[ZIMBRA] Prevent User Customizing “FROM” header

September 13, 2017November 17, 2017 ~ iomarmochtar ~ 19 Comments

Background

Some of our Zimbra customers are complaining for authenticated user can customizing FROM header which can lead to fraud email. this issue can be reproduce by using thunderbird once compose an email as following picture.

or by using this script, change variables username, password, fake_from and to_addr based on your environment.

Solution

I created customized milter engine using python milter library for my workaroud with following features:

Continue reading “[ZIMBRA] Prevent User Customizing “FROM” header” →

Getting all Zimbra Task Through SOAP

August 24, 2017 ~ iomarmochtar ~ Leave a comment

For example you want to fetch all task list which has branch in it as this picture. tasks_tree

You can fetch them using soap call Search for filter recursively task folder from root dir (/) and GetFolder for fetch task detail, here’s the example script of using mentioned soap call.

Continue reading “Getting all Zimbra Task Through SOAP” →

Zimbra Weak Password Scanner

August 1, 2017August 1, 2017 ~ iomarmochtar ~ 3 Comments

Sometime our customer that use Zimbra has frequent issue in internal spammer because weakness in user password so i created a script to scanning it then we can push the user to use the hard one. maybe it’s quite similar as my previous post

Continue reading “Zimbra Weak Password Scanner” →

Mailman3 Easy Installation

July 21, 2017July 27, 2017 ~ iomarmochtar ~ 12 Comments

I made script to make mailman3 installation easy (automated) based on my experience installing it manually. for installation guide and prerequisite condition you can see in it’s repository here https://github.com/iomarmochtar/mailman3_ei

Here’s the post installation topics that may you need:

Continue reading “Mailman3 Easy Installation” →

Using Django Template Outside Project

July 19, 2017July 19, 2017 ~ iomarmochtar ~ Leave a comment

if you have similar needs for using django template outside django project then this snipped will be useful.

	import django
	from django.template import Template, Context
	from django.conf import settings
	# optional if you just render str instead of template file
	from django.template.loader import get_template

	settings.configure(TEMPLATES=[{
	'BACKEND': 'django.template.backends.django.DjangoTemplates',
	# if you want to render using template file
	'DIRS': ['/tmp/template_dirs']
	}])
	django.setup()

	# variables that will be passed to template
	vars = {'name':'mochtar'}

	print Template("Using string = {{name}}").render(Context(vars))

	# file say_hello.tmpl located in folder /tmp/template_dirs as it's configured above
	print get_template("say_hello.tmpl").render(vars)

view raw using_django_template_outside.py hosted with ❤ by GitHub

ClearOS 6 weak password scanner

May 17, 2017 ~ iomarmochtar ~ Leave a comment

As my previous post about enhancing password policy in ClearOS i mentioned about create simple PHP script for detecting user which using weak password. so i’d like to share it.

Continue reading “ClearOS 6 weak password scanner” →

Enhance ClearOS 6 Password Policy

May 17, 2017May 28, 2017 ~ iomarmochtar ~ Leave a comment

Background

Our customer using ClearOS 6 (professional edition) to store user password and almost all applications using it as external authentication so user only has to remember one password and Zimbra is one of the application.

Recently the public IP that used as mail outgoing traffic being listed in RBL and by our check in server we found there are some user account has been hijacked so it’s sending spam email to outside domain (gmail.com, outlook.com, etc) then i set suspected status to close in zimbra also reset it’s password randomly but it’s happen quite frequently.

Then i created simple php script using clearOS API to scan weak password (based on list), surprisingly there are bunch of user using weak password such as “Passwd11”, “Paasword88”, etc. so i conclude the builtin password policy in ClearOS is not good enough to prevent it.

Solution

Based on my experience create and modifying ClearOS module (as it’s just a PHP code) i modified ClearOS user module. to increase password policy by following criteria:

Maximum length
Minimum length
Minimum uppercase
Minimum numeric character
Minimum punctuation character
Forbid user to use username within password
Forbid user to use password that listed in weak password list.

Continue reading “Enhance ClearOS 6 Password Policy” →

Simple Not Found Response Page on CherryPY

May 4, 2016 ~ iomarmochtar ~ Leave a comment


class Root(object):

    _cp_config = {
        'error_page.404': lambda **x: "Halaman tidak ditemukan :("
    }

Using HTTPS on CherryPY

May 4, 2016 ~ iomarmochtar ~ Leave a comment

Here’s CherryPY app configuration for using HTTPS:


cherrypy.config.update({
  'server.ssl_module': 'builtin',
  'server.ssl_certificate': '/opt/myapp/conf/cert/cert.crt',
  'server.ssl_private_key': '/opt/myapp/conf/cert/cert.key',
})

for ssl module module you can use builtin or pyopensll (by installing pyOpenSSL module). Use this command if you want create self sign certificate.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.crt

Dump & Restore MongoDB With Specified Collection and DB

February 14, 2016February 14, 2016 ~ iomarmochtar ~ Leave a comment

For example i have collection with name logs and db postfix, the output for dumped DB will be located to /tmp/backupmong


mongodump --out /tmp/backupmong/ --collection logs&nbsp;--db postfix

The command above will generating 2 files .bson and .metadata.json

Here’s the command for restoring the database (collection) by using .bson file.


mongorestore /tmp/backupmong/postfix/logs.bson -d anotherdb -c anotercol