Enabling Brutforce Notifications on Zimbra Mail Server

IAMEM HOST

October 10, 2018 No Comments

Like any other mail server’s Zimbra too is prone to SMTP brutforce attacks. Hackers around the world try to login to the SMTP servers with the most commonly used email ID’s like info, support etc… with random passwords. Once they are able to crack the actual passwords of the accounts, they will start sending SPAM emails from the server which affects the reputation of your domain and IP address.

There is a way to get notified whenever somebody tried to login to the server with incorrect passwords, this service is called Zmauditswatch

Follow the below steps to enable the same on your Zimbra server

Note: All the below commands should be run from Zimbra user only.

1. Setup the notification email, all the brutforce alerts will be sent to this email ID

zmlocalconfig -e [email protected]

2. Now configure the brutforce thresholds

zmlocalconfig -e zimbra_swatch_ipacct_threshold=20
zmlocalconfig -e zimbra_swatch_acct_threshold=30
zmlocalconfig -e zimbra_swatch_ip_threshold=40
zmlocalconfig -e zimbra_swatch_total_threshold=80
zmlocalconfig -e zimbra_swatch_threshold_seconds=3600

3. Start the Zmauditswatch service

zmauditswatchctl start

That’s it … once the above configurations are done, you will start receiving notifications whenever there is a brutforce on the server.

Recommended Services

Supported Scripts

IAMEM HOST

Follow us on

Help

Our Services

We Accept

Recommended Services

Supported Scripts

Enabling Brutforce Notifications on Zimbra Mail Server

IAMEM HOST

Change WordPress URL through functions.php file

Zimbra: Configure Sender Address Verification