Monitor for spam outbursts and few UI problems

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Labsy
Outstanding Member
Outstanding Member
Posts: 411
Joined: Sat Sep 13, 2014 12:52 am

Monitor for spam outbursts and few UI problems

Post by Labsy »

Hi,

I just migrated to latest ZCS 8.8.6 and frankly I am a bit dissapointed. Yes, there are a lot of improvements, but some important details are still pain in my arse:

1.) Monitoring for outbursts
From time to time it happens, that a mail user's account is compromised somehow. Either password is leaked, computer infected or mail is used in web feedback form, which is compromised. In such situations this mail account sends out a huge amount of SPAM and admins simply do not notice, until something else breaks. Or until server gets listed on some blacklists. So, how can I get some alerts or monitors to look for:
- excessive send frequency or send quantity
- excessive receiving of NDRs
- outgoing or incoming queue clogging

2.) Brute-Force prevention
When mailboxes get brute-forced, ZCS responds with account lockout. Which also prevents real user to use mailbox.
So how can I talk ZCS into not locking account, but rather lock offender's public IP address for certain time period?

3.) Admin UI language
How can I set USER's Webmail interface to be in different language as ADMIN's web interface? I set Default COS --> Settings --> General language to prefered language for USER's Webmail interface. But doing so also my ADMIN interface inherited this language and now I am lost in translation. I want Admin UI to be in English, and user's interface in chosen different language (but I do not want to set each user separatelly)
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Monitor for spam outbursts and few UI problems

Post by DualBoot »

hello,
1 - use Cluebringer Policyd (there is a version embedded with Zimbra)
2 - use Fail2ban.
3 - If you want to preserve Admin interface language set the language you want in the preference of the account.

Regards,
Post Reply