Search found 57 matches

by yasanthau
Thu Jan 24, 2019 12:02 pm
Forum: Administrators
Topic: Unrestricted File Upload - Vulnerability
Replies: 0
Views: 387

Unrestricted File Upload - Vulnerability

Hi, Upon a vulnerability scan, it is requested to fix the above issue on Zimbra Server (8.8.7_GA_1964.RHEL7_64_20180223145016 RHEL7_64 FOSS edition). Please refer the details below. An unrestricted file upload exists when an application allows users to upload files without proper validation. The app...
by yasanthau
Thu Jan 24, 2019 11:48 am
Forum: Administrators
Topic: Vertical Privilege Escalation - Vulnerability
Replies: 0
Views: 393

Vertical Privilege Escalation - Vulnerability

Hi, Upon a vulnerability scan, it is requested to fix the above issue on Zimbra Server (8.8.7_GA_1964.RHEL7_64_20180223145016 RHEL7_64 FOSS edition) The application allows unauthenticated or lower privileged users to access resources or perform actions which should only be available to a higher leve...
by yasanthau
Thu Jan 03, 2019 1:23 pm
Forum: Administrators
Topic: Full header is showing as in mailbox
Replies: 9
Views: 1902

Re: Full header is showing as in mailbox

This happens even when we test from webmail to webmail with local relay (within same domain). What can be the root cause? Will it get resolved by an upgrade? Removing of accounts and re-creating them also wont fix this issue.
by yasanthau
Thu Jan 03, 2019 7:46 am
Forum: Administrators
Topic: Full header is showing as in mailbox
Replies: 9
Views: 1902

Re: Full header is showing as in mailbox

I also have the same issue with some accounts. Received emails are shown as clear text even if html view is enabled on both sender and receiver. Subject of the email is also dropped. Please refer the attached screen shot.
by yasanthau
Thu Jan 03, 2019 6:18 am
Forum: General Questions
Topic: Usually receive emails as plain text although it was sent as HTML and the HTML mail display is on
Replies: 4
Views: 18021

Re: Usually receive emails as plain text although it was sent as HTML and the HTML mail display is on

I also have the same issue. Received emails are shown as below. No matter whether it is webmail or client like Outlook. Appreciate an urgent feedback. Many users (not all users) are having the same issue. Deleting and re-creating the user also did not help. Zimbra version is "Release 8.8.9_GA_3...
by yasanthau
Thu Nov 16, 2017 5:17 am
Forum: Administrators
Topic: Tune HTTP methods in Zimbra 8.6 - Java server
Replies: 3
Views: 963

Re: Tune HTTP methods in Zimbra 8.6 - Java server

We also have got the same issue. Highly appreciated any update to this issue. Want to fix below vulnerabilities on Zimbra Server (8.5) 1) HTTP TRACE Method Enabled. Observed that if the request method is changed to “TRACE” the response contains the complete request, which proves the “TRACE” method i...
by yasanthau
Thu Oct 08, 2015 3:29 am
Forum: Administrators
Topic: How do we get Originating IP when using browser?
Replies: 5
Views: 1077

How do we get Originating IP when using browser?

Please check a part of the log below. Even if we enable that config, we dont get "oip" in logs [root@server1 ~]# su - zimbra -c "zmlocalconfig zimbra_http_originating_ip_header"zimbra_http_originating_ip_header = X-Forwarded-For Sep 11 10:41:06 example postfix/smtpd[2784]: connec...
by yasanthau
Wed Oct 07, 2015 1:59 am
Forum: Administrators
Topic: How do we get Originating IP when using browser?
Replies: 5
Views: 1077

How do we get Originating IP when using browser?

Many Thanks. It is enabled by default and we can get the originating ip by looking into "internet headers" of the email. This is very important to track originating location of particular emails. If we can get this detail on the zimbra.log or any other audit.log, it will be better.
by yasanthau
Mon Oct 05, 2015 11:53 am
Forum: Administrators
Topic: How do we get Originating IP when using browser?
Replies: 5
Views: 1077

How do we get Originating IP when using browser?

When connecting to Zimbra mail using any of the browser and compose an email, the zimbra.log show it as "connect from 127.0.0.1". Is it possible to track the ip address of the PC which was used to log into the Zimbra Server?

by yasanthau
Fri Aug 15, 2014 1:57 am
Forum: Administrators
Topic: Protected email account
Replies: 0
Views: 221

Protected email account

Hi,Is it possible to protect an email account in Zimbra open source version (8.0.5) as follows.Want to accept emails only from a list of senders to a particular account on Zimbra server. Want to reject all other emails and should notify them (senders) that they are not allowed to send emails to that...

Go to advanced search