Is there a place to view the JavaDocs for the Zimbra API? I am writing a Zimlet that uses a JSP to access Zimbra Properties
↧
JavaDocs for Zimbra API
↧
How to open zimbra mail composer from external appliaction with attachments
Hi all!
I shuld develope a function in my win32 application to open the zimbra mail composer passing some parameters...
i've already found i can use something like this:
but the question is: is it possible to post one or more attachment to the new mail window while opening it with an http post request?
many thx
I shuld develope a function in my win32 application to open the zimbra mail composer passing some parameters...
i've already found i can use something like this:
Code:
http://demo2.zimbra.com/zimbra/h/search?si=0&so=0&sc=7251&st=message&action=compose&to=someone@example.com&subject=SUBJECT&bcc=someone.else@example.commany thx
↧
↧
Re-write Zimbra web front?
I'm new to Zimbra and have a few questions. Basically I already have a postfix / dovecot / cyrus based mail system built which has been working for the last few years but I want to throw in a web based layer with calendar / tasks functionality. Appears Zimbra is the choice but I want to customize the front end to suite my enterprise environment.
So which of the following is more difficult?
1) Install Zimbra and just use it's core functions but completely re-design / write the web front end? Or write the web interface from the ground up?
2) Write the web front end from scratch building on my existing setup, adding in calendar / task / contact, etc.
I guess it depends whether Zimbra has everything exposed via SOAP API and I can just use Java to call?
Also, is the source that is available the full network edition or only contain the feature in the open source edition? This is important because I'm using Outlook at the moment and if the code is only the open source edition this means it won't work with Outlook.
So which of the following is more difficult?
1) Install Zimbra and just use it's core functions but completely re-design / write the web front end? Or write the web interface from the ground up?
2) Write the web front end from scratch building on my existing setup, adding in calendar / task / contact, etc.
I guess it depends whether Zimbra has everything exposed via SOAP API and I can just use Java to call?
Also, is the source that is available the full network edition or only contain the feature in the open source edition? This is important because I'm using Outlook at the moment and if the code is only the open source edition this means it won't work with Outlook.
↧
Sending automatic abuse complaints
Hi everyone!
I'm just dropping by to share a little script I wrote a couple of days ago.
I've noticed a huge increase in open relay scanning, and although Zimbra users aren't vulnerable, I thought this was a good opportunity to annoy spammers.
Suspicious entries in the daily log look like this:
What's going on? Basically, someone is looking for misconfigured mail servers which will forward e-mails for anyone. This would allow them to send spam and have someone else deal with consequences.
Looking more closely at the logs, I figured that all those scans were originating from the same individual (because of patterns in the scan). At first, I began sending abuse mail manually, but it didn't take long for me to realize that it was far too time consuming. So I wrote a small shell script that does the job by itself: everyday, it parses Zimbra logs, looks for suspicious entries and sends everything to the registered abuse contact in the WHOIS database.
(You may have to install mutt manually.)
In order for the script to be called everyday, all you have to do is edit zimbra's logrotate script located at
:
This way, every time zimbra logs get archived, the script goes through them just before they are compressed.
Finally, here is a sample mail generated by this script.
Hello,
I have received suspicious connexion on port 25 from a machine located in your network.
Here are the relevant postfix logs:
Jan 31 19:27:02 atria postfix/smtpd[21972]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 19:27:02 atria postfix/smtpd[21972]: connect from unknown[88.247.78.4]
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: disconnect from unknown[88.247.78.4]
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 22:15:21 atria postfix/smtpd[3430]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:15:21 atria postfix/smtpd[3430]: connect from unknown[88.247.78.4]
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:22 atria postfix/smtpd[3430]: disconnect from unknown[88.247.78.4]
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:43:40 atria postfix/smtpd[16701]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:43:40 atria postfix/smtpd[16701]: connect from unknown[88.247.78.4]
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: disconnect from unknown[88.247.78.4]
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:43:40
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:43:40
One of your computers may have been infected, or it is possible that one of your clients is up to no good.
