Search found 406 matches

by JDunphy
Mon May 13, 2019 3:39 pm
Forum: Administrators
Topic: Potential Bug: MTA may not start with zmcontrol
Replies: 10
Views: 2548

Re: Potential Bug: MTA may not start with zmcontrol

Update I received confirmation that today they closed the pull request so we are getting closer... Thank you to Robert Scheck who had one fix and pull request since Aug 2018 and pushed this through with pure determination. He wouldn't let it sit. I had given up myself and was happy to go it alone w...
by JDunphy
Mon May 13, 2019 4:41 am
Forum: Administrators
Topic: Encrypted PDFs
Replies: 3
Views: 714

Re: Encrypted PDFs

I think what you want is this virus_name_to_spam_score_maps ... This would allow you to score this in SA and provide that flexibility. https://lists.amavis.org/pipermail/amavis-users/2011-October/000934.html Anything matching would be sent on to SA where you could look at X-Amavis-AV-Status to see i...
by JDunphy
Fri May 10, 2019 5:19 pm
Forum: Administrators
Topic: Running an isolated offline ZCS - seeing IPTABLES outbound to cloudflare
Replies: 1
Views: 893

Re: Running an isolated offline ZCS - seeing IPTABLES outbound to cloudflare

This is freshclam. % grep 104.16.218.84 /opt/zimbra/log/freshclam.log Database updated (6823072 signatures) from db.us.clamav.net (IP: 104.16.218.84) Database updated (6825610 signatures) from db.us.clamav.net (IP: 104.16.218.84) .. If you don't need virus definitions updated, this would temporarily...
by JDunphy
Wed May 08, 2019 8:25 pm
Forum: Administrators
Topic: DNS cache seems corrupt
Replies: 8
Views: 603

Re: DNS cache seems corrupt

Hey David, You might want to play with dnsping,dnseval and dnstraceroute. Will definitely show oddities like transparent proxying (ISP/NSP interception), throttling, FW, slowness, etc. Something like this for udp and then tcp might shine a light. # dnsping -t TXT Mar2018._domainkey.aetna.com # dnspi...
by JDunphy
Wed May 08, 2019 6:14 pm
Forum: Administrators
Topic: DNS cache seems corrupt
Replies: 8
Views: 603

Re: DNS cache seems corrupt

I thought this was a caching DNS resolver... nope. From the documentation - "dnscache adds into the MTA servers a local DNS cache server that can keep all the external DNS request". Anyway, here is the root cause. "configured forward servers failed -- returning SERVFAIL" So you a...
by JDunphy
Wed May 08, 2019 5:41 pm
Forum: Administrators
Topic: DNS cache seems corrupt
Replies: 8
Views: 603

Re: DNS cache seems corrupt

I need to study this debugging log... perhaps -v option might be better option.
by JDunphy
Wed May 08, 2019 5:35 pm
Forum: Administrators
Topic: DNS cache seems corrupt
Replies: 8
Views: 603

Re: DNS cache seems corrupt

Interesting... I don't know if you noticed but this is what I see here: % dig -t txt aetna.com ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t txt aetna.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10312...
by JDunphy
Wed May 08, 2019 3:15 pm
Forum: Administrators
Topic: DNS cache seems corrupt
Replies: 8
Views: 603

Re: DNS cache seems corrupt

Authentication-Results: mail.mydomain.com (amavisd-new); dkim=neutral reason="invalid (public key: DNS query timeout for Mar2018._domainkey.aetna.com at /opt/zimbra/common/lib/perl5/Mail/DKIM/DNS.pm line 156, <GEN16> line 2304.)" header.d=aetna.com header.b=SZqPtx4l; dkim=fail (1024-bit k...
by JDunphy
Wed May 08, 2019 12:23 am
Forum: Administrators
Topic: How to expand letsencrypt for additional hostnames?
Replies: 1
Views: 203

Re: How to expand letsencrypt for additional hostnames?

Depending how you created it to begin with and which acme client --- perhaps this? https://stackoverflow.com/questions/38302401/letsencrypt-add-domain-to-existing-certificate It is trivial to re-issue and use the --force option with most acme clients also. BTW, if you use DNS validation, you can tes...
by JDunphy
Mon May 06, 2019 3:55 pm
Forum: Administrators
Topic: Spam problem
Replies: 6
Views: 1106

Re: Spam problem

Not any more but it does handle most cases... There is a variation of spoofing that is signed by the spammer so my initial rule failed that case. I do something extra now and use the Return-Path which is the envelope from address. You are correct that you add a string of domains. I keep it as 2 rule...

Go to advanced search