Sometime our customer that use Zimbra has frequent issue in internal spammer because weakness in user password so i created a script to scanning it then we can push the user to use the hard one. maybe it’s quite similar as my previous post
I made script to make mailman3 installation easy (automated) based on my experience installing it manually. for installation guide and prerequisite condition you can see in it’s repository here https://github.com/iomarmochtar/mailman3_ei
Here’s the post installation topics that may you need:
As my previous post about enhancing password policy in ClearOS i mentioned about create simple PHP script for detecting user which using weak password. so i’d like to share it.
Our customer using ClearOS 6 (professional edition) to store user password and almost all applications using it as external authentication so user only has to remember one password and Zimbra is one of the application.
Recently the public IP that used as mail outgoing traffic being listed in RBL and by our check in server we found there are some user account has been hijacked so it’s sending spam email to outside domain (gmail.com, outlook.com, etc) then i set suspected status to close in zimbra also reset it’s password randomly but it’s happen quite frequently.
Then i created simple php script using clearOS API to scan weak password (based on list), surprisingly there are bunch of user using weak password such as “Passwd11”, “Paasword88”, etc. so i conclude the builtin password policy in ClearOS is not good enough to prevent it.
Based on my experience create and modifying ClearOS module (as it’s just a PHP code) i modified ClearOS user module. to increase password policy by following criteria:
- Maximum length
- Minimum length
- Minimum uppercase
- Minimum numeric character
- Minimum punctuation character
- Forbid user to use username within password
- Forbid user to use password that listed in weak password list.
I use icinga2 version 2.4 in my testing environment but unfortunately it doesn’t include with several several feature that i need to RnD one of them is InfluxDB Writer. so by just adding icinga2 PPA the latest version has been installed (2.6), but icinga2 cannot running with following error message in log file
critical/IdoMysqlConnection: Schema version ‘1.14.0’ does not match the required version ‘1.14.2’ (or newer
(0) Reconnecting to MySQL IDO database ‘ido-mysql’
icinga2.service: Main process exited, code=exited, status=1/FAILURE
So the root cause of this issue is different db schema between icinga2 version 2.4 and 2.6 in ido-mysql. then i apply new schema for 2.5 to 2.6 (must be sequentially).
mysql -uroot icinga2 < /usr/share/icinga2-ido-mysql/schema/upgrade/2.5.0.sql
mysql -uroot icinga2 < /usr/share/icinga2-ido-mysql/schema/upgrade/2.6.0.sql
Then restarting icinga2 service
# systemctl restart icinga2
Distribution list in Zimbra is a mail grouping that makes broadcast mail much easier, but in some corporation there is restriction for limiting only for such user that can send mail to distribution list. If you are using zimbra Network Edition you may just using Zimbra Admin Console but CLI still best friend for those who using OSE 🙂 .
Grant user access for account email@example.com to send to such distribution list
zmprov grr dl firstname.lastname@example.org usr email@example.com sendToDistList
Revoking user access.
zmprov rvr dl firstname.lastname@example.org usr email@example.com sendToDistList
Get access list (grants) to distribution list called firstname.lastname@example.org
zmprov gg -t dl email@example.com
- You must activate Zimbra Milter Service for using this service.
- i just using grantee-type usr (user) in this example, you may change to another grantee-type if you want to (grp, egp, all, dom, edom, gst, key, pub, email).
- In every time the rights is changed you must reload mta service by run command zmmtact reload
I Just migrate all projects application into Django version 1.8, all django apps are migrated smoothly but there is an error in simple my script that using Django ORM (used for background tasks).
... django.core.exceptions.AppRegistryNotReady: Models aren't loaded yet.
After some searching in google this page helped me. so i just add these line of code on top of my django script.
import django django.setup()
If you following my previous tutorial for installing e2guardian in ClearOS you may face strage warning page when content filter detecting some block content, here’s some example.
ClearOS 6 using dansguardian version 2.10 as it’s web content filter service, i’ve been faced dansguardian performance issue in large client usage event though Performance Level has been set to Extra Large, then i’d like to upgrade dansguardian version but it’s seem there is no development activities since 2012. My finding resulted another alternative to dansguardian that has almost exactly has same configuration file, that is e2guardian. most knows as dansguardian’s fork.
e2guardian can be installed by compiling from it’s source code and for increasing performance File Descriptor will be increased until 8192 (1024 * 8) due i will pull up e2guardian’s maxchildren.
Sometime i need this repo file configuration to install some packages that doesn’t exist in RHEL-like distros,