Could you please look into it?
Regards,
Ivan
That's it! It doesn't cost much, and may cost precious resources to spammers if ISPs and hosting providers recieve enough complaints.
Feel free to extend the script to detect other types of undesirable behaviour!
I'm just dropping by to share a little script I wrote a couple of days ago.
I've noticed a huge increase in open relay scanning, and although Zimbra users aren't vulnerable, I thought this was a good opportunity to annoy spammers.
Suspicious entries in the daily log look like this:
Code:
message reject detail
---------------------
RCPT
Relay access denied (total: 38)
5 ono.com
3 190.5.230.178
3 p578bd5ec.dip0.t-ipconnect.de
3 nuvox.net
3 63.115.40.56
3 amos-traffic.co.uk
2 charter.com
2 static.sbb.rs
2 bband-dyn112.178-41-177.t-com.sk
2 119.73.152.205
2 mtnbusiness.co.za
1 201.203.3.10
1 telesp.net.br
1 rogers.com
1 rr.com
1 teksavvy.com
1 cox.net
1 rima-tde.net
1 88.247.78.4Looking more closely at the logs, I figured that all those scans were originating from the same individual (because of patterns in the scan). At first, I began sending abuse mail manually, but it didn't take long for me to realize that it was far too time consuming. So I wrote a small shell script that does the job by itself: everyday, it parses Zimbra logs, looks for suspicious entries and sends everything to the registered abuse contact in the WHOIS database.
Code:
#!/bin/bash
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
MAIL_HEAD="Hello,\n
\n\
I have received suspicious connexion on port 25 from a machine located in your network.\n\
Here are the relevant postfix logs:\n"
MAIL_FOOT="\nOne of your computers may have been infected, or it is possible that one of your clients is up to no good.\n\
Could you please look into it?\n\
\n\
Regards,\n\
[My Name]"
for IP in `grep -i "relay access" /var/log/zimbra.log.1 |perl -ne '/from [A-Za-z0-9.-]+\[([0-9.]+)\]/ && print $1 . "\n"' |sort -u`
do
ABUSE_MAIL=`whois $IP |egrep -o "abuse[A-Za-z0-9.-]*@[A-Za-z0-9.-]+" |sort -u`
if [[ -n "$ABUSE_MAIL" ]]
then
echo -e $MAIL_HEAD > mail.tmp
grep $IP /var/log/zimbra.log.1 >> mail.tmp
echo -e $MAIL_FOOT >> mail.tmp
# Add "-b my@mail.tld" to mutt's arguments if you want to recieve a blind carbon copy of the sent e-mails.
mutt -e 'set from=my@mail.tld realname="My Name"' -s "SMTP abuse from $IP" $ABUSE_MAIL < mail.tmp
fi
done
rm -f mail.tmpIn order for the script to be called everyday, all you have to do is edit zimbra's logrotate script located at
Code:
/etc/logrotate.d/zimbraCode:
/var/log/zimbra.log {
daily
missingok
notifempty
create 0644 syslog adm
compress
postrotate
/usr/sbin/service rsyslog restart >/dev/null || true
su - zimbra -c "/opt/zimbra/bin/zmswatchctl restart" > /dev/null 2>&1 || true
# -------- EDIT THIS --------
/path/to/abuse.sh || true
# ---------------------------
endscript
}Finally, here is a sample mail generated by this script.
Quote:
Hello,
I have received suspicious connexion on port 25 from a machine located in your network.
Here are the relevant postfix logs:
Jan 31 19:27:02 atria postfix/smtpd[21972]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 19:27:02 atria postfix/smtpd[21972]: connect from unknown[88.247.78.4]
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: disconnect from unknown[88.247.78.4]
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 22:15:21 atria postfix/smtpd[3430]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:15:21 atria postfix/smtpd[3430]: connect from unknown[88.247.78.4]
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:22 atria postfix/smtpd[3430]: disconnect from unknown[88.247.78.4]
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:43:40 atria postfix/smtpd[16701]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:43:40 atria postfix/smtpd[16701]: connect from unknown[88.247.78.4]
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: disconnect from unknown[88.247.78.4]
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:43:40
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:43:40
One of your computers may have been infected, or it is possible that one of your clients is up to no good.
