Results 1 to 9 of 9

Thread: [SOLVED] Checking all reply-to addresses and password requirements

  1. #1
    dljordaneku is offline Elite Member
    Join Date
    Sep 2007
    Location
    Richmond, Ky
    Posts
    281
    Rep Power
    7

    Default [SOLVED] Checking all reply-to addresses and password requirements

    Ok. so a while back we had a spammer gain access to some accounts due to easy passwords. They had went in and changed the forwarding address on these accounts so any mail coming to these accounts got forwarded to them also. I had went in and changed the ones I knew got hacked but I found out yesterday that they had also changed the reply-to address so when these people used the web interface to sent out email, any replies went to the spammer and not back to the account holder.

    I have over 300 accounts so is there anyway using the CLI to scan all accounts and give me the forwarding addresses on the accounts as well as the reply-to addresses? Some of the account will have forwarding addresses that are good so I know some will get returned but I can work through that list

    Also, if I go in and change the password requirements to be more strict, will that break current passwords if they don't meet the requirements? My hope there is to set the passwords to expire in like 15 days and force everyone to change their password to something harder to hack.

    Thanks.

    dj

  2. #2
    raj's Avatar
    raj
    raj is offline Moderator
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default

    su - zimbra
    zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"


    will list the information you asking for..you will need to figure out which ones are good or bad

    * i dont know the attribute for Reply-to Address..may be someone can post here

    Password stuff can be changed in Amin interface


    Raj
    i2k2 Networks
    Dedicated & Shared Zimbra Hosting Provider

  3. #3
    dljordaneku is offline Elite Member
    Join Date
    Sep 2007
    Location
    Richmond, Ky
    Posts
    281
    Rep Power
    7

    Default

    Quote Originally Posted by raj View Post
    su - zimbra
    zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"


    will list the information you asking for..you will need to figure out which ones are good or bad

    Password stuff can be changed in Amin interface


    Raj
    Thanks for the CLI info. I will try that here in a bit to see I know the password stuff can be change in the admin panel but the question is still will it keep people from logging in if I change it now? If i change it to be 20 characters long, will people with only 10 be kept from logging in? That's just an example

    dj

  4. #4
    dljordaneku is offline Elite Member
    Join Date
    Sep 2007
    Location
    Richmond, Ky
    Posts
    281
    Rep Power
    7

    Default

    Quote Originally Posted by raj View Post
    su - zimbra
    zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"


    will list the information you asking for..you will need to figure out which ones are good or bad

    * i dont know the attribute for Reply-to Address..may be someone can post here

    Password stuff can be changed in Amin interface


    Raj
    Ok. That's not returning any information for me. I will double check it to make sure I have it right but as of now, no go

    dj

  5. #5
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    Quote Originally Posted by dljordaneku View Post
    Ok. so a while back we had a spammer gain access to some accounts due to easy passwords. They had went in and changed the forwarding address on these accounts so any mail coming to these accounts got forwarded to them also. I had went in and changed the ones I knew got hacked but I found out yesterday that they had also changed the reply-to address so when these people used the web interface to sent out email, any replies went to the spammer and not back to the account holder.

    I have over 300 accounts so is there anyway using the CLI to scan all accounts and give me the forwarding addresses on the accounts as well as the reply-to addresses? Some of the account will have forwarding addresses that are good so I know some will get returned but I can work through that list

    Also, if I go in and change the password requirements to be more strict, will that break current passwords if they don't meet the requirements? My hope there is to set the passwords to expire in like 15 days and force everyone to change their password to something harder to hack.

    Thanks.

    dj
    You can create a new COS that requires password complexity and password expiration/rotation, and then apply it to the domains impacted.

    If the existing COS has no password expiration, the users will be prompted to change their password immediately. Not sure what happens if the existing COS does have password expiration requirements, but you can test easily.

    Hope that helps,
    Mark

  6. #6
    dljordaneku is offline Elite Member
    Join Date
    Sep 2007
    Location
    Richmond, Ky
    Posts
    281
    Rep Power
    7

    Default

    Quote Originally Posted by LMStone View Post
    You can create a new COS that requires password complexity and password expiration/rotation, and then apply it to the domains impacted.

    If the existing COS has no password expiration, the users will be prompted to change their password immediately. Not sure what happens if the existing COS does have password expiration requirements, but you can test easily.

    Hope that helps,
    Mark
    Ok. Thanks. This gives me something to work from. I am still trying to get the scripts to run for the forwarding and reply addresses. Still can't get the earlier one to work.

    dj

  7. #7
    dljordaneku is offline Elite Member
    Join Date
    Sep 2007
    Location
    Richmond, Ky
    Posts
    281
    Rep Power
    7

    Default

    Ok. I guess I was just typing something wrong the other day or moving to a better vmware box did the trick but I am now able to pull the accounts with a forwarding address. No spammers but I did find some I need to fix.

    Now just have to get the replyto figured out

    dj

  8. #8
    dljordaneku is offline Elite Member
    Join Date
    Sep 2007
    Location
    Richmond, Ky
    Posts
    281
    Rep Power
    7

    Default

    Quote Originally Posted by raj View Post
    su - zimbra
    zmprov sa -v zimbraPrefMailForwardingAddress=* | grep -e "uid" -e "zimbraPrefMailForwardingAddress"


    will list the information you asking for..you will need to figure out which ones are good or bad

    * i dont know the attribute for Reply-to Address..may be someone can post here

    Password stuff can be changed in Amin interface


    Raj
    YEA. I got it Thanks Raj for the first script. I just changed zimbraPrefMailForwardingAddress to zimbraPrefReplyToAddress and it returned those accounts to me

    dj

  9. #9
    raj's Avatar
    raj
    raj is offline Moderator
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default

    glad it worked

    Raj
    i2k2 Networks
    Dedicated & Shared Zimbra Hosting Provider

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •