Search found 417 matches

by JDunphy
Tue Jun 18, 2019 5:45 pm
Forum: Administrators
Topic: refused to talk to me: 554 5.7.1 You are not allowed to connect
Replies: 3
Views: 247

Re: refused to talk to me: 554 5.7.1 You are not allowed to connect

Just to be clear... take the ip address that you have for connecting to their port 25 ... do a reverse lookup to yield a name. Take that domain and make sure there is a corresponding SPF record that lists that ip address. They could be blocking ip space but it seems like it is SPF from the examples ...
by JDunphy
Tue Jun 18, 2019 2:54 pm
Forum: Administrators
Topic: refused to talk to me: 554 5.7.1 You are not allowed to connect
Replies: 3
Views: 247

Re: refused to talk to me: 554 5.7.1 You are not allowed to connect

Make sure you have your zimbra server's ip address listed in your SPF record. They apparently are finding the domain associated with that connecting ip and then verifying that the domain has an SPF record that matches. relay6:~:1> telnet 201.62.245.74 25 Escape character is '^]'. 220 mail4.mrv.com.b...
by JDunphy
Fri Jun 14, 2019 8:07 pm
Forum: Administrators
Topic: How to tell if Spam Assassin is using my custom rules?
Replies: 2
Views: 282

Re: How to tell if Spam Assassin is using my custom rules?

warnings is normal and custom rules do show up in debug mode... At the bottom you can also see two lines... check: is spam? which lists the score ... and check: subtests= ... and that lists the test that fired. Other things to check. Verify you are running this from zimbra so you get the environment...
by JDunphy
Thu Jun 13, 2019 4:19 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 106
Views: 82119

Re: Another Letsencrypt method

Another note on this... It's been a few years without problems but last night's renewal showed me something new. zmcontrol restart had a few problems. Nothing cert related but related to how zimbra determines when a process is running to know when to restart it. I had already patched and reported th...
by JDunphy
Thu Jun 06, 2019 11:20 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 211
Views: 92017

Re: CVE-2019-9670 being actively exploited

I'm searching for a exhaustive url that list every binary file that should be in zimbra, per version : specially binary files : does it exists ? (like zmbackup that is born with 8.7 --> Disaster recovery Tech Zimbra Post ).. Would be ideal if list of access made by each binary about r, w, or x too,...
by JDunphy
Fri May 31, 2019 7:45 pm
Forum: Developers
Topic: Real-time Security Blocking from logs and sharing with peers
Replies: 2
Views: 510

Real-time Security Blocking from logs and sharing with peers

With the recent events with the RCE/SSRF, I am going to release some software (framework) I have been using here as I watched this unfold on 8.6, 8.7, and 8.8 releases. It is a single perl program and it has UDP peer to peer communications that is encrypted so you can broadcast discoveries to all yo...
by JDunphy
Fri May 31, 2019 4:34 pm
Forum: General Zimbra Feedback
Topic: Becoming Better
Replies: 7
Views: 1360

Re: Becoming Better

Hi John, Well stated and thank you for initially setting these up. They have been terrific but what we need more than answers sometimes is public leadership. Your jumping in the other night when things were getting out of hand with this remote exploit is a clear example of that and was a calming inf...
by JDunphy
Wed May 29, 2019 9:40 pm
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 126
Views: 23914

Re: Zimbra AJAX Webmail not loading

Same here, all solutions that I found in this post and links working the only temporary. NE 8.7.11_GA_3800 I am not familar with Zimbra numbers but hopefully you mean you are at 8.7.11 + patch 11. # su - zimbra % zmcontrol -v Release 8.7.11_GA_1854.RHEL6_64_20170531151956 RHEL6_64 NETWORK edition, ...
by JDunphy
Wed May 29, 2019 7:16 pm
Forum: Administrators
Topic: Handshake SSL problem
Replies: 5
Views: 321

Re: Handshake SSL problem

When i make request with broken browser she's never sent by the reverse proxy to mailboxd (nginx.access.log stay empty). That is good news but unfortunate timing for this problem to occur given the current exploits. Since you see no requests in nginx.access.log, that is a pretty big clue I think. T...
by JDunphy
Wed May 29, 2019 3:09 pm
Forum: Administrators
Topic: Handshake SSL problem
Replies: 5
Views: 321

Re: Handshake SSL problem

What I mean by "does not work": Access to the server passes normally and Zimbra (nginx in reality) asks for my client certificate, once the client certificate filled: Blank page until the network timeout and the browser responds "ERR_TIMEOUT". I think the above scenario would al...

Go to advanced search