Could you please look into it?
Regards,
Ivan
Feel free to extend the script to detect other types of undesirable behaviour!
↧
Zimbra public code access now available
Public access to the Zimbra code is now available. Please see https://wiki.zimbra.com/wiki/Building_Zimbra_using_Git
↧
↧
Get Date From ZmMailMsg
Hello,
I have a question about ZmMailMsg: I want to get the datetime the message was received. I'm not able to find this property.
I can get the Subject, the recipients, the sender, the body, etc. but no datetime. Further I don't find something on google about this.
Maybe you can give me a hint?
thank u
I have a question about ZmMailMsg: I want to get the datetime the message was received. I'm not able to find this property.
I can get the Subject, the recipients, the sender, the body, etc. but no datetime. Further I don't find something on google about this.
Maybe you can give me a hint?
thank u
↧
How to build 8.0.6 and Ironmaiden (8.0.7) in Ubuntu 12.04
Zimbra source code was made available again as a GIT repository recently. :)
After many fixes to the current official documentation :( I have finally managed to build Zimbra OSE 8.0.6 and Zimbra OSE 8.0.7 in an Ubuntu 12.04 64 bit system :cool:. The original instructions are in Spanish but the commands speak for themselves. Just make sure you use a new minimal installation so that you don't loose any important contents.
Feel free to adapt it to a Zimbra Wiki page so that it helps more people.
Feedback is welcome.
Compilar Zimbra OSE 8.0.6
Compilar Zimbra OSE Ironmaiden (8.0.7)
After many fixes to the current official documentation :( I have finally managed to build Zimbra OSE 8.0.6 and Zimbra OSE 8.0.7 in an Ubuntu 12.04 64 bit system :cool:. The original instructions are in Spanish but the commands speak for themselves. Just make sure you use a new minimal installation so that you don't loose any important contents.
Feel free to adapt it to a Zimbra Wiki page so that it helps more people.
Feedback is welcome.
Compilar Zimbra OSE 8.0.6
Compilar Zimbra OSE Ironmaiden (8.0.7)
↧
SendInviteReply not causing Event Status to be updated
I am using SendInviteReply to update the status of an event but it does not seem to be updating it. Below is the XML request and response:
<SendInviteReplyRequest xmlns="urn:zimbraMail" echo="1" html="1" id="361-360" compNum="0" verb="ACCEPT" updateOrganizer="TRUE">
<m>
<e t="t" a="c80calendar@gmail.com"></e>
<e t="t" a="c80calendar@gmail.com"></e>
<mp part="" ct="text/plain" body="1">
<content>test</content>
</mp>
</m>
</SendInviteReplyRequest>
<SendInviteReplyResponse xmlns="urn:zimbraMail" invId="361-475" apptId="361" calItemId="361"></SendInviteReplyResponse>
Am I doing something wrong?
Thanks for the help in advance.
<SendInviteReplyRequest xmlns="urn:zimbraMail" echo="1" html="1" id="361-360" compNum="0" verb="ACCEPT" updateOrganizer="TRUE">
<m>
<e t="t" a="c80calendar@gmail.com"></e>
<e t="t" a="c80calendar@gmail.com"></e>
<mp part="" ct="text/plain" body="1">
<content>test</content>
</mp>
</m>
</SendInviteReplyRequest>
<SendInviteReplyResponse xmlns="urn:zimbraMail" invId="361-475" apptId="361" calItemId="361"></SendInviteReplyResponse>
Am I doing something wrong?
Thanks for the help in advance.
↧
JavaDocs for Zimbra API
Is there a place to view the JavaDocs for the Zimbra API? I am writing a Zimlet that uses a JSP to access Zimbra Properties
↧
↧
How to open zimbra mail composer from external appliaction with attachments
Hi all!
