Code: Select all
watch --interval=1 'tail -n1000 /var/log/auth.log | grep 'auth_zimbra:''
Search found 3 matches
- Thu Jun 01, 2017 5:27 pm
- Forum: Administrators
- Topic: Mail Server was hacked
- Replies: 3
- Views: 3844
Re: Mail Server was hacked
Find the compromised account(s) using this script:
then lock it, terminate session and change password.
- Wed Jun 01, 2016 8:07 am
- Forum: Administrators
- Topic: Serious problem exploits "brute force attack"
- Replies: 12
- Views: 19620
Re: Serious problem exploits "brute force attack"
I think your account was hacked (worm or password discovered via web interface).
Simply change the password and do not put the oldest.
The logs show the authentication attempt.
Ciao Francesco.
Simply change the password and do not put the oldest.
The logs show the authentication attempt.
Ciao Francesco.
- Thu Dec 10, 2015 2:36 am
- Forum: Administrators
- Topic: Recover data from old hard disk after server failure
- Replies: 2
- Views: 1159
Recover data from old hard disk after server failure
Years ago, this happened to me (server burned). I revolved injecting mail messages to zimbra. Follow this step (for each mailbox): 1) Find the mailbox in the recovered path 2) As zimbra user use this script: for i in * ; do zmmailbox -z -m myemail@torecover.com addMessage /Recovered $i ; done 3) E...