My script is useless... In my rush to get the email saved before the nightly cleanup I used zmtrainsa as my starting point and pulled out code I didn't need. I just looked at zmspamextract to see how it worked and it does create the directories which completely eliminates the need for this script un...

If you are curious to see how your spam rules are working with your users, this little bash script pulls their training emails. # su - zimbra % zmcopyTrain Pulling spamassassin data. [] INFO: Total messages processed: 15 [] INFO: Total messages processed: 0 See /tmp/zmtrainsa.25864.spam.WA41r5 for s...

You could view an email then right mouse click and view original. Then copy/paste that original message to /tmp/mail.txt and run # su - zimbra % spamassassin -D < /tmp/mail.txt 2> /tmp/out Look inside /tmp/out to see what happened. It should all be there. If you don't believe the results, modify /tm...

I am not sure you answered my question... When you run this command, do you see entries very 2 mins? # su - zimbra % grep STATUS /var/log/zimbra-stats.log Dec 5 05:54:06 relay3 zimbramon[28308]: 28308:info: 2018-12-05 05:54:01, STATUS: mail.zanfel.org: zimbra: Running Dec 5 05:54:06 relay3 zimbramon...

I haven't tested this but @lapsy added support in this script to display exactly for what you are asking provided you are running 8.8+. https://github.com/JimDunphy/ZimbraScripts/blob/master/src/check_login.pl The script will print a user and then all the ip addresses and type of failures (ie. pop/i...

"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7YHxaqsv7lft9CTtgnlcW4gsl67smdAowvWuwMmP04+ZyL4aMKUtMg7ZPer+qZeNuVc9+Xe0E1oRudThqIK5n0dXyCUfoEYIXP6qh9kYHyKWWOeqEI+jiyVpIDXATWZvh5CJD3ubN+0eFa7v2X6EoE6bfLEhl7IOfKVUQFIdXm0mHRju43/Kb6orytzpjih+BIZ3ljaK5DdiO" "iIgIpQI12QKGuVod61oxay8Gn36H...

A few things. If you don't have any crontab for zimbra you could be missing some more stuff. During the install, you should have had a fairly loaded crontab for the zimbra user. Take a look at /opt/zimbra/conf/crontabs to re-create if you are missing other pieces. This isn't related to this specific...

Probably a silly question but how does what you're describing give you any more 'security'? It could... Cloudflare has FW options that they can put up captcha's when under attack before the origin server pages if they detect unusual activity. They can also geo block by regions you pick. A quick loo...

If you run zmstatuslog as the zimbra user, you should see STATUS lines in /var/log/zimbra-stats.log. This is run from cron like this. # su - zimbra % crontab -l |grep /opt/zimbra/libexec/zmstatuslog */2 * * * * /opt/zimbra/libexec/zmstatuslog > /dev/null 2>&1 % /opt/zimbra/libexec/zmstatuslog % ...

Should be a bunch of look alike new domain names from this today https://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/ Here come the spear phishing attacks with domains like "Report-marriott.com" or "emailUs-marriott.com" and ...