Hello! -)!

How can I tune anti-spam filters to block all letters with blank field "to" (to=<>).

Is there any way to protect against these connections from other servers to mine?

Hello everyone! Since last month I have faced new types to spam. I administer the server with ~2000 users and they often receive fishing emails. Previously, compromised accounts were used to send spam via smtp-bots. Hacked accounts were identified by analyzing zimbra logs (sasl_username parameter - ...

Yes, there is a files zmswatch and zmswatch.out virustotal says its a bitcoin miner As I understand it, the hacking technique is the same. zmswatch - miner, Ajax.jsp - shell? Last patch is required to solve the problem. But this is not the same as described here: https://lorenzo.mile.si/zimbra-cve-...

seryoga_p wrote:fixed
1. upgrade to 8.7.11
2. Patch P10
now everything is working

Hello Seryoga -)!
Please, check this question: viewtopic.php?f=15&t=66031&p=289821#p289821
I think I was hacked the same way. Do you have a file : /opt/zimbra/log/zmswatch?

Update!

viewtopic.php?t=66005

Ajax.jsp - The content of the file is exactly like the author of the question!

Unfortunately, downtime is critical. Will it be enough to install Patch-11 for version 8.7.11? I read this instructions : https://lorenzo.mile.si/zimbra-cve-2019-9670-being-actively-exploited-how-to-clean-the-zmcat-infection/961/ And find modified file: 93393769 4 -rw-r----- 1 zimbra zimbra 332 apr ...

I can't be certain as I haven't run that version of ZCS for a long time but I doubt that was it's original location or even that name. The file I have on my current ZCS 8.8.12 is in this folde and, as you can see, it's named differently: Thanks for the answer! I see that this file was created on Ap...

I want to add information.
The zmswatch process was launched from /opt/zimbra/log/zmswatch

Is that normal? Binary file placed in logs folder?

Hello! Release 8.7.11.GA.1854.UBUNTU16.64 UBUNTU16_64 FOSS edition. Yesterday, I noticed that a virtual machine consumes a lot of CPU resources. When executing a command "top" in operating system, I see: "7209 zimbra 20 0 420652 11772 1128 S 399,7 0,0 2342:20 zmswatch". This is 4...