[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP Change Log

To: Keith McDermott <kmcdermo@purdue.edu>
Subject: Re: LDAP Change Log
From: William Froning <wfroning@aus.edu>
Date: Mon, 27 May 2013 08:14:59 +0400 (GST)
Cc: Zimbra Higher-Ed Admins <zimbra-hied-admins@sfu.ca>
In-reply-to: <51A246B8.9010507@purdue.edu>
List-help: <mailto:zimbra-hied-admins-request@sfu.ca?subject=help> (List Instructions)
List-id: <zimbra-hied-admins.sfu.ca>
List-owner: <mailto:owner-zimbra-hied-admins@sfu.ca>
List-unsubscribe: <mailto:zimbra-hied-admins-request@sfu.ca?subject=unsubscribe>

Hello Keith,

----- Original Message -----
> Hi Will,
> 
> We do this by looking at several preferences of each account to look
> for
> spammy items.
> 
> I'd suggest taking a look at the following items through zmprov:
> 
> ga -e <account> uid zimbraPrefMailForwardingAddress
> zimbraPrefMailLocalDeliveryDisabled zimbraPrefSaveToSent
> gsig <account> zimbraSignatureName zimbraPrefMailSignature
> zimbraPrefMailSignatureHTML
> gid <account> zimbraPrefIdentityName zimbraPrefFromDisplay
> zimbraPrefFromAddress zimbraPrefReplyToDisplay
> zimbraPrefReplyToAddress

Thanks for the details. I think Rich's queries also include these. That gives me some reassurance it works for multiple places. 

One thing I've noticed is that looking for bad grammar and "spammy" things doesn't work well for us as most of our students have English as a second language.
 
> We are doing this on 6.0.10 but we will be moving to Zimbra 8
> relatively
> soon.

Good luck on the upgrade. I'm sure everyone on the list would be glad to hear how the upgrade goes.

Thanks,
Will

> On 5/26/13 12:09 AM, William Froning wrote:
> > Hello All,
> >
> > I was wondering how you all are monitoring Zimbra LDAP change
> > events. I can't seem to find the right log (if it is even enabled)
> > to watch for account changes that might suggest a compromised
> > account.
> >
> > We are running 7.2.1. Any assistance is welcome.
> >
> > Thanks,
> > Will
> >
> 
> 

-- 
Will Froning
Information Security Manager
Office of the Vice Chancellor for Finance and Administration


American University of Sharjah

Tel +971 6 515 2124
Mob +971 50 737 1599
Fax +971 6 515 2120
PO Box 26666, Sharjah
United Arab Emirates
http://www.aus.edu
wfroning@aus.edu

References:
- Re: LDAP Change Log
  - From: Keith McDermott <kmcdermo@purdue.edu>

Prev by Date: Re: LDAP Change Log
Next by Date: Re: LDAP Change Log
Previous by thread: Re: LDAP Change Log
Next by thread: Re: LDAP Change Log
Index(es):
- Date
- Thread