Results 1 to 3 of 3

Thread: [SOLVED] Admin account - brute force attempts? Lockout?

  1. #1
    billinvegas's Avatar
    billinvegas is offline Active Member
    Join Date
    Jun 2011
    Location
    Sin City
    Posts
    38
    Rep Power
    4

    Default [SOLVED] Admin account - brute force attempts? Lockout?

    Hi,

    very new to Zimbra (and *nix) no please forgive any newbie errors or mistakes...

    I have installed, and finally set up a ZCS open source edition on Ubuntu 10.04

    Put it online earlier, created domains, domain aliases, users, forwards -
    most of the basic stuff we would need a mail serve to do...

    Everything working fine, e-mails sent and received for domain and alias domain (very happy)
    decided to enable the "lockout" feature, set the attempts to 3, and time to 15 minutes

    After about 1 hour or so, I decided to check the admin e-mail to see if
    if there were any important notifications sent.

    web mail interface reported an "incorrect password"
    (I know I have the correct password entered)
    web admin interface also showed incorrect password error...

    Q: is this the type of message a user would see if the account is in lockout?

    Q: where in the logs can I look to find out if this was a brute force attempt that caused a lockout (if this was the case)
    Is this a Zimbra log? or is it logged in Linux?

    if the admin account is locked out, how can it be re-set?
    through the root user?
    (was able to ssh to the server, with Ubuntu username / password, and successfully super user'd to root)

    at any rate, got paranoid about this and took the server offline (we have another mail server in use - zimbra is hopefully going to be it's replacement)
    I'd like to learn how to check to see if it is a brute force attack, or hack by examining the logs...

    Oh, finally...

    how exactly does one paste the large amounts of text (i.e. logs) in the forum, where the text pasted has the scroll bars
    next to it?

    thanks!

    Bill
    Last edited by billinvegas; 06-29-2011 at 12:18 AM. Reason: additional info

  2. #2
    dik23 is offline Advanced Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    4

    Default

    Admin Password Reset although you say you've set it to allow you in after 15 mins so whether you need this or not is down to whether you've really forgotten the password or not.

    I personally don't have the admin account as an administrator, I have another account for that, although I do keep it because system mail is sent there. I view having admin as admin similar to allowing ssh direct to root.

    For pasting logs etc use the [CODE] tags, this is easily available when composing a message above the text input box but below the drop down menu that says Attachments.

    Hope this helps

  3. #3
    billinvegas's Avatar
    billinvegas is offline Active Member
    Join Date
    Jun 2011
    Location
    Sin City
    Posts
    38
    Rep Power
    4

    Default

    don't know if this is a reply situation, or if I should start a new thread...

    I also have a couple of users who have very common names as their e-mail addresses (joe, lisa)

    I would love to give them new usernames (joeplastname@domain.com)
    but they do have an established base of clients / people who use the existing usernames

    I also have been reading about brute force attempts on accounts on the mail server. Common names I would guess are an easy target to attempt...

    Here's my thoughts, please correct me if I'm wrong...

    - no users with common name e-mail addresses (joe@domain.com)
    give them an email such as joeplastname@domain.com

    - make an alias of "joe" that points to joeplastname@domain.com

    Mail sent to joe@domain should get deliverd to joeplastname@domain.com, correct?

    What would be the results of a brute force attempt on an alias?
    joe@domain.com
    it's technically not an account, correct?

    Would implementing this, along with strong passwords, account lockout
    be a good method to keep the bastards out of our system?

    thank you

    Bill

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 05-25-2011, 11:14 AM
  2. Admin account getting locked out
    By pbrunnen in forum Administrators
    Replies: 0
    Last Post: 05-18-2011, 05:54 AM
  3. Allow single account to be domain admin over multiple domains
    By peter@mxtoolbox.com in forum Administrators
    Replies: 2
    Last Post: 03-19-2008, 12:36 PM
  4. restore admin account
    By preem in forum Administrators
    Replies: 2
    Last Post: 01-19-2007, 07:56 AM
  5. Admin Account
    By rmvg in forum Users
    Replies: 4
    Last Post: 09-18-2005, 11:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •