Search found 19 matches

by copowpow
Thu Apr 18, 2019 7:23 pm
Forum: Administrators
Topic: Looking for a script to scan zimbra logs and add IP's to ufw rules
Replies: 5
Views: 1770

Re: Looking for a script to scan zimbra logs and add IP's to ufw rules

I started looking into this, here is my first attempt: cat zimbra.log | grep "cannot find your hostname" > cantfind.txt && cat cantfind.txt | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort | uniq | sort -n > ips.txt That gets me a list of offending IP's now to figure o...
by copowpow
Wed Apr 17, 2019 6:37 pm
Forum: Administrators
Topic: Looking for a script to scan zimbra logs and add IP's to ufw rules
Replies: 5
Views: 1770

Re: Looking for a script to scan zimbra logs and add IP's to ufw rules

How about fail2ban: https://www.startpage.com/do/dsearch?query=%2Bfail2ban+%2Bzimbra&cat=web&pl=opensearch&language=english Thanks Bill, shortly after I posted this I figured someone would answer with fail2ban. Fail2ban has its place thats for sure, I was looking for something more ligh...
by copowpow
Wed Apr 17, 2019 5:14 pm
Forum: Administrators
Topic: Looking for a script to scan zimbra logs and add IP's to ufw rules
Replies: 5
Views: 1770

Looking for a script to scan zimbra logs and add IP's to ufw rules

Just as the title says, im looking for a script to scan zimbra logs and add IP's to ufw rules. Also looking for advice as to whether this is a bad idea or not. Heres an example entry from our log, I want to add the 333.333.333.333 ip to the ufw block list: Mar 17 12:00:18 mail postfix/smtpd[19842]: ...
by copowpow
Fri Apr 12, 2019 7:05 pm
Forum: Administrators
Topic: Failed auth attacks locking out users
Replies: 4
Views: 1577

Re: Failed auth attacks locking out users

Anyone have any idea on how to deal with this? I was in your exact situation, and it was about 5 users that were being targeted. I have fail2ban, geo blocking most of EU on the firewall and also the default failed login attempts zimbra lockout method and I was still getting attacked and the users w...
by copowpow
Wed Oct 24, 2018 3:39 pm
Forum: Administrators
Topic: Cant shake bruteforce monkey
Replies: 13
Views: 2958

Re: Cant shake bruteforce monkey

Well it looks like the DoS filter is not working (zcs 8.8.8) , accounts still getting locked out after following Marks blog post, As per https://wiki.zimbra.com/wiki/DoSFilter , it says to check /opt/zimbra/log/zmmailboxd.out and /opt/zimbra/log/sync.log /opt/zimbra/log/zmmailboxd.out is packed with...
by copowpow
Tue Oct 23, 2018 12:52 am
Forum: Administrators
Topic: Cant shake bruteforce monkey
Replies: 13
Views: 2958

Re: Cant shake bruteforce monkey

Just did a blog post on this: https://www.missioncriticalemail.com/2018/10/19/using-zimbras-dosfilter-and-failed-login-lockout-policy-together/ Please take a look and let me know if that works for you? All the best, Mark Thank you Mark, I am implementing this tonight! I will report back once I get ...
by copowpow
Fri Oct 19, 2018 3:59 pm
Forum: Administrators
Topic: Cant shake bruteforce monkey
Replies: 13
Views: 2958

Cant shake bruteforce monkey

I am having issues combating brute-force attempts on my ZCS server. I have fail2ban in place but it is not helping in this situation, they just come back from a different IP address. My accounts keep getting locked out.Ive blocked entire country's (brazil, indonesia, china) with ip lists from ip2loc...
by copowpow
Sun Apr 08, 2018 8:53 pm
Forum: Installation and Upgrade
Topic: Zimbra 8.8.8 Has Been Released
Replies: 17
Views: 5847

Re: Zimbra 8.8.8 Has Been Released

After I upgraded to v8.8.8 the Zimbra repo (yum repo) got broken # yum upgrade Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.ufscar.br * extras: mirror.ufscar.br * updates: mirror.ufscar.br Resolving Dependencies --> Running transaction check ---> Package z...
by copowpow
Mon Mar 26, 2018 3:50 pm
Forum: Installation and Upgrade
Topic: Error Use Zimbra's package repository
Replies: 2
Views: 3611

Re: Error Use Zimbra's package repository

what happens when you run "sudo apt-get update"? are you able to install other packaged with apt-get?

this doesnt sound like a zimbra installer program but your sever (or a firewall somewhere) is blocking itself from receiving the files from the zimbra repository server.

Go to advanced search