Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

Deceptive site ahead - phishing email

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 218
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Deceptive site ahead - phishing email

Postby maxxer » Wed Nov 23, 2022 2:29 pm

Hi.
We received a (phishing?) email which triggers an error in Chrome, as if Zimbra was a malicious site.

deceptive site-1669213456665.png
deceptive site-1669213456665.png (173.51 KiB) Viewed 1185 times


I've posted the email source to Pastebin:
https://pastebin.com/z7n5ArdR

Is this something related to latest P28/P35? Currently running 9.0.0.ZEXTRAS.20220713.UBUNTU18.64 UBUNTU18_64 FOSS edition.


7224jobe
Outstanding Member
Outstanding Member
Posts: 261
Joined: Sat Sep 13, 2014 1:55 am
ZCS/ZD Version: 8.8.15_GA_3869.RHEL7_64 Patch27

Re: Deceptive site ahead - phishing email

Postby 7224jobe » Thu Nov 24, 2022 10:55 am

Hi, maybe some phishing email came out from that mail server? Here is Google report on that site https://transparencyreport.google.com/s ... l%2F&hl=en , updated on November 17.
I tried with some Zimbra 8-9 public servers and Google report says that they are ok.
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 218
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: Deceptive site ahead - phishing email

Postby maxxer » Thu Nov 24, 2022 11:08 am

I think I didn't explain well enough my point: the Zimbra host is being marked as deceptive, because there's an email leading to a malicious site!
ghen
Advanced member
Advanced member
Posts: 118
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium
ZCS/ZD Version: 8.8.15

Re: Deceptive site ahead - phishing email

Postby ghen » Fri Nov 25, 2022 4:16 pm

Probably because it refers an external image from a known phishing URL (and you have zimbraPrefDisplayExternalImages enabled).

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 36 guests