Zimbra, is the mail server and webmail service we are offering to our customers, it allows several access modes :
- HTTP only
- HTTPS only
- A mixed mode of HTTP and HTTPS
For security purposes, the HTTP mode should generally be avoided, login and password informations are sent unencrypted on the network and they can easily be stolen.
Also, we only install the secure "HTTPS" mode.
To access your webmail, you will have to use this kind of address : "https://webmail.yourdomain.com".
If you use the insecure address "http://webmail.yourdomain.com" you will see an error page.
To avoid this default Zimbra's behavior, we activated the "http" -> "https" redirection, now when you will use the HTTP URL, you will automatically be redirected to the "HTTPS" page.
For people managing their own Zimbra server, the configuration is done using the console :
root@webmail:~# su – zimbra zimbra@webmail:~$ zmtlsctl redirect zimbra@webmail:~$ zmcontrol stop zimbra@webmail:~$ zmcontrol start
The "zmtlsctl" command can have the following parameters :
http – http only
https – https only, http is denied.
both – The user can use http:// or https:// and he will stay in the chosen mode for the rest of his connexion.
mixed – When a user connects using http://, he is redirected to "https", but only for the log in step, then he returns to the http:// mode. When using https://, the whole session is using https://
redirect – When connecting using http:// the user is redirected to https:// and continues to use the secure connexion for all his session.