The lack of built-in DLP functionality in the Zimbra Collaboration Suite is more than compensated by the simplicity of integration with third-party solutions.
One of the key areas of work of the IT department of any modern enterprise is information security. In a world where writing malicious programs and encryption viruses is not just put on stream, but is a highly profitable business, keeping information safe and sound is harder and harder.
However, external threats are far from the only ones cybersecurity experts face in their work. Not less, and sometimes even more dangerous for the enterprise are its own employees, who sometimes accidentally, sometimes by malicious intent, organize leaks of important information, the spread of which leads to reputational losses, lost profits and additional material costs for the business. For example, a photo of a drunk CEO at a corporate party scattered on the Internet can easily lead to bigger losses than the loss of a large client.
As in the case of any other major natural disaster, information leakage is much easier to prevent than to deal with its consequences. Usually for the prevention of leaks created the so-called "protected perimeter", which serves to ensure that the information inside this perimeter could not leave its limits. Among the most common tricks are disabling usb ports on employees' computers so that they cannot copy important data to flash drives, use special filters for screens, so that its contents cannot be photographed on a smartphone, and much more.
However, traditionally, the most vulnerable link in the secure perimeter of the enterprise is e-mail. The Internet is literally overflowing with stories about how, because of the carelessness of the company's employees, to third parties get letters containing the entire history of internal correspondence with attached photos and important documents. Often it is through e-mail that the addresses and phone numbers of the company's customers flow away.
In order to successfully counter these threats within the protected perimeter, it is common to use various Data Leak Prevention (DLP) systems. The principle of operation of such systems is quite simple, they analyze all traffic originating from the protected perimeter, determine the confidentiality of this or that information based on complex algorithms, and simply do not miss the data that may contain a leak. The market of DLP systems today is quite strongly developed and can offer a whole scattering of various solutions, among which there are many domestic products, such as Zecurion, SearchInform and InfoWatch, as well as free and open solutions like MyDLP and OpenDLP.
Of course, one of the conditions for creating a secure perimeter is the rejection of the use of public services and the transition to corporate collaboration platforms and a mail server. Today, many solutions have built-in DLP functionality, however, it is not currently available in the Zimbra Collaboration Suite. That is why very often the question is how to use Zimbra in the conditions of creating a secure perimeter equipped with a DLP system.
Well, the lack of built-in DLP in Zimbra is more than compensated for by its integration with third-party solutions. Thanks to the flexibility of Postfix configuration, the administrator can easily redirect all outgoing mail to a server with a DLP system, which, in turn, will check outgoing emails for confidential data.
In order to redirect all letters of the Zimbra mail server to a server with a DLP system, go to the Zimbra admin panel, go to the Global Settings tab, select the MTA item, and then in the “Relay MTA for external delivery” line set the ip-address and port your server with a DLP system, and then save your changes.
After that, you just have to specify the address of the server with Zimbra in the MTA settings of the DLP system itself. For example, in the MyDLP system, this is done by editing the POSTFIX settings, which are located in the /etc/postfix/main.cf file. In the
mynetworks section
, you need to specify the IP address of the server with Zimbra. For example, if the address of your server is 147.15.20.128, then the line with the settings will look like this:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0.0/104 [:: 1] / 128 147.15.20.128/32
As a result, the DLP system becomes an additional instance that emails sent from Zimbra go through, and the risks associated with leaking important information via e-mail are significantly reduced.