I shuld develope a function in my win32 application to open the zimbra mail composer passing some parameters...
i've already found i can use something like this:
but the question is: is it possible to post one or more attachment to the new mail window while opening it with an http post request?
many thx
I shuld develope a function in my win32 application to open the zimbra mail composer passing some parameters...
i've already found i can use something like this:
Code:
http://demo2.zimbra.com/zimbra/h/search?si=0&so=0&sc=7251&st=message&action=compose&to=someone@example.com&subject=SUBJECT&bcc=someone.else@example.commany thx
↧
Re-write Zimbra web front?
I'm new to Zimbra and have a few questions. Basically I already have a postfix / dovecot / cyrus based mail system built which has been working for the last few years but I want to throw in a web based layer with calendar / tasks functionality. Appears Zimbra is the choice but I want to customize the front end to suite my enterprise environment.
So which of the following is more difficult?
1) Install Zimbra and just use it's core functions but completely re-design / write the web front end? Or write the web interface from the ground up?
2) Write the web front end from scratch building on my existing setup, adding in calendar / task / contact, etc.
I guess it depends whether Zimbra has everything exposed via SOAP API and I can just use Java to call?
Also, is the source that is available the full network edition or only contain the feature in the open source edition? This is important because I'm using Outlook at the moment and if the code is only the open source edition this means it won't work with Outlook.
So which of the following is more difficult?
1) Install Zimbra and just use it's core functions but completely re-design / write the web front end? Or write the web interface from the ground up?
2) Write the web front end from scratch building on my existing setup, adding in calendar / task / contact, etc.
I guess it depends whether Zimbra has everything exposed via SOAP API and I can just use Java to call?
Also, is the source that is available the full network edition or only contain the feature in the open source edition? This is important because I'm using Outlook at the moment and if the code is only the open source edition this means it won't work with Outlook.
↧
Sending automatic abuse complaints
Hi everyone!
I'm just dropping by to share a little script I wrote a couple of days ago.
I've noticed a huge increase in open relay scanning, and although Zimbra users aren't vulnerable, I thought this was a good opportunity to annoy spammers.
Suspicious entries in the daily log look like this:
What's going on? Basically, someone is looking for misconfigured mail servers which will forward e-mails for anyone. This would allow them to send spam and have someone else deal with consequences.
Looking more closely at the logs, I figured that all those scans were originating from the same individual (because of patterns in the scan). At first, I began sending abuse mail manually, but it didn't take long for me to realize that it was far too time consuming. So I wrote a small shell script that does the job by itself: everyday, it parses Zimbra logs, looks for suspicious entries and sends everything to the registered abuse contact in the WHOIS database.
(You may have to install mutt manually.)
In order for the script to be called everyday, all you have to do is edit zimbra's logrotate script located at
:
This way, every time zimbra logs get archived, the script goes through them just before they are compressed.
Finally, here is a sample mail generated by this script.
Hello,
I have received suspicious connexion on port 25 from a machine located in your network.
Here are the relevant postfix logs:
Jan 31 19:27:02 atria postfix/smtpd[21972]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 19:27:02 atria postfix/smtpd[21972]: connect from unknown[88.247.78.4]
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: disconnect from unknown[88.247.78.4]
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 22:15:21 atria postfix/smtpd[3430]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:15:21 atria postfix/smtpd[3430]: connect from unknown[88.247.78.4]
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:22 atria postfix/smtpd[3430]: disconnect from unknown[88.247.78.4]
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:43:40 atria postfix/smtpd[16701]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:43:40 atria postfix/smtpd[16701]: connect from unknown[88.247.78.4]
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: disconnect from unknown[88.247.78.4]
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:43:40
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:43:40
One of your computers may have been infected, or it is possible that one of your clients is up to no good.
Could you please look into it?
Regards,
Ivan
That's it! It doesn't cost much, and may cost precious resources to spammers if ISPs and hosting providers recieve enough complaints.
Feel free to extend the script to detect other types of undesirable behaviour!
I'm just dropping by to share a little script I wrote a couple of days ago.
