Search found 95 matches

by fferraro87
Fri Oct 26, 2018 1:11 pm
Forum: Administrators
Topic: Zimbra 8.8.9 and Cbpolicyd
Replies: 14
Views: 4138

Re: Zimbra 8.8.9 and Cbpolicyd

fs.schmidt wrote:HI guys,

Zimbra support is still analysing this issue. I've exported our SQLite database and sent to them.

As soon as I get an update I will share with you guys.

Best regards.

Thanks, we're waiting for your news! :D
by fferraro87
Tue Oct 23, 2018 2:38 pm
Forum: Administrators
Topic: Zimbra 8.8.9 and Cbpolicyd
Replies: 14
Views: 4138

Re: Zimbra 8.8.9 and Cbpolicyd

fs.schmidt wrote:
DavidMerrill wrote:Anything interesting back from Zimbra Support on this?


Hello David,

Thank you for the attention. This case is being well handled by Zimbra support team.

Best regards.

Do you've some news from zimbra support team?

Thanks
by fferraro87
Fri Oct 12, 2018 3:41 pm
Forum: Administrators
Topic: restart only snmp service
Replies: 0
Views: 1019

restart only snmp service

Hi,
there is a command to restart only snmp service?

Thanks
by fferraro87
Fri Sep 28, 2018 10:04 am
Forum: Administrators
Topic: many spam email from same account
Replies: 11
Views: 852

Re: many spam email from same account

just grep user_saslname , not with the account name. Then sort and count. Maybe the user_saslname is different from the sender. An other explanation is the use of the webmail by the attacker. yeah sure, but i've a question. every time an user send an email i've to see a line on zimbra.log with sasl...
by fferraro87
Fri Sep 28, 2018 8:43 am
Forum: Administrators
Topic: many spam email from same account
Replies: 11
Views: 852

Re: many spam email from same account

evrything is possible ;p Well just grep sasl_username on you MTA log to check this. ok i've done and i've see that many email are sent and i've no trace of authentication by the user. How can i force every user to authenticate before sending an email? Also that it's grep of the attacker IP on zimbr...
by fferraro87
Fri Sep 28, 2018 8:20 am
Forum: Administrators
Topic: many spam email from same account
Replies: 11
Views: 852

Re: many spam email from same account

well it seems the account has been compromised. You should block it by putting it in lockedout status and change the password. Then you should restart all Zimbra MTA to disconnect the the user who is spamming. Last but not least : get the owner of the account to teach him not to use his old passwor...
by fferraro87
Fri Sep 28, 2018 8:12 am
Forum: Administrators
Topic: many spam email from same account
Replies: 11
Views: 852

Re: many spam email from same account

DualBoot wrote:Hello,

the sender is from the domain you own ?

Regards,

yes, the sender and recipient are the same, but sender is sending by another IP
by fferraro87
Fri Sep 28, 2018 8:04 am
Forum: Administrators
Topic: many spam email from same account
Replies: 11
Views: 852

Re: many spam email from same account

Hello, if the from field is always the same you can use iptables to block when pattern match this from address. Or you can block the original source IP too. See you thanks for your answer, but if i block this from address, i block all mail from that address, but this address is good, it's a normal ...
by fferraro87
Fri Sep 28, 2018 7:23 am
Forum: Administrators
Topic: many spam email from same account
Replies: 11
Views: 852

many spam email from same account

Hi, that's a week that many accounts on my zimbra servers (all 8.8.9 patch4) receive spam email from his address. for example test@example.org receive a spam email from test.example.org (but from a different ip address): that's source of email : Return-Path: <test@example.org> Received: from mail.ex...
by fferraro87
Tue Aug 28, 2018 12:44 pm
Forum: Administrators
Topic: Enable Link Forgot Password Zimbra 8.8.9 P3
Replies: 3
Views: 1758

Re: Enable Link Forgot Password Zimbra 8.8.9 P3

Hello, Before, I used zimbra 8.8.9 P1, and I have enabled forgot password feature with class of service, and on login screen show Forgot Password Now, after update to 8.8.9 P3, Forgot Password link on login screen not show, this is bug or etc? Thanks Hi, check that link https://zdocs.github.io/curi...

Go to advanced search