Search found 380 matches

by Labsy
Mon Nov 12, 2018 10:56 pm
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 6547

Re: Simple program to report successful/fail ip logins and sorted by count

Yep, beauty of regex...works even better :) BTW...I've extended your code to also look for and analyze SMTP failures and to be able to only display specific account, included in search string. Here's what I came so far...not ideal, but serves me as a tool for helpdesk. BTW...still cannot figure it o...
by Labsy
Sun Nov 11, 2018 10:48 am
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 6547

Re: Simple program to report successful/fail ip logins and sorted by count

Beside that, for proper POP3 parsing on my ZCS 8.8 I had to change regex in line 47 from this: my($ip,$user) = m#.*\s+\[ip=.*;oip=(.*);\]\s*.* failed for\s+\[(.*)\].*$#i; to this: my($ip,$user) = m#.*\s+\[ip=.*;oip=(.*);cid=.*;\]\s*.* failed for\s+\[(.*)\].*$#i; Without this change IP for POP3 acces...
by Labsy
Sat Nov 03, 2018 4:14 pm
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 6547

Re: Simple program to report successful/fail ip logins and sorted by count

Hi JDunphy, that one is EXCELLENT! Really one of the most useful log parsers I found around. Just maybe an idea, why with POP failures it cannot strip "cid=xxxxxx" from IP? ZCS 8.8 with nginx. For WEB and IMAP it's OK. Total [ 1] - 89.143.173.78;cid=221369 Failed [ 1] - 89.143.173.78;cid=2...
by Labsy
Fri Nov 02, 2018 5:57 pm
Forum: Administrators
Topic: Massive SPAM false pozitives due to wrong blacklist resolving
Replies: 0
Views: 597

Massive SPAM false pozitives due to wrong blacklist resolving

Hi, I've got massive SPAM false-pozitives rejections on my ZCS server, saying in zimbra.log the sending server is BLOCKED using one of configured blacklists: - psbl.surriel.com - dbl.spamhaus.org - bl.spameatingmonkey.net - multi.surbl.org ...and others. ***EDIT*** Here's how it looks in zimbra.log:...
by Labsy
Mon Oct 29, 2018 9:50 am
Forum: Administrators
Topic: Local special character cannot be used in password?
Replies: 0
Views: 337

Local special character cannot be used in password?

Hi, Seems like at least in ZCS 8.8.7 special local characters cannot be used in password. In my case those are Slovenian specific characters "č", "š", "ž" and most probably many others, like German "umlaut" and others. Is this ZCS bug or incompatibility with O...
by Labsy
Sat Oct 27, 2018 8:51 pm
Forum: Administrators
Topic: Automatic lock IP on login try with attack trap address
Replies: 4
Views: 866

Re: Automatic lock IP on login try with attack trap address

Can't you get that list imported into Suricata on your OPNsense firewall, wouldn't that block them from accessing your server (or have I misread what you're trying to do)? Hmmm...I don't know how exactly. I can set location of list on my firewall appliance via URL, but on ZCS side I have no idea wh...
by Labsy
Sat Oct 27, 2018 11:46 am
Forum: Administrators
Topic: Automatic lock IP on login try with attack trap address
Replies: 4
Views: 866

Re: Automatic lock IP on login try with attack trap address

Yes, Brigadoon, that's something I was trying to acomplish in conjunction with my OPNSense/PFSense firewalls. The only problem I have is how to expose the list of collected (abuse) IP addresses to the internal network from ZCS server. Like, where to put the abuse-list.txt file to be accessible via h...
by Labsy
Sat Oct 27, 2018 9:50 am
Forum: Administrators
Topic: Where is setting for User-specified forwarding addresses?
Replies: 0
Views: 356

Where is setting for User-specified forwarding addresses?

Hi,

I am not sure whether this option vanished from ZCS 8.8, or my eye sight needs improvement, but I simply cannot find under USER's Webmail setting for "User-specified forwarding addresses", which are still available under ADMIN Web GUI.
Has this been removed from newer versions of ZCS?
by Labsy
Fri Oct 26, 2018 8:34 pm
Forum: Administrators
Topic: Automatic lock IP on login try with attack trap address
Replies: 4
Views: 866

Automatic lock IP on login try with attack trap address

Hi, I had quite a success by seeding spam-traps all over dozens of web sites and report those within my AntiSpam filter as definite spam. Now I am trying to do something similar with IP addresses, which try to identify as known and most widely used accounts, like "hostmaster", "admini...
by Labsy
Tue Oct 23, 2018 10:01 pm
Forum: Administrators
Topic: Does fail2ban need iptables?
Replies: 5
Views: 978

Re: Does fail2ban need iptables?

Thanx for the hint and links. Will study those. What bothers me are DISTRIBUTED attacks, which probably neither fail2ban nor DOSfilter would block. See, IPs are rarely the same, but attacking mailbox is the same. I can go with anything, but 2FA, because a lot of users are older ones, and this is Web...

Go to advanced search