I've noticed a huge increase in open relay scanning, and although Zimbra users aren't vulnerable, I thought this was a good opportunity to annoy spammers.
Suspicious entries in the daily log look like this:
Code:
message reject detail
---------------------
RCPT
Relay access denied (total: 38)
5 ono.com
3 190.5.230.178
3 p578bd5ec.dip0.t-ipconnect.de
3 nuvox.net
3 63.115.40.56
3 amos-traffic.co.uk
2 charter.com
2 static.sbb.rs
2 bband-dyn112.178-41-177.t-com.sk
2 119.73.152.205
2 mtnbusiness.co.za
1 201.203.3.10
1 telesp.net.br
1 rogers.com
1 rr.com
1 teksavvy.com
1 cox.net
1 rima-tde.net
1 88.247.78.4Looking more closely at the logs, I figured that all those scans were originating from the same individual (because of patterns in the scan). At first, I began sending abuse mail manually, but it didn't take long for me to realize that it was far too time consuming. So I wrote a small shell script that does the job by itself: everyday, it parses Zimbra logs, looks for suspicious entries and sends everything to the registered abuse contact in the WHOIS database.
Code:
#!/bin/bash
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
MAIL_HEAD="Hello,\n
\n\
I have received suspicious connexion on port 25 from a machine located in your network.\n\
Here are the relevant postfix logs:\n"
MAIL_FOOT="\nOne of your computers may have been infected, or it is possible that one of your clients is up to no good.\n\
Could you please look into it?\n\
\n\
Regards,\n\
[My Name]"
for IP in `grep -i "relay access" /var/log/zimbra.log.1 |perl -ne '/from [A-Za-z0-9.-]+\[([0-9.]+)\]/ && print $1 . "\n"' |sort -u`
do
ABUSE_MAIL=`whois $IP |egrep -o "abuse[A-Za-z0-9.-]*@[A-Za-z0-9.-]+" |sort -u`
if [[ -n "$ABUSE_MAIL" ]]
then
echo -e $MAIL_HEAD > mail.tmp
grep $IP /var/log/zimbra.log.1 >> mail.tmp
echo -e $MAIL_FOOT >> mail.tmp
# Add "-b my@mail.tld" to mutt's arguments if you want to recieve a blind carbon copy of the sent e-mails.
mutt -e 'set from=my@mail.tld realname="My Name"' -s "SMTP abuse from $IP" $ABUSE_MAIL < mail.tmp
fi
done
rm -f mail.tmpIn order for the script to be called everyday, all you have to do is edit zimbra's logrotate script located at
Code:
/etc/logrotate.d/zimbraCode:
/var/log/zimbra.log {
daily
missingok
notifempty
create 0644 syslog adm
compress
postrotate
/usr/sbin/service rsyslog restart >/dev/null || true
su - zimbra -c "/opt/zimbra/bin/zmswatchctl restart" > /dev/null 2>&1 || true
# -------- EDIT THIS --------
/path/to/abuse.sh || true
# ---------------------------
endscript
}Finally, here is a sample mail generated by this script.
Quote:
Hello,
I have received suspicious connexion on port 25 from a machine located in your network.
