Search found 415 matches

by JDunphy
Fri Jun 14, 2019 8:07 pm
Forum: Administrators
Topic: How to tell if Spam Assassin is using my custom rules?
Replies: 2
Views: 247

Re: How to tell if Spam Assassin is using my custom rules?

warnings is normal and custom rules do show up in debug mode... At the bottom you can also see two lines... check: is spam? which lists the score ... and check: subtests= ... and that lists the test that fired. Other things to check. Verify you are running this from zimbra so you get the environment...
by JDunphy
Thu Jun 13, 2019 4:19 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 106
Views: 81656

Re: Another Letsencrypt method

Another note on this... It's been a few years without problems but last night's renewal showed me something new. zmcontrol restart had a few problems. Nothing cert related but related to how zimbra determines when a process is running to know when to restart it. I had already patched and reported th...
by JDunphy
Thu Jun 06, 2019 11:20 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89722

Re: CVE-2019-9670 being actively exploited

I'm searching for a exhaustive url that list every binary file that should be in zimbra, per version : specially binary files : does it exists ? (like zmbackup that is born with 8.7 --> Disaster recovery Tech Zimbra Post ).. Would be ideal if list of access made by each binary about r, w, or x too,...
by JDunphy
Fri May 31, 2019 7:45 pm
Forum: Developers
Topic: Real-time Security Blocking from logs and sharing with peers
Replies: 2
Views: 483

Real-time Security Blocking from logs and sharing with peers

With the recent events with the RCE/SSRF, I am going to release some software (framework) I have been using here as I watched this unfold on 8.6, 8.7, and 8.8 releases. It is a single perl program and it has UDP peer to peer communications that is encrypted so you can broadcast discoveries to all yo...
by JDunphy
Fri May 31, 2019 4:34 pm
Forum: General Zimbra Feedback
Topic: Becoming Better
Replies: 5
Views: 977

Re: Becoming Better

Hi John, Well stated and thank you for initially setting these up. They have been terrific but what we need more than answers sometimes is public leadership. Your jumping in the other night when things were getting out of hand with this remote exploit is a clear example of that and was a calming inf...
by JDunphy
Wed May 29, 2019 9:40 pm
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 126
Views: 23286

Re: Zimbra AJAX Webmail not loading

Same here, all solutions that I found in this post and links working the only temporary. NE 8.7.11_GA_3800 I am not familar with Zimbra numbers but hopefully you mean you are at 8.7.11 + patch 11. # su - zimbra % zmcontrol -v Release 8.7.11_GA_1854.RHEL6_64_20170531151956 RHEL6_64 NETWORK edition, ...
by JDunphy
Wed May 29, 2019 7:16 pm
Forum: Administrators
Topic: Handshake SSL problem
Replies: 5
Views: 313

Re: Handshake SSL problem

When i make request with broken browser she's never sent by the reverse proxy to mailboxd (nginx.access.log stay empty). That is good news but unfortunate timing for this problem to occur given the current exploits. Since you see no requests in nginx.access.log, that is a pretty big clue I think. T...
by JDunphy
Wed May 29, 2019 3:09 pm
Forum: Administrators
Topic: Handshake SSL problem
Replies: 5
Views: 313

Re: Handshake SSL problem

What I mean by "does not work": Access to the server passes normally and Zimbra (nginx in reality) asks for my client certificate, once the client certificate filled: Blank page until the network timeout and the browser responds "ERR_TIMEOUT". I think the above scenario would al...
by JDunphy
Mon May 27, 2019 4:01 pm
Forum: Administrators
Topic: Cannot upload some files regardless of size or extension
Replies: 19
Views: 3814

Re: Cannot upload some files regardless of size or extension

I cannot find where this porocess starts You are playing whack-a-mole with the attacker. They have a remote command exploit (RCE) and a SSRF (server side request forgery)... Think of it like your zimbra server acting like a proxy to execute commands for that attacker. Check crontab, investigate you...
by JDunphy
Mon May 13, 2019 3:39 pm
Forum: Administrators
Topic: Potential Bug: MTA may not start with zmcontrol
Replies: 10
Views: 2827

Re: Potential Bug: MTA may not start with zmcontrol

Update I received confirmation that today they closed the pull request so we are getting closer... Thank you to Robert Scheck who had one fix and pull request since Aug 2018 and pushed this through with pure determination. He wouldn't let it sit. I had given up myself and was happy to go it alone w...

Go to advanced search