishing and spam emails at the entrance, but it doesn’t guarantee full protection against a phishing threat. A more drastic solution, such as setting up a rule for DKIM, can come to the rescue.
We can set up a rule in DKIM according to which all emails sent from a domain other than the declared one would simply not reach the address (or addresses). This is done by editing the file
/opt/zimbra/conf/opendkim.conf.in, where it is enough to write the following lines:
On-NoSignature reject Mode sv
After that, you just need to restart OpenDKIM using the
zmopendkimctl restart command for the changes to take effect.
Using this method, however, has some drawbacks, because it causes the mail server to reject any mail that does not have a DKIM signature, which is not exactly optimal.
We’ve seen some possible solutions, but each has advantages and disadvantages. In addition, typically, there are many different ways to attack. A common example is an attack in the form of a new invoice apparently sent from a trusted email address. This fake invoice, once opened, is able to propagate the attack throughout the company. Therefore, it is important to set up an effective plan to defend against potential attacks, using all the tools available in Zimbra, as described in the ” Zimbra Best Practices: Incoming Mail Protection ” article.