Search found 382 matches

by Labsy
Wed Nov 14, 2018 7:10 am
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 7708

Re: Simple program to report successful/fail ip logins and sorted by count

Hi JDunphy, that's one huge code rewrite, really love it how you incorporated all changes. And love it being organized :) BUT there's still work to do - I noticed results are buggy/different, if I switch the order of log parsing elsif 's for "http" and "qtp". Results are much dif...
by Labsy
Tue Nov 13, 2018 9:19 am
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 7708

Re: Simple program to report successful/fail ip logins and sorted by count

...Change this line: for $user (sort {$ip_list{$b} <=> $ip_list{$a}} keys %ip_list ) to this for $user (sort keys %ip_list ) And it should sort by user for you... Excellent! Maybe another one for you, since you seem to know what sort is about - would it be possible to sort users by failure count? S...
by Labsy
Mon Nov 12, 2018 10:56 pm
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 7708

Re: Simple program to report successful/fail ip logins and sorted by count

Yep, beauty of regex...works even better :) BTW...I've extended your code to also look for and analyze SMTP failures and to be able to only display specific account, included in search string. Here's what I came so far...not ideal, but serves me as a tool for helpdesk. BTW...still cannot figure it o...
by Labsy
Sun Nov 11, 2018 10:48 am
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 7708

Re: Simple program to report successful/fail ip logins and sorted by count

Beside that, for proper POP3 parsing on my ZCS 8.8 I had to change regex in line 47 from this: my($ip,$user) = m#.*\s+\[ip=.*;oip=(.*);\]\s*.* failed for\s+\[(.*)\].*$#i; to this: my($ip,$user) = m#.*\s+\[ip=.*;oip=(.*);cid=.*;\]\s*.* failed for\s+\[(.*)\].*$#i; Without this change IP for POP3 acces...
by Labsy
Sat Nov 03, 2018 4:14 pm
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 7708

Re: Simple program to report successful/fail ip logins and sorted by count

Hi JDunphy, that one is EXCELLENT! Really one of the most useful log parsers I found around. Just maybe an idea, why with POP failures it cannot strip "cid=xxxxxx" from IP? ZCS 8.8 with nginx. For WEB and IMAP it's OK. Total [ 1] - 89.143.173.78;cid=221369 Failed [ 1] - 89.143.173.78;cid=2...
by Labsy
Fri Nov 02, 2018 5:57 pm
Forum: Administrators
Topic: Massive SPAM false pozitives due to wrong blacklist resolving
Replies: 0
Views: 789

Massive SPAM false pozitives due to wrong blacklist resolving

Hi, I've got massive SPAM false-pozitives rejections on my ZCS server, saying in zimbra.log the sending server is BLOCKED using one of configured blacklists: - psbl.surriel.com - dbl.spamhaus.org - bl.spameatingmonkey.net - multi.surbl.org ...and others. ***EDIT*** Here's how it looks in zimbra.log:...
by Labsy
Mon Oct 29, 2018 9:50 am
Forum: Administrators
Topic: Local special character cannot be used in password?
Replies: 0
Views: 455

Local special character cannot be used in password?

Hi, Seems like at least in ZCS 8.8.7 special local characters cannot be used in password. In my case those are Slovenian specific characters "č", "š", "ž" and most probably many others, like German "umlaut" and others. Is this ZCS bug or incompatibility with O...
by Labsy
Sat Oct 27, 2018 8:51 pm
Forum: Administrators
Topic: Automatic lock IP on login try with attack trap address
Replies: 4
Views: 956

Re: Automatic lock IP on login try with attack trap address

Can't you get that list imported into Suricata on your OPNsense firewall, wouldn't that block them from accessing your server (or have I misread what you're trying to do)? Hmmm...I don't know how exactly. I can set location of list on my firewall appliance via URL, but on ZCS side I have no idea wh...
by Labsy
Sat Oct 27, 2018 11:46 am
Forum: Administrators
Topic: Automatic lock IP on login try with attack trap address
Replies: 4
Views: 956

Re: Automatic lock IP on login try with attack trap address

Yes, Brigadoon, that's something I was trying to acomplish in conjunction with my OPNSense/PFSense firewalls. The only problem I have is how to expose the list of collected (abuse) IP addresses to the internal network from ZCS server. Like, where to put the abuse-list.txt file to be accessible via h...
by Labsy
Sat Oct 27, 2018 9:50 am
Forum: Administrators
Topic: Where is setting for User-specified forwarding addresses?
Replies: 0
Views: 482

Where is setting for User-specified forwarding addresses?

Hi,

I am not sure whether this option vanished from ZCS 8.8, or my eye sight needs improvement, but I simply cannot find under USER's Webmail setting for "User-specified forwarding addresses", which are still available under ADMIN Web GUI.
Has this been removed from newer versions of ZCS?

Go to advanced search