Zimbra Forums

This is a hard problem to solve with the tools zimbra provides IMO. Just that ip4 attack surface is currently 2**32 which is 4B potential ip addresses. That seems like an excessive number of hosts to grant access to any authentication services given your users incoming address ranges could be repres...

I have had a few people surprised they have automatically renewed and loaded letsencrypt certificates without intervention. Here is how and why: This only happens if you chose the automatic DNS validation method with the zimbra deploy method and installed acme.sh using the zimbra user . If you never...

Hi Jim, I feel frustrated and stupid, I have spent hours on the phone earlier with my ISP to realize they have in fact blocked port 80 few months ago despite a professional contract with a fixed IP address. It had to be escalated to discover that information! So the issue was not on my side as I th...

This is how we do it with acme.sh which is the script I use but if we wanted to use your http-01 method, the arguments would be as below. Notice: it is a little clearer that the script is also the webserver given that --standalone. acme.sh --issue --standalone -d mail.example.org -d mail.example.com...

The ACME client is the webserver for this validation with the wiki method. It will be listening on port 80. The wiki has you shutdown the proxy so the client can bind to port 80. You can verify this yourself by getting two terminals going and running the verification and watching the netstat in the ...

Any ACME client will work here so one can switch back and forth depending on ease of use from time to time. If you are in a rush and instead of debugging this, maxxer has created a really simple zimbra certbot bash script that handles all the steps you perform from the wiki article and is menu drive...

I misunderstood your original question and thought you couldn't get nginx back up and running after the letsencrypt validation failed? The validation method you chose is pulling a known string but there are some limitations on redirection for example if there is anything odd with your environment. h...

Challenge failed for domain mail.domain.ca http-01 challenge for mail.domain.ca Cleaning up challenges Some challenges have failed. If I start the proxy then it gives me Problem binding to port 80: Could not bind to IPV4 or IPV6. Not being able to bind means that nginx (ie. proxy) can't listen at t...

That's great Bill... Looks like it needed write permission in the local directory so simple fix is to change directory to make the first way work. Could also be 'cd /tmp'. Here is that additional step with the addition of that 'cd' command if /opt/zimbra is owned by root. % su - # cd /opt/zimbra/ # ...

With shodan it is possible to exploit these RCE's in near real-time these days. I was shocked when I read about the exploit March 13 and the first patch was 3 days later for 8.7.11 which gave me no time to test the patch and I went straight to production minutes later with P10. Given what I am seein...