Here are the relevant postfix logs:
Jan 31 19:27:02 atria postfix/smtpd[21972]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 19:27:02 atria postfix/smtpd[21972]: connect from unknown[88.247.78.4]
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 19:27:03 atria postfix/smtpd[21972]: disconnect from unknown[88.247.78.4]
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 19:30:23 atria postfix/anvil[21974]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 19:27:02
Jan 31 22:15:21 atria postfix/smtpd[3430]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:15:21 atria postfix/smtpd[3430]: connect from unknown[88.247.78.4]
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:21 atria postfix/smtpd[3430]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:15:22 atria postfix/smtpd[3430]: disconnect from unknown[88.247.78.4]
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:18:42 atria postfix/anvil[3432]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:15:21
Jan 31 22:43:40 atria postfix/smtpd[16701]: warning: hostname 88.247.78.4.static.ttnet.com.tr does not resolve to address 88.247.78.4: No address associated with hostname
Jan 31 22:43:40 atria postfix/smtpd[16701]: connect from unknown[88.247.78.4]
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: filter: RCPT from unknown[88.247.78.4]: <test@live.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: NOQUEUE: reject: RCPT from unknown[88.247.78.4]: 554 5.7.1 <therichsheickc@yahoo.com>: Relay access denied; from=<test@live.com> to=<therichsheickc@yahoo.com> proto=ESMTP helo=<[192.168.2.33]>
Jan 31 22:43:41 atria postfix/smtpd[16701]: disconnect from unknown[88.247.78.4]
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection rate 1/60s for (smtp:88.247.78.4) at Jan 31 22:43:40
Jan 31 22:47:01 atria postfix/anvil[16703]: statistics: max connection count 1 for (smtp:88.247.78.4) at Jan 31 22:43:40
One of your computers may have been infected, or it is possible that one of your clients is up to no good.
Could you please look into it?
Regards,
Ivan
Feel free to extend the script to detect other types of undesirable behaviour!
↧
Zimbra public code access now available
Public access to the Zimbra code is now available. Please see https://wiki.zimbra.com/wiki/Building_Zimbra_using_Git
↧
↧
Get Date From ZmMailMsg
Hello,
I have a question about ZmMailMsg: I want to get the datetime the message was received. I'm not able to find this property.
I can get the Subject, the recipients, the sender, the body, etc. but no datetime. Further I don't find something on google about this.
Maybe you can give me a hint?
thank u
I have a question about ZmMailMsg: I want to get the datetime the message was received. I'm not able to find this property.
I can get the Subject, the recipients, the sender, the body, etc. but no datetime. Further I don't find something on google about this.
Maybe you can give me a hint?
thank u
↧
How to build 8.0.6 and Ironmaiden (8.0.7) in Ubuntu 12.04
Zimbra source code was made available again as a GIT repository recently. :)
After many fixes to the current official documentation :( I have finally managed to build Zimbra OSE 8.0.6 and Zimbra OSE 8.0.7 in an Ubuntu 12.04 64 bit system :cool:. The original instructions are in Spanish but the commands speak for themselves. Just make sure you use a new minimal installation so that you don't loose any important contents.
Feel free to adapt it to a Zimbra Wiki page so that it helps more people.
Feedback is welcome.
Compilar Zimbra OSE 8.0.6
Compilar Zimbra OSE Ironmaiden (8.0.7)
After many fixes to the current official documentation :( I have finally managed to build Zimbra OSE 8.0.6 and Zimbra OSE 8.0.7 in an Ubuntu 12.04 64 bit system :cool:. The original instructions are in Spanish but the commands speak for themselves. Just make sure you use a new minimal installation so that you don't loose any important contents.
Feel free to adapt it to a Zimbra Wiki page so that it helps more people.
Feedback is welcome.
Compilar Zimbra OSE 8.0.6
Compilar Zimbra OSE Ironmaiden (8.0.7)
↧
SendInviteReply not causing Event Status to be updated
I am using SendInviteReply to update the status of an event but it does not seem to be updating it. Below is the XML request and response:
<SendInviteReplyRequest xmlns="urn:zimbraMail" echo="1" html="1" id="361-360" compNum="0" verb="ACCEPT" updateOrganizer="TRUE">
<m>
<e t="t" a="c80calendar@gmail.com"></e>
<e t="t" a="c80calendar@gmail.com"></e>
<mp part="" ct="text/plain" body="1">
<content>test</content>
</mp>
</m>
</SendInviteReplyRequest>
<SendInviteReplyResponse xmlns="urn:zimbraMail" invId="361-475" apptId="361" calItemId="361"></SendInviteReplyResponse>
Am I doing something wrong?
Thanks for the help in advance.
<SendInviteReplyRequest xmlns="urn:zimbraMail" echo="1" html="1" id="361-360" compNum="0" verb="ACCEPT" updateOrganizer="TRUE">
<m>
<e t="t" a="c80calendar@gmail.com"></e>
<e t="t" a="c80calendar@gmail.com"></e>
<mp part="" ct="text/plain" body="1">
<content>test</content>
</mp>
</m>
</SendInviteReplyRequest>
<SendInviteReplyResponse xmlns="urn:zimbraMail" invId="361-475" apptId="361" calItemId="361"></SendInviteReplyResponse>
Am I doing something wrong?
Thanks for the help in advance.
↧
Create soap admin extension
Hi,
I try to create a custom admin soap extention like this https://localhost:7071/service/admin/soap/HelloWorldRequest ?
thanks
I try to create a custom admin soap extention like this https://localhost:7071/service/admin/soap/HelloWorldRequest ?
thanks
↧
↧
Authenticated users with zimbra server
Hi,
Is there any possibilities that i get a email and password that i have in zimbra from user and if they was valid let him use service ?
i mean i want to use zimbra as a source for user authentication that all visitors that have zimbra account with us can use other services too
Thank you
Is there any possibilities that i get a email and password that i have in zimbra from user and if they was valid let him use service ?
i mean i want to use zimbra as a source for user authentication that all visitors that have zimbra account with us can use other services too
Thank you
↧
Chrome in Zimbra 8 not repositioning on resize
I am building new skins in Zimbra 8 and have noticed that when you resize the Chrome browser, the components on the page do not re-adjust to the new size. For example take the serenity (zimbra 8 default) skin, and turn on your mini-calendar to show in lower left corner.
In all other browsers but Chrome, the minicalendar (as well as many other components on the page) will re-position themselves to always be visible. With Chrome, if you resize the window down, the mini-calender re-position itself to remain visible and stay in its place on the page, but if you resize the window up the minicalendar will not re-position and disappear from view.
I do not know if this is a known issue but it seems it should be. Does anyone have any solution to this issue?
In all other browsers but Chrome, the minicalendar (as well as many other components on the page) will re-position themselves to always be visible. With Chrome, if you resize the window down, the mini-calender re-position itself to remain visible and stay in its place on the page, but if you resize the window up the minicalendar will not re-position and disappear from view.
I do not know if this is a known issue but it seems it should be. Does anyone have any solution to this issue?
↧
Rescheduling via REST -- what METHOD?
I am trying to get my zimbra server to reschedule an appointment via REST.
It is relatively straight forward, file.ics is updated with new date of the VEVENT maintaining the UID, incrementing the SEQUENCE and updating the DTSTAMP. I post the ics with curl and the appointment is updated. Easy-peasy.
Now if I had attendees (required participants) to this event then they need to be notified of this change. I.e. new invites need to be sent out to them. On the smartclient the ModifyAppointmentRequest SOAP call does that, but with my REST call this notification is not happening. The event is only updated in the organiser's calendar but not in the attendees' calendars.
I have read RFC 2446 - iCalendar Transport-Independent Interoperability Protocol (iTIP) Scheduling Events, BusyTime, To-dos and Journal Entries but it is still not clear what method should be used in my ics. A REQUEST is the obvious choice as per 3.2.2.1 but my understanding is that it is for the communication between the servers. What method would the organizer's client use when talking to the server?
Code:
curl -v -u us@er.pro:123456 --upload-file file.ics http://er.pro/service/home/us@er.pro/Cal1?fmt=icsNow if I had attendees (required participants) to this event then they need to be notified of this change. I.e. new invites need to be sent out to them. On the smartclient the ModifyAppointmentRequest SOAP call does that, but with my REST call this notification is not happening. The event is only updated in the organiser's calendar but not in the attendees' calendars.
I have read RFC 2446 - iCalendar Transport-Independent Interoperability Protocol (iTIP) Scheduling Events, BusyTime, To-dos and Journal Entries but it is still not clear what method should be used in my ics. A REQUEST is the obvious choice as per 3.2.2.1 but my understanding is that it is for the communication between the servers. What method would the organizer's client use when talking to the server?
↧