Zimbra Forums

Interesting... I don't know if you noticed but this is what I see here: % dig -t txt aetna.com ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t txt aetna.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10312...

Authentication-Results: mail.mydomain.com (amavisd-new); dkim=neutral reason="invalid (public key: DNS query timeout for Mar2018._domainkey.aetna.com at /opt/zimbra/common/lib/perl5/Mail/DKIM/DNS.pm line 156, <GEN16> line 2304.)" header.d=aetna.com header.b=SZqPtx4l; dkim=fail (1024-bit k...

Depending how you created it to begin with and which acme client --- perhaps this? https://stackoverflow.com/questions/38302401/letsencrypt-add-domain-to-existing-certificate It is trivial to re-issue and use the --force option with most acme clients also. BTW, if you use DNS validation, you can tes...

Not any more but it does handle most cases... There is a variation of spoofing that is signed by the spammer so my initial rule failed that case. I do something extra now and use the Return-Path which is the envelope from address. You are correct that you add a string of domains. I keep it as 2 rule...

Amavis is responsible for managing SA, clamav, its own rules and also managing the DMARC checks. I view it as the judge/coordinator is how I conceptually think of it. For example... this header you can not match with SA. Drove me crazy debugging this in production because during testing of my rules ...

Use either amavis (amavisd.conf.in) or SA... I tend to do most of our stuff with SA. Either should prevent your domain from being classified as junk for your users. https://wiki.apache.org/spamassassin/ManualWhitelist Simple addition to: /opt/zimbra/data/spamassassin/localrules/sauser.cf and zmamavi...

Could you not also change the /var/spool/cron/crontabs/zimbra file to 400? You would need to change it if you made changes to zimbra of course, but that is not a real problem. Clever. Unfortunately, /usr/bin/crontab is setuid root. Use chattr so even root can't edit the file until you change it bac...

Added a search and worked on more rules for scoring. The search works across the ip space and if any match is found will display that ip and all the requests it has made to your server. This is intentional as we already have stdout and grep... check_attacks.pl |grep something so was looking for what...

maxxer you have done a terrific job on your blog posting and this thread. I have recently added a few honeypots and the attack initiates within 24 hours so you have to be really lucky not to be discovered. The initial attacking ip's continue to increase so it is going to be a game of whack-a-mole to...

I am investigating various reputation lists to further my understanding of current attacks on our zimbra mailboxd services... Eventually, all this will be part of a feedback loop with modsecurity 3 and used in the scoring and identification of the type of bot with check_attacks.pl. Quick and dirty b...