Zimbra Forums

Hi John, Well stated and thank you for initially setting these up. They have been terrific but what we need more than answers sometimes is public leadership. Your jumping in the other night when things were getting out of hand with this remote exploit is a clear example of that and was a calming inf...

Same here, all solutions that I found in this post and links working the only temporary. NE 8.7.11_GA_3800 I am not familar with Zimbra numbers but hopefully you mean you are at 8.7.11 + patch 11. # su - zimbra % zmcontrol -v Release 8.7.11_GA_1854.RHEL6_64_20170531151956 RHEL6_64 NETWORK edition, ...

When i make request with broken browser she's never sent by the reverse proxy to mailboxd (nginx.access.log stay empty). That is good news but unfortunate timing for this problem to occur given the current exploits. Since you see no requests in nginx.access.log, that is a pretty big clue I think. T...

What I mean by "does not work": Access to the server passes normally and Zimbra (nginx in reality) asks for my client certificate, once the client certificate filled: Blank page until the network timeout and the browser responds "ERR_TIMEOUT". I think the above scenario would al...

I cannot find where this porocess starts You are playing whack-a-mole with the attacker. They have a remote command exploit (RCE) and a SSRF (server side request forgery)... Think of it like your zimbra server acting like a proxy to execute commands for that attacker. Check crontab, investigate you...

Update I received confirmation that today they closed the pull request so we are getting closer... Thank you to Robert Scheck who had one fix and pull request since Aug 2018 and pushed this through with pure determination. He wouldn't let it sit. I had given up myself and was happy to go it alone w...

I think what you want is this virus_name_to_spam_score_maps ... This would allow you to score this in SA and provide that flexibility. https://lists.amavis.org/pipermail/amavis-users/2011-October/000934.html Anything matching would be sent on to SA where you could look at X-Amavis-AV-Status to see i...

This is freshclam. % grep 104.16.218.84 /opt/zimbra/log/freshclam.log Database updated (6823072 signatures) from db.us.clamav.net (IP: 104.16.218.84) Database updated (6825610 signatures) from db.us.clamav.net (IP: 104.16.218.84) .. If you don't need virus definitions updated, this would temporarily...

Hey David, You might want to play with dnsping,dnseval and dnstraceroute. Will definitely show oddities like transparent proxying (ISP/NSP interception), throttling, FW, slowness, etc. Something like this for udp and then tcp might shine a light. # dnsping -t TXT Mar2018._domainkey.aetna.com # dnspi...

I thought this was a caching DNS resolver... nope. From the documentation - "dnscache adds into the MTA servers a local DNS cache server that can keep all the external DNS request". Anyway, here is the root cause. "configured forward servers failed -- returning SERVFAIL" So you a...