[SOLVED] Checking all reply-to addresses and password requirements

[dljordaneku]

Ok. so a while back we had a spammer gain access to some accounts due to easy passwords. They had went in and changed the forwarding address on these accounts so any mail coming to these accounts got forwarded to them also. I had went in and changed the ones I knew got hacked but I found out yesterday that they had also changed the reply-to address so when these people used the web interface to sent out email, any replies went to the spammer and not back to the account holder.

I have over 300 accounts so is there anyway using the CLI to scan all accounts and give me the forwarding addresses on the accounts as well as the reply-to addresses? Some of the account will have forwarding addresses that are good so I know some will get returned but I can work through that list

Also, if I go in and change the password requirements to be more strict, will that break current passwords if they don't meet the requirements? My hope there is to set the passwords to expire in like 15 days and force everyone to change their password to something harder to hack.

Thanks.

dj

[raj]

su - zimbra
zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"

will list the information you asking for..you will need to figure out which ones are good or bad

* i dont know the attribute for Reply-to Address..may be someone can post here

Password stuff can be changed in Amin interface


Raj

[dljordaneku]

Quote:

Originally Posted by raj

su - zimbra
zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"

will list the information you asking for..you will need to figure out which ones are good or bad

Password stuff can be changed in Amin interface


Raj

Thanks for the CLI info. I will try that here in a bit to see I know the password stuff can be change in the admin panel but the question is still will it keep people from logging in if I change it now? If i change it to be 20 characters long, will people with only 10 be kept from logging in? That's just an example

dj

[dljordaneku]

Quote:

Originally Posted by raj

su - zimbra
zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"

will list the information you asking for..you will need to figure out which ones are good or bad

* i dont know the attribute for Reply-to Address..may be someone can post here

Password stuff can be changed in Amin interface


Raj

Ok. That's not returning any information for me. I will double check it to make sure I have it right but as of now, no go

dj

[LMStone]

Quote:

Originally Posted by dljordaneku

Ok. so a while back we had a spammer gain access to some accounts due to easy passwords. They had went in and changed the forwarding address on these accounts so any mail coming to these accounts got forwarded to them also. I had went in and changed the ones I knew got hacked but I found out yesterday that they had also changed the reply-to address so when these people used the web interface to sent out email, any replies went to the spammer and not back to the account holder.

I have over 300 accounts so is there anyway using the CLI to scan all accounts and give me the forwarding addresses on the accounts as well as the reply-to addresses? Some of the account will have forwarding addresses that are good so I know some will get returned but I can work through that list

Also, if I go in and change the password requirements to be more strict, will that break current passwords if they don't meet the requirements? My hope there is to set the passwords to expire in like 15 days and force everyone to change their password to something harder to hack.

Thanks.

dj

You can create a new COS that requires password complexity and password expiration/rotation, and then apply it to the domains impacted.

If the existing COS has no password expiration, the users will be prompted to change their password immediately. Not sure what happens if the existing COS does have password expiration requirements, but you can test easily.

Hope that helps,
Mark

[dljordaneku]

Quote:

Originally Posted by LMStone

You can create a new COS that requires password complexity and password expiration/rotation, and then apply it to the domains impacted.

If the existing COS has no password expiration, the users will be prompted to change their password immediately. Not sure what happens if the existing COS does have password expiration requirements, but you can test easily.

Hope that helps,
Mark

Ok. Thanks. This gives me something to work from. I am still trying to get the scripts to run for the forwarding and reply addresses. Still can't get the earlier one to work.

dj

[dljordaneku]

Ok. I guess I was just typing something wrong the other day or moving to a better vmware box did the trick but I am now able to pull the accounts with a forwarding address. No spammers but I did find some I need to fix.

Now just have to get the replyto figured out

dj

[dljordaneku]

Quote:

Originally Posted by raj

su - zimbra
zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"

will list the information you asking for..you will need to figure out which ones are good or bad

* i dont know the attribute for Reply-to Address..may be someone can post here

Password stuff can be changed in Amin interface


Raj

YEA. I got it Thanks Raj for the first script. I just changed zimbraPrefMailForwardingAddress to zimbraPrefReplyToAddress and it returned those accounts to me

dj

[raj]

glad it worked

Raj