Zimbra Forums

2) Most of the important-to-me Zimbra components are still open source; the thing they have stopped doing is packaging everything together as an easy install.  There are several community rebuilds of Zimbra 9.0 (and now 10.0) that are likely just as "good" as the Community Edition packagi...

I can confirm this resolves the problem on 9.0.0.

Thanks!

If I try and send as noreply@mine.com I get the error. I can send as the default me@mine.com and me@mine2.com without error. noreply@mine.com works prior to P32. Now I can not recall for the life of me how I created that Persona because I can find no way to do it now and I suspect it's an artefact o...

Can we check below details for account where issue is happening. zmprov gg -g usr <account>@<domain-name> zmprov ga <account>@<domain-name> | grep -i PrefFrom zmprov ga <account>@<domain-name> | grep -i AnyFrom This is not restricted to users with zimbraAllowAnyFromAddress enabled. zimbra@ztest:~$ ...

I spooled up a test system and can confirm it's broken on Patch 9.0.0_P32 if I try and send an E-mail from a persona.

after installing PAX you can remove cpio. I'm pretty sure removing cpio was a modus operandi of the intrusion to prevent someone else compromising the already compromised server, and removing cpio broke initramfs generation on Redhat based distributions. Are you *really really* sure removing cpio w...

please have a look at https://wiki.zimbra.com/wiki/IP_Address_whitelisting That page says :" Warning, this page is out of date, and contains extremely invalid and incorrect information even for releases where it was once valid ." and hasn't been updated in 8 years. If it was out of date 8...

V9 P30 should not have been vulnerable to any of the currently supposed exploit vectors.

This would be an interesting one for someone to investigate because exploiting the ClamAV vulnerability to drop code would have been much harder than exploiting some of the previous vulnerabilities.

Anyone can confirm that if i upgraded to the patch 38 and i dont have any suspicious jsp file my system is safe? Given at this point nobody has any conclusive evidence as to how they got in, then no. You're probably as safe as you can be while still remaining exposed to the outside world, but until...

Probably silly question, but are you absolutely sure the backups are corrupted also? I'd have thought the way the smartscan works it should miss what is effectively "silent corruption" of the blobs. Answering myself, if the software has encrypted everything writeable by the Zimbra user th...