Search found 282 matches

by JDunphy
Sat Oct 20, 2018 6:00 pm
Forum: Administrators
Topic: Cant shake bruteforce monkey
Replies: 6
Views: 592

Re: Cant shake bruteforce monkey

Just did a blog post on this: https://www.missioncriticalemail.com/2018/10/19/using-zimbras-dosfilter-and-failed-login-lockout-policy-together/ Mark That is really well done Mark. Got me thinking that perhaps an enhancement should someone wish to take this further at the fw/packet level. 1) add a s...
by JDunphy
Mon Oct 08, 2018 2:42 pm
Forum: Administrators
Topic: Auto BCC rule in Zimbra
Replies: 5
Views: 319

Re: Auto BCC rule in Zimbra

It is fairly trivial to do this will postfix if all you are looking to do is have a copy of input/output of every email ... update your main.cf https://serverfault.com/questions/407302/how-can-i-configure-postfix-to-retain-copies-of-all-email-sent-through-it If you need more than just email then you...
by JDunphy
Tue Sep 25, 2018 8:31 pm
Forum: Administrators
Topic: Letsencrypt renew help. Intermedaite CA link bad?
Replies: 3
Views: 394

Re: Letsencrypt renew help. Intermedaite CA link bad?

Use what works best for you. There are lots of great ways documented in the wiki's and forums. FWIW, that snippet of code I provided is something that we are hoping to have included with the acme.sh project in their deploy sub directory. The wiki link above is not an official zimbra method but somet...
by JDunphy
Tue Sep 25, 2018 1:08 pm
Forum: Administrators
Topic: Letsencrypt renew help. Intermedaite CA link bad?
Replies: 3
Views: 394

Re: Letsencrypt renew help. Intermedaite CA link bad?

Here is what I am doing. # grab it if we don't have it if [ ! -f "$_IdentTrust" ]; then _debug No "$_IdentTrust" wget -q "https://ssl-tools.net/certificates/dac9024f54d8f6df94935fb1732638ca6ad77c13.pem" -O "$_IdentTrust" || return 1 fi Reference: https://wiki....
by JDunphy
Fri Sep 21, 2018 1:26 pm
Forum: Administrators
Topic: My DNS queries were seem refused
Replies: 12
Views: 985

Re: My DNS queries were seem refused

This is quite the mystery. Is there a local ip table here? That sendto failing to 127.0.0.1 is really suspicious. The bgread tells us that it was an udp packet but that the socket had a read error when it attempted to recv from it. If you have iptables on this box, have you verified that you don't h...
by JDunphy
Fri Sep 21, 2018 12:31 pm
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 8
Views: 1360

Re: Simple program to report successful/fail ip logins and sorted by count

I see that you are not running nginx so the regular expression is off. It is looking for oip to pull the ip address from which you don't have in your logs. So the logs are completely different. When you move to 8.7+, the proxy became a required feature. In the meantime, Replace this regular expressi...
by JDunphy
Thu Sep 20, 2018 9:46 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 979

Re: Account compromised impossibile to stop spam

One thing you might consider is to prevent them by rejecting the email if they attempt to use multiple recipients per email. Set it just below what they are using. For example, if they are sending 20 then setting it to 19 will abort that submission... note the current default so you can reset it aft...
by JDunphy
Thu Sep 20, 2018 5:30 pm
Forum: Administrators
Topic: My DNS queries were seem refused
Replies: 12
Views: 985

Re: My DNS queries were seem refused

A few things. 1) Isn't that whitelist lookup failure because it isn't listed... probably normal. 2) dig failing... Now that is strange... here is what I was expecting. mail:~:49> dig +short +trace TXT gmail.com NS j.root-servers.net. from server 127.0.0.1 in 0 ms. NS a.root-servers.net. from server ...
by JDunphy
Thu Sep 20, 2018 5:13 pm
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 8
Views: 1360

Re: Simple program to report successful/fail ip logins and sorted by count

imap ssl should be displayed... The program is just doing this. grep ImapServer /opt/zimbra/log/audit.log This appears to be what I am currently using. #!/usr/bin/perl use Data::Dumper qw(Dumper); %ip_list = (); #ip list %fip_list = (); #failed ip list $audit_log = 0; #todays logging chdir "/op...
by JDunphy
Thu Sep 20, 2018 2:09 pm
Forum: Administrators
Topic: My DNS queries were seem refused
Replies: 12
Views: 985

Re: My DNS queries were seem refused

Investigate that port 53 TCP is also open for dns queries for larger 512 byte transfers. Note: Given how resolve.conf is queried, you can also list 127.0.0.1 twice. The thought process is that should it time-out, the next query could be immediate if the delay was network related. If you are getting ...

Go to advanced search