[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LDAP Change Log
Hello Keith,
----- Original Message -----
> Hi Will,
>
> We do this by looking at several preferences of each account to look
> for
> spammy items.
>
> I'd suggest taking a look at the following items through zmprov:
>
> ga -e <account> uid zimbraPrefMailForwardingAddress
> zimbraPrefMailLocalDeliveryDisabled zimbraPrefSaveToSent
> gsig <account> zimbraSignatureName zimbraPrefMailSignature
> zimbraPrefMailSignatureHTML
> gid <account> zimbraPrefIdentityName zimbraPrefFromDisplay
> zimbraPrefFromAddress zimbraPrefReplyToDisplay
> zimbraPrefReplyToAddress
Thanks for the details. I think Rich's queries also include these. That gives me some reassurance it works for multiple places.
One thing I've noticed is that looking for bad grammar and "spammy" things doesn't work well for us as most of our students have English as a second language.
> We are doing this on 6.0.10 but we will be moving to Zimbra 8
> relatively
> soon.
Good luck on the upgrade. I'm sure everyone on the list would be glad to hear how the upgrade goes.
Thanks,
Will
> On 5/26/13 12:09 AM, William Froning wrote:
> > Hello All,
> >
> > I was wondering how you all are monitoring Zimbra LDAP change
> > events. I can't seem to find the right log (if it is even enabled)
> > to watch for account changes that might suggest a compromised
> > account.
> >
> > We are running 7.2.1. Any assistance is welcome.
> >
> > Thanks,
> > Will
> >
>
>
--
Will Froning
Information Security Manager
Office of the Vice Chancellor for Finance and Administration
American University of Sharjah
Tel +971 6 515 2124
Mob +971 50 737 1599
Fax +971 6 515 2120
PO Box 26666, Sharjah
United Arab Emirates
http://www.aus.edu
wfroning@aus.edu