Search found 47 matches

by barrydegraaff
Wed Jan 17, 2018 8:25 am
Forum: Installation and Upgrade
Topic: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 32
Views: 3986

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

I think the real problem is the communication and lack of a security overview/summary page where all this stuff is documented.

Because even if stuff gets fixed, after some time, it is hard to understand what happened and when.
by barrydegraaff
Wed Jan 17, 2018 8:16 am
Forum: Installation and Upgrade
Topic: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 32
Views: 3986

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

According to Malte Stretz: These are the last two XSS issues fixed: https://github.com/Zimbra/zm-web-client/commit/8c646be0322c0ab6858652c184133b924b915d68 https://github.com/Zimbra/zm-web-client/commit/92d2886277e7d8d4f4835a26355fa93dfebc5504 I looked into: ZCS-2645 Bug 108265 - Persistent XSS - me...
by barrydegraaff
Wed Jan 10, 2018 1:29 pm
Forum: Developers
Topic: Issue with ZimbraCustomAuth Original Client IP Address
Replies: 1
Views: 710

Re: Issue with ZimbraCustomAuth Original Client IP Address

Hello Abhi, Sorry, it's a bit late. But for whoever else may need it. First you need to add for all your trusted proxies: zmprov mcf +zimbraMailTrustedIP < trusted zimbra proxies here > Then in your extension: ZimbraSoapContext zsc = getZimbraSoapContext(context); zsc.getRequestIP() I tried this on ...
by barrydegraaff
Fri Dec 22, 2017 2:28 pm
Forum: Universal UI
Topic: Spoofing the New UI, please consider a design change
Replies: 0
Views: 440

Spoofing the New UI, please consider a design change

In the Universal UI (New UI) the setting `Display names in place of email addresses when available` does not have any effect, the short name is always displayed by default. And one has to click a down arrow to show the from and to headers. To prevent spoofing, can I suggest, please consider ALWAYS t...
by barrydegraaff
Fri Dec 22, 2017 2:26 pm
Forum: Universal UI
Topic: Unofficial build Zimbra 8.8.5 Universal UI for CentOS 7
Replies: 2
Views: 1094

Unofficial build Zimbra 8.8.5 Universal UI for CentOS 7

Hello All,

Here is an unofficial and unsupported build for Zimbra 8.8.5 Universal UI for CentOS 7.

https://zetalliance.org/zcs-8.8.5_GA_20 ... 124635.tgz


Kind regards,

Barry de Graaff
Zeta Alliance
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community
by barrydegraaff
Tue Nov 21, 2017 8:11 pm
Forum: Administrators
Topic: Zimbra for Android
Replies: 3
Views: 540

Re: Zimbra for Android

There is something here:

https://github.com/Zimbra-Community/DAWebmail


Regards, Barry
by barrydegraaff
Sat Nov 18, 2017 2:45 pm
Forum: Administrators
Topic: Problem with distribution lists and members with over quota mailbox
Replies: 3
Views: 354

Re: Problem with distribution lists and members with over quota mailbox

The Zeta Alliance crowdfunder `Zimbra Mailinglists` has found a way to set the correct Return-Path on a DL. Basically what I do is filter the original message with Milter and discard it. Before discarding I take some headers and the body from the mail and place them in a new mail and toss that to th...
by barrydegraaff
Sat Nov 18, 2017 2:44 pm
Forum: Administrators
Topic: change send delivery reports for a distribution list to postmaster or owner ?
Replies: 1
Views: 434

Re: change send delivery reports for a distribution list to postmaster or owner ?

The Zeta Alliance crowdfunder `Zimbra Mailinglists` has found a way to set the correct Return-Path on a DL. Basically what I do is filter the original message with Milter and discard it. Before discarding I take some headers and the body from the mail and place them in a new mail and toss that to th...
by barrydegraaff
Sat Nov 18, 2017 2:43 pm
Forum: Administrators
Topic: How to block mail if Return-Path: and From: are not same
Replies: 3
Views: 683

Re: How to block mail if Return-Path: and From: are not same

One solution is here: https://iomarmochtar.wordpress.com/2017/09/13/zimbra-prevent-user-customizing-from-header/ https://github.com/iomarmochtar/zmbr_check_sender It uses Milter a postfix extension and compares the users rights in LDAP with what the user is doing and rejects false FROM. This solutio...

Go to advanced search