Just did a blog post on this: https://www.missioncriticalemail.com/2018/10/19/using-zimbras-dosfilter-and-failed-login-lockout-policy-together/ Mark That is really well done Mark. Got me thinking that perhaps an enhancement should someone wish to take this further at the fw/packet level. 1) add a s...

It is fairly trivial to do this will postfix if all you are looking to do is have a copy of input/output of every email ... update your main.cf https://serverfault.com/questions/407302/how-can-i-configure-postfix-to-retain-copies-of-all-email-sent-through-it If you need more than just email then you...

Use what works best for you. There are lots of great ways documented in the wiki's and forums. FWIW, that snippet of code I provided is something that we are hoping to have included with the acme.sh project in their deploy sub directory. The wiki link above is not an official zimbra method but somet...

Here is what I am doing. # grab it if we don't have it if [ ! -f "$_IdentTrust" ]; then _debug No "$_IdentTrust" wget -q "https://ssl-tools.net/certificates/dac9024f54d8f6df94935fb1732638ca6ad77c13.pem" -O "$_IdentTrust" || return 1 fi Reference: https://wiki....

This is quite the mystery. Is there a local ip table here? That sendto failing to 127.0.0.1 is really suspicious. The bgread tells us that it was an udp packet but that the socket had a read error when it attempted to recv from it. If you have iptables on this box, have you verified that you don't h...

I see that you are not running nginx so the regular expression is off. It is looking for oip to pull the ip address from which you don't have in your logs. So the logs are completely different. When you move to 8.7+, the proxy became a required feature. In the meantime, Replace this regular expressi...

One thing you might consider is to prevent them by rejecting the email if they attempt to use multiple recipients per email. Set it just below what they are using. For example, if they are sending 20 then setting it to 19 will abort that submission... note the current default so you can reset it aft...

A few things. 1) Isn't that whitelist lookup failure because it isn't listed... probably normal. 2) dig failing... Now that is strange... here is what I was expecting. mail:~:49> dig +short +trace TXT gmail.com NS j.root-servers.net. from server 127.0.0.1 in 0 ms. NS a.root-servers.net. from server ...

imap ssl should be displayed... The program is just doing this. grep ImapServer /opt/zimbra/log/audit.log This appears to be what I am currently using. #!/usr/bin/perl use Data::Dumper qw(Dumper); %ip_list = (); #ip list %fip_list = (); #failed ip list $audit_log = 0; #todays logging chdir "/op...

Investigate that port 53 TCP is also open for dns queries for larger 512 byte transfers. Note: Given how resolve.conf is queried, you can also list 127.0.0.1 twice. The thought process is that should it time-out, the next query could be immediate if the delay was network related. If you are getting ...