Security update Daffodil 10.0.4, 9.0.0 Kelper Patch 36, 8.8.15 Joule Patch 43 see: https://wiki.zimbra.com/wiki/Security_Center

Deceptive site ahead - phishing email

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 224
Joined: Fri Oct 04, 2013 2:12 am
Contact:
Contact maxxer

Deceptive site ahead - phishing email

Post by maxxer »

Hi.
We received a (phishing?) email which triggers an error in Chrome, as if Zimbra was a malicious site.
deceptive site-1669213456665.png
deceptive site-1669213456665.png (173.51 KiB) Viewed 1956 times
I've posted the email source to Pastebin:
https://pastebin.com/z7n5ArdR

Is this something related to latest P28/P35? Currently running 9.0.0.ZEXTRAS.20220713.UBUNTU18.64 UBUNTU18_64 FOSS edition.
Top
7224jobe
Outstanding Member
Outstanding Member
Posts: 277
Joined: Sat Sep 13, 2014 1:55 am
ZCS/ZD Version: 8.8.15_FOSS Patch38

Re: Deceptive site ahead - phishing email

Post by 7224jobe »

Hi, maybe some phishing email came out from that mail server? Here is Google report on that site https://transparencyreport.google.com/s ... l%2F&hl=en , updated on November 17.
I tried with some Zimbra 8-9 public servers and Google report says that they are ok.
Top
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 224
Joined: Fri Oct 04, 2013 2:12 am
Contact:
Contact maxxer

Re: Deceptive site ahead - phishing email

Post by maxxer »

I think I didn't explain well enough my point: the Zimbra host is being marked as deceptive, because there's an email leading to a malicious site!
Top
ghen
Advanced member
Advanced member
Posts: 194
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium
ZCS/ZD Version: 8.8.15

Re: Deceptive site ahead - phishing email

Post by ghen »

Probably because it refers an external image from a known phishing URL (and you have zimbraPrefDisplayExternalImages enabled).
Top
Post Reply

Return to “Administrators”