DOCSLIB.ORG

Common Security Exploit and Vulnerability Matrix

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Common Security Exploit and Vulnerability Matrix Common Security Exploit and Vulnerability Matrix cfingerd a web document can execute Microsoft JET 3.5X commands on the client workstation /var/opt/SUNWconn/ldap/log/ IIS script can capture domain *.asp 80 tcp slapd.log remote buffer overflow - passwords via AUTH_PASSWORD variable local user can link .forward, execute arbitrary code .plan, or .project and fingerd Excel CALL statement can call any Stores cleartext passwords will read linked file as uid 0 DLL function buffer overflow in cookie Excel SIMS/SDS world readable (i.e., read /etc/shadow file, etc) Document *.xls Excel Scripting Engine asp dot bug tcp/ip Application Apache shows raw source asp interpreter /etc/shadow Excel Scripting Engine Uses Protocol user@host@host redirection cleartext .plan Excel Document *.xls 22 tcp passwords 4000 udp rpcbind .@host reveals users who have never logged in anyform cgi rusers files not in web root !(c:\inetpub\wwwroot\*) 1024- some versions of rpcbind will udp fingerd reveal logged on users GNU fingerd execute any command 2000 cachemgr.cgi from remote listen on ports other than RPC service will leak MDAC RDS unauthenticated remote user information asp pages can access files 0@ reveals users who have never send user#999999 111, and possibly defeat any Cmail 2.3 traffic ICQ\NewDB\uin#.dat cachemgr_passwd formmail cgi including source addresses user.db not in web root 110 tcp pop3 logged in overflow firewall port filtering pseudoencrypts DataFactory of remote users. (allow parent paths) password is sent in cleartext password is stored in passwords into object 112 tcp auth cleartext and file is will proxy port connections guestbook user.db file /winnt/system32/fm20.dll Wingate world readable can be used to find sgi_fam Eudora scripting ? udp Forms 2.0 Control can paste user stores cleartext password in vulnerable RPC services 53 dns script access permissions virtual site tunnel ODBC requests through IP Packet clipboard ICQ\NewDB\uin#.dat MDAC, bypass firewalls engine Active X can access other virtual sites content phf remote attacker can get What is a content based 79 tcp finger overflow filename window to give user (IIS 3.0 and misconfigured IIS 4.0 complete list of files & Dr. Watson Log File FileSystemObject sequence numbers ICQ can view any file on target directories on target invalid information about file ODBCJT32.DLL servers) (Scripting.FileSystemObject, attack? alter filesystem easily guessable OpenTextFile) rstatd can use shell() VBA command to execute 80 tcp http extension. Could be used to cause ConSeal PC trojan files to be executed. arbitrary commands from remote. Get root email attachment Servers may perform analysis of incoming data. leaks /winnt/system32/msdxm test-cgi access Dr. Watson on server. trojan a hostile applet or script Many times they will have interpreters that read 8080 80 tcp list files anywhere on machine information SSH tcp log File (may contain incoming data and perform tasks based upon Firewall log in without password by using about system ActiveMovie passwords/keys) keywords, symbols, and other data. Web servers do file:///aux more than 9 character password configuration some SSH installations will this with the URL. Sendmail does this with email DoS nph-test-cgi 65589 tcp dns buffer overflow in ICQ read any file overflow VRFY, denial of give potential attackers the Remote Control sdr headers. When the server analyzes the incoming flood overloads CIFS challenge Microsoft Scripting Runtime webserver causes crash. http://host/carbo. service, possible execute SSH version, Key sizes, data, it may misinterpret some symbols or symbol machine (http://XXX.XXX.XXX.XXX/....... dll?icatcommand code from remote if perl or any other and Encryption method combinations (sometimes called meta-characters or CIFS challenge perl escape-characters). When this happens, the server run as ..(and so on..../)) =..\..\*z command interpreter is used. encrypted with users /winnt/system32/sccrun.dll execute remote code as Execute remote code as will perform unintended tasks. An attacker can feed interactive Website Server directly located in /cgi-bin password hash 135 tcp download any file process (NT/Unix) through Carbon Copy process (NT/Unix) special commands into the server coaxing it to run loc-srv user execute arbitrary remote users can execute SunOS X.25 (http://<yourIP>/.html/............/config.sys) numerous buffer overflows any command commands or alter files & databases. get ../../* commands via args.cmd 139 tcp netbios-ssn accounts registry key set world read any file ICQ packet leaks internal IP addresses read any file on the system 514 UDP packets with writable (HKLM\Software\Seattle X.25 gateways are often PIX on multi-homed machines ( sendmail -oEfilename_to_read ) strange options can IIS Lab\SLMail\Users) Bay Networks Annex targets of attack. X.25 25 tcp sendmail <EXCH-VERIFY>: ExchAuthenticate() called with udp cause reboot PADS should have access PC Anywhere Firewall fpcount.exe NTServerName:[KBJV_SRV1] /usr/lib/fs/ufs/ufsdump dictionary Terminal Server sendmail -d bug gets root controls. NTDomainName[KBJV_PERTH] ( sendmail -d3294967296 ) syslog FIN fragments can crack Seattle Labs buffer overflow adminMailbox:[xxxxxx] DoS by sending incomplete DoS over firewall (http://annex.www.server/ping?query=<buffer>) rpc.ypupdated Allaire Forums Alibaba adminLoginName:[xxxxxx]password:[xxxxxx] sendmail send/vrfy/expn/mail from:/rcpt local user GECOS if DNS record doesn't exist for users allowed httpd GetFile.cfm to: commands buffer overflow in cgi- rtools overflow, get root declared host, syslogd crashes rpc.ypupdated /usr/lib/fs/ufs/ufsrestore to bind to read any file carbo.dll shl/win-c-sample.exe - remote user execute queue files privileged http://host/GetFile.cfm?FT=Text&FST=P inserting newlines into queue files causes execute code from remote commands as root ports lain&FilePath=C:\*.* arbitrary commands to be run groups are not set properly - Cheyenne upload and run any 11 stores cleartext link to a file another owns, get get remote root access execute commands as IP Header iCat Carbo Suite code via uploader.exe password in test.log local user gets root ArcServe EXPN can be used to targets groups root from remote 6050 tcp decode find destination udp 25 tcp addresses of aliases & pipe mail through REHUP attack causes any tcp lists Wizard mode backdoor gives root systat Livingston RADIUS 2080 tcp sendmail allows mail Guest user can change decode alias and create program to be run as root test.log relaying has default accounts: password Sendmail Linux Kernel monitor,monitor DEBUG mode allows remote execution of systat will give away system can sniff radius client/server 1031 tcp inetinfo can force max of 2 session to manager,manager aliases piped to programs ? Ascend Wingate has blank commands as root state information to an interaction and recover shared MIME buffer overflow - get root may allow common attacks stay open, will no longer admin,<blank> password Sendmail attacker, including which secret Screen Saver accept TCP connections rpc.cmsd 1029 security,security relaying allows software is running on the tcp File ../..* Any File Majordomo 'REPLY TO:' backtick Outlook What is a relative anonymous machine overflow reverse name invalid IP options access/execution Guest account has blank password VRFY can be if username is a filename, attack - execute arbitrary (*.scr) spamming lookup field - get root on cause seg fault 1038 tcp Password/session/audio/ used to identify can mail to file 98/Express path? commands execute remote code as root video/keystroke sniffing 3Com Wingate valid user target certain versions of NT run 23 tcp screensaver under (SunOS) Programs which do not fully qualify file 23 tcp telnet accounts mail can be overflow syslog() function and get Email send user#999999 overflow Sendmail relaying allows 253 byte password buffer copied SYSTEM account. Can paths (absolute path) can be tricked can list files forged from any root Header anonymous spamming into 128 byte stack buffer add normal user to admin into running trojan programs. If the invalid fragmentation * tcp Back Orifice from remote address (31337) Mail to program ( Windows group. original executable is running in an causes network stack to Port Redirection bounced mail with a piped FROM Can bounce TCP sessions RCPT TO: | elevated context (such as suid), the fail * tcp ( MAIL FROM: |/bin/sed'1,/^$/d|/bin/sh ) crash server through bogus (12345) read any file on system <program> ) NT SNMP ipop3d trojan may be executed with the same ? link /var/tmp/dead.letter to any accounting messages privileges. Initialization files, shared (http://www.server.com:8010/c:/ - NT/Win9x filename field Netbus file, appends data (get root on libraries such as DLL's, and http://www.server.com:8010// - NT/Win9x Can connect to self causing DoS Third packet during setup contains overflow, execute 8010 tcp wingate ../..* Any File system locally via /etc/passwd) dump all usernames in If coredump, it has encrypted temporary files may all be subject to What is dictionary LogFile service http://www.server.com:8010/..../ - Win9x) cleartext username/password remote code domain passwords, if /core already exists, this type of attack. EHLO command will reveal what Cold Fusion Server cracking? X11R4 Cistron RADIUS permissions are retained 21 tcp extended SMTP commands are ftp SITE EXEC command allows send XXXXXX issue many PASV in AMaVIS accepted by the server. delete all WINS records A cryptographic hash can be obtained and cracked via PASV DoS - commands to executed from remote buffer overflow succession and use replace trusted relative brute force. Although it cannot be "decrypted", a consume all (~4000 chars) upload any file 20 tcp ftp-data IIS FTPd anonymous up all ports scanmails script path with Trojan, exec program can encrypt every word in the dictionary connections user can suid, get root against the hash, and if they match, the password has script will expand the subject heading of default 'public' write c:\winnt\* rename files insmod been found.
Load more

Recommended publications
  • Automated IT Service Fault Diagnosis Based on Event Correlation Techniques
    Automated IT Service Fault Diagnosis Based on Event Correlation Techniques Dissertation an der Fakultat¨ fur¨ Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universitat¨ Munchen¨ vorgelegt von Andreas Hanemann Tag der Einreichung: 22. Mai 2007 1. Berichterstatter: Professor Dr. Heinz-Gerd Hegering, Ludwig-Maximilians-Universit¨at M¨unchen 2. Berichterstatterin: Professor Dr. Gabrijela Dreo Rodosek, Universit¨at der Bundeswehr M¨unchen Automated IT Service Fault Diagnosis Based on Event Correlation Techniques Dissertation an der Fakultat¨ fur¨ Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universitat¨ Munchen¨ vorgelegt von Andreas Hanemann Tag der Einreichung: 22. Mai 2007 Tag der m¨undlichen Pr¨ufung: 19. Juli 2007 1. Berichterstatter: Professor Dr. Heinz-Gerd Hegering, Ludwig-Maximilians-Universit¨at M¨unchen 2. Berichterstatterin: Professor Dr. Gabrijela Dreo Rodosek, Universit¨at der Bundeswehr M¨unchen Acknowledgments This thesis has been written as part of my work as a researcher at the Leib- niz Supercomputing Center (Leibniz-Rechenzentrum, LRZ) of the Bavarian Academy of Sciences and Humanities which was funded by the German Re- search Network (DFN-Verein) as well as in cooperation with the research group of Prof. Dr. Heinz-Gerd Hegering. Apart from the LRZ, this research group called MNM-Team (Munich Network Management Team) is located at the University of Munich (LMU), the Munich University of Technology (TUM) and the University of Federal Armed Forces in Munich. At first, I would like to thank my doctoral advisor Prof. Dr. Heinz-Gerd Hegering for his constant support and helpful advice during the whole prepa- ration time of this thesis. I would also like to express my special gratefulness to my second advisor, Prof.
    [Show full text]
  • Linux Administrators Security Guide LASG - 0.1.1
    Linux Administrators Security Guide LASG - 0.1.1 By Kurt Seifried ([email protected]) copyright 1999, All rights reserved. Available at: https://www.seifried.org/lasg/. This document is free for most non commercial uses, the license follows the table of contents, please read it if you have any concerns. If you have any questions email [email protected]. A mailing list is available, send an email to [email protected], with "subscribe lasg-announce" in the body (no quotes) and you will be automatically added. 1 Table of contents License Preface Forward by the author Contributing What this guide is and isn't How to determine what to secure and how to secure it Safe installation of Linux Choosing your install media It ain't over 'til... General concepts, server verses workstations, etc Physical / Boot security Physical access The computer BIOS LILO The Linux kernel Upgrading and compiling the kernel Kernel versions Administrative tools Access Telnet SSH LSH REXEC NSH Slush SSL Telnet Fsh secsh Local YaST sudo Super Remote Webmin Linuxconf COAS 2 System Files /etc/passwd /etc/shadow /etc/groups /etc/gshadow /etc/login.defs /etc/shells /etc/securetty Log files and other forms of monitoring General log security sysklogd / klogd secure-syslog next generation syslog Log monitoring logcheck colorlogs WOTS swatch Kernel logging auditd Shell logging bash Shadow passwords Cracking passwords John the ripper Crack Saltine cracker VCU PAM Software Management RPM dpkg tarballs / tgz Checking file integrity RPM dpkg PGP MD5 Automatic
    [Show full text]
  • Ispmail Tutorial for Debian Lenny
    6.10.2015 ISPmail tutorial for Debian Lenny ISPmail tutorial for Debian Lenny Add new comment 223533 reads This tutorial is for the former stable version "Debian Lenny". If you are using "Debian Squeeze" then please follow the new tutorial. A spanish translation of this tutorial is also available ­ courtesy of José Ramón Magán Iglesias. What this tutorial is about You surely know the internet service providers that allow you to rent a domain and use it to receive emails. If you have a computer running Debian which is connected to the internet permanently you can do that yourself. You do not even need to have a fixed IP address thanks to dynamic DNS services like dyndns.org. All you need is this document, a cup of tea and a little time. When you are done your server will be able to... receive and store emails for your users from other mail servers let your users retrieve the email through IMAP and POP3 ­ even with SSL to encrypt to connection receive and forward ("relay") email for your users if they are authenticated offer a webmail interface to read emails in a web browser detect most spam emails and filter them out or tag them License/Copyright This tutorial book is copyrighted 2009 Christoph Haas (email@christoph­haas.de). It can be used freely under the terms of the GNU General Public License. Don't forget to refer to this URL when using it. Thank you. Changelog 17.6.09: Lenny tutorial gets published. 19.6.09: The page on SPF checks is temporarily offline.
    [Show full text]
  • Projeto Final
    UNIVERSIDADE CATÓLICA DE BRASÍLIA PRÓ-REITORIA DE GRADUAÇÃO TRABALHO DE CONCLUSÃO DE CURSO Bacharelado em Ciência da Computação e Sistemas de Informação CRIAÇÃO DE UM CORREIO ELETRÔNICO CORPORATIVO COM POSTFIX Autores: Davi Eduardo R. Domingues Luiz Carlos G. P. C. Branco Rafael Bispo Silva Orientador: MSc. Eduardo Lobo BRASÍLIA 2007 Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 2 / 111 DAVI EDUARDO R. DOMINGUES LUIZ CARLOS G. P. C. BRANCO RAFAEL BISPO SILVA CRIAÇÃO DE UM SERVIDOR DE CORREIO ELETRÔNICO CORPORATIVO COM POSTFIX Monografia apresentada ao Programa de Graduação da Universidade Católica de Brasília, como requisito para obtenção do Título de Bacharelado em Ciência da Computação. Orientador: MSc. Eduardo Lobo Brasília 2007 Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 3 / 111 TERMO DE APROVAÇÃO Dissertação defendida e aprovada como requisito parcial para obtenção do Título de Bacharel em Ciência da Computação, defendida e aprovada, em 05 de dezembro de 2007, pela banca examinadora constituída por: _______________________________________________________ Professor Eduardo Lobo – Orientador do Projeto _______________________________________________________ Professor Mário de Oliveira Braga Filho – Membro Interno _______________________________________________________ Professor Giovanni – Membro Interno Brasília UCB Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 4 / 111 Dedico este trabalho primeiramente a Deus que me deu a vida e paciência para chegar a este nível de estudo que me encontro. Em especial a minha mãe que acreditou em mim, aos bons valores que me ensinou e pelo apoio a toda minha vida acadêmica e me compreendeu pelos momentos de ausência ao seu lado. Davi Eduardo R. Domingues Criação de um Servidor de Correio Eletrônico Corporativo com Postfix 5 / 111 Dedico a minha família que sempre acreditou em mim, também aos meus grandes amigos e aos grandes amigos que se foram, aqueles que nos deixam saudades e uma vontade de continuar seus trabalhos.
    [Show full text]
  • An E-Mail Quarantine with Open Source Software
    An e-mail quarantine with open source software Using amavis, qpsmtpd and MariaDB for e-mail filtering Daniel Knittel Dirk Jahnke-Zumbusch HEPiX fall 2016 NERSC, Lawrence Berkeley National Laboratory United States of America October 2016 e-mail services at DESY > DESY is hosting 70+ e-mail domains, most prominent: ▪ desy.de — of course :) ▪ xfel.eu — European XFEL ▪ belle2.org — since summer 2016 ▪ cfel.de — Center for Free-Electron Laser Science ▪ cssb-hamburg.de — Center for Structural Systems Biology > mixed environment of open source software and commercial products ▪ Zimbra network edition with web access and standard clients (Outlook, IMAP, SMTP) ▪ Postfix for MTAs ▪ SYMPA for mailing list services ▪ Sophos and Clearswift‘s MIMEsweeper for SMTP > currently ~6.500 fully-fledged mailboxes, some 1000s extra with reduced functionality (e.g. no Outlook/ActiveSync/EWS access) > daily ~300.000 delivered e-mails 2 DESY e-mail infrastructure 1b 3 4 1 2 5 > 1 DMZ filtering ▪ restrictive filtering, reject e-mails from very suspicious MTAs ▪ 1b soon: DESY’s NREN (DFN) will be integrated into e-mail flow with virus- and SPAM-scanning > 2 filter for bad content ➔ suspicious e-mails into quarantine > 3 2nd-level SPAM-scan based on mail text and own rules > 4 distribution of e-mails to mailbox servers, mailing list servers or DESY-external destinations > 5 throttling of e-mail flow to acceptable rates (individual vs. newsletter) ▪ think “phishing” ➔ high rates trigger an alarm > mixed HW/VM environment 3 e-mail at DESY – attachment filtering & quarantine > policy: e-mail traffic is filtered ▪ block “bad” e-mails in the first place ➔ viruses are blocked ➔ executable content is blocked ▪ also block e-mails originating from DESY if they contain malicious or suspicious content ▪ up to now: commercial solution > additional measures ▪ mark e-mails with a high SPAM-score (2nd-level SPAM-filtering) ▪ monitor outgoing e-mail-flow ▪ throttle if over a specific rate ➔ this is sender-specific and customizable (e.g.
    [Show full text]
  • Scott E. Harney
    Scott E. Harney 1425 Melpomene St., New Orleans, LA 70130 504-298-UNIX scotth@scottharney. com Summary Highly motivated systems engineer with a broad background building and managing 24/7/365 Enterprise and service provider environments with a focus on getting the job done for customers. I am a self starter with a broad and deep understanding of a variety of technologies and how they can best be assembled to support business needs. I can handle multiple simultaneous projects from design through implementation to operational phases. Technologies • Operating Systems: Linux (Debian/Ubuntu, RedHat, Slackware, SuSe, CoreOS), Solaris 2.51-10, Open Solaris, Cisco IOS & NX-OS, VMWare Server/ESX/ESXi/vSphere 3.x-6.x, Sun Xvm Virtualbox, Xen 3.x, Win- dows Server 2008-2012R2 • Server software: Apache, Tomcat, Qmail, Postfix, Sendmail, Exim, OpenLDAP, SunONE Directory, Lucent QIP, ISC dhcpd, Bind, MySQL, PostresSQL, OpenSSL, OpenSSH, djbdns, Samba, NFS, Snort, Cisco CNR3.5-5.0.11, Nagios, MS Clustering Services, Active Directory, IIS, MSSQL • Storage software: Commvault Simpana 9-11, Legato Networker 7.2.x-8.x, Avamar 3.x-5.x, Netapp OnCommand Suite, Netapp Data OnTap 7.2.x- 8.2.x EMC ControlCenter 5.x, EMC Solutions Enabler 6.x, Navisphere 6.24.x, Veritas Command Central 4.3.x, Symmetrix Management Console Hitachi Storage Navigator, HDS Device Manager, Celerra Manager 5.6„ Veritas VxVM 3.x-6 • Cloud Technologies: AWS, GCE, Docker, Kubernetes, Ansible • Network technolgies: ISDN, PPP, MLPPP, DSL, BGP, Frame Relay, VoIP, POP3, IMAP, SMTP, SNMP, DNS, FTP, DHCP, SONET, EIGRP, RIP, IS-IS, Pv6, IPSEC, RADIUS, DOCSIS • Programming/Scripting: Python, PowerShell, Perl, Bourne and C shell scripting, PHP, C, HTML, XML • Hardware: – Sun Servers and Workstations including large scale SunFire E20/E25K through all current hardware Sparc, Intel, and AMD.
    [Show full text]
  • Gary Briggs Personal Details
    Gary Briggs Personal Details Home Address: 2251 S Bentley Ave, Apt 202 Los Angeles CA 90064 E-mail: [email protected] Phone: +1 (310) 406 7955 Objective I am looking to obtain a position that utilizes my skills and background as an advanced software engineer Work Experience Summer 2002 - Codehost, Inc, General Engineer. Multiple positions: Spring 2009: Software Engineer [C and C++] for server, desktop and limited-hardware work Database and Server administration. Maintaining a variety of servers including SCM repositories, file and mail servers [Samba, NFS/NIS, Postfix, Amavis], MySQL and Apache Printer driver development [for mostly PostScript devices] and associated tool development Web development [PHP and Perl with MySQL, developing an entire licensing system] Project Management including specification writing and managing external teams Documentation authoring QA Spring 2007 - Chickenware, Senior Games Architect and Developer Present: [Part Time] Lead Programmer and designer on fully networked multiplayer game Use many libraries: Bullet [physics], Ogre3d [graphics], RakNet [networking], Lua [scripting], OpenAL [sound] Fully cross-platform, works on Linux, OSX, Windows Extensive documentation authoring, including complete Doxygen source comments and PDF guides Summer 2000 - Lehman Brothers bank, Web technology group. General Web engineer including Fall 2001: Testing and expanding open source search engine technologies Server administration [Solaris, Linux, Apache, Netscape web server] Initiating work on a test lab for checking the functionality
    [Show full text]
  • Biblioteca Antispam De Propósito Geral
    Universidade Federal do Rio de Janeiro Escola Politécnica Departamento de Eletrônica e de Computação LibAntispam – Biblioteca Antispam de Propósito Geral Autor: _________________________________________________ Rafael Jorge Csura Szendrodi Orientador: _________________________________________________ Prof. Jorge Lopes de Souza Leão, Dr. Ing. Examinador: _________________________________________________ Prof. Antônio Cláudio Gómez de Sousa, M. Sc. Examinador: _________________________________________________ Prof. Aloysio de Castro Pinto Pedroza, Dr. DEL Maio de 2009 DEDICATÓRIA Dedico este trabalho: À Zeus (Jupiter), deus do Céu e da Terra, pai e rei dos deuses e dos homens, senhor do Olímpio e deus supremo deste universo. À Hera (Juno), rainha dos deuses, protetora da vida, das mulheres, da fecundidade e do matrimônio. À Athena (Miverva), deusa da sabedoria, do oficio, da inteligência e da guerra justa. Protetora do povo de Atenas. À Ártemis (Diana), deusa da caça, da natureza, da colheita, da serena luz da lua, dos nascimentos e protetora das Amazonas. À Afrodite (Venus), deusa da beleza e do amor, mãe de Enéias, fundador da raça romana, e matriarca da dinastia Julia (a dinastia de Julio Cesar). À minha mãe, Ildi e ao meu pai Gyorgy, pelo meu nascimento e por, de certa forma, terem contribuído para que eu me moldasse no que sou hoje. ii AGRADECIMENTO Ao povo brasileiro que contribuiu de forma significativa à minha formação e estada nesta Universidade. Este projeto é uma pequena forma de retribuir o investimento e confiança em mim depositados. Ao professor Leão, meu orientador neste projeto, por ter aceitado me guiar nesta minha jornada final do meu curso. Aos professores Baruqui (meu orientador acadêmico), Joarez, Gabriel, Petraglia e Mariane, meus amigos há vários anos que sempre me incentivaram a não desistir do curso de eletrônica.
    [Show full text]
  • Zimbra Collaboration Server Administrator's Guide
    Zimbra Collaboration Server Administrator’s Guide ZCS 8.0 Open Source Edition August 2013 Legal Notices Copyright ©2005-2014 Telligent Systems, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. “Telligent” and “Zimbra” are registered trademarks or trademarks of Telligent Systems, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Telligent Systems, Inc. d/b/a Zimbra Software, LLC www.zimbra.com ZCS 8.0 March 2014 Rev 6 for 8.0.7 Table of Contents 1 Introduction . 9 Audience . 9 Third-Party Components . 9 Support and Contact Information . 9 2 Product Overview . 11 Core Email, Calendar and Collaboration Functionality . 11 Zimbra Components . 12 System Architecture . 12 Zimbra Application Packages . 14 Example of a Typical Multiserver Configuration . 15 Zimbra System Directory Tree . 17 Web Client Versions . 18 3 Zimbra Mailbox Server . 21 Incoming Mail Routing . 21 Mailbox Server . 21 Message Store . 21 Data Store. 22 Index Store . 22 Mailbox Server Logs . 23 4 Zimbra LDAP Service . 25 LDAP Traffic Flow . 25 LDAP Directory Hierarchy . 26 ZCS LDAP Schema . 27 ZCS Objects . 28 Account Authentication . 30 Internal Authentication Mechanism. 30 External LDAP and External AD Authentication Mechanism . 30 Custom Authentication . 31 Kerberos5 Authentication Mechanism . 32 Global Address List . 33 Flushing LDAP Cache . 34 Flush the Cache for Themes and Locales . 35 Flush Accounts, Groups, COS, Domains, and Servers . 35 5 Zimbra Mail Transfer Agent. 37 Zimbra MTA Deployment . 37 Postfix Configuration Files . 38 SMTP Authentication . 38 SMTP Restrictions . 39 Sending Non Local Mail to a Different Server.
    [Show full text]
  • Debian Tips & Tricks
    Linux-Kurs Theme - Debian Tips & Tricks - 14. Feb. 2008 Michel Bisson Debian Linux Tips and Tricks Table of Contents Basic configuration program.................................................................................................. 4 Install package groups...........................................................................................................4 Install individual packages.....................................................................................................4 Configuration program for system......................................................................................... 4 To configure postscript fonts for a postscript printer.............................................................4 Configuration for kdm to manage remote X servers..............................................................4 Xserver DPI settings ca be changed..................................................................................... 4 Edit the following files to allow TrueType fonts..................................................................... 4 Configuration of X-Server access control..............................................................................4 X-Server keyboard symbols for keys layout meanings......................................................... 4 To get rid of all the unused libraries ..................................................................................... 4 To search for a package name in All available packages.....................................................4
    [Show full text]
  • Macsysadmin 2009 Presentatio
    Slide 1 SpamAssassin Way more than the Mac OS X Server GUI shows Presented by: Kevin A. McGrail Project Management Committee Member of the Apache Software Foundation SpamAssassin Project & President, PCCC September 16, 2009 Good Afternoon, My name is Kevin A. McGrail. If you read my biographyi for this conference, you’ll know already that I hate Spam and enjoy greatly fighting spammers. You’ll also know that I love all types of computers and use a wide variety of machines & operating systems. But I’m definitely old-school in my love for the command line interface. This doesn’t mean I don’t think that Apple’s OS X is the most beautiful pairing of a rock-solid CLI with a beautifully polished GUI. But it does mean that while we are here to talk about Mac system administration, the configuration of SpamAssassin is largely not server specific and most of the heavy- handed configuration changes will be done behind the scenes using the CLI. So let’s get started by talking about the definition of Spam. Page 1 of 67 Slide 2 What is Spam? •Spam is NOT about content, its about CONSENT. – Consent: to give assent or approval : agree <consent to being tested> Merriam‐Webster Dictionary •What is SPAM vs. spam? September 16, 2009 Chris Santerre gave the best definition of Spam I’ve ever seen. He based the definition of Spam on CONSENT not content because consent is when you give approval to someone to send you e-mails. Many people try and use various legal definitions such as CAN-SPAM in the US.
    [Show full text]
  • Linux-Cookbook.Pdf
    LINUX COOKBOOK ™ Other Linux resources from O’Reilly Related titles Linux Device Drivers Exploring the JDS Linux Linux in a Nutshell Desktop Running Linux Learning Red Hat Enterprise Building Embedded Linux Linux and Fedora Systems Linux Pocket Guide Linux Security Cookbook Understanding the Linux Kernel Linux Books linux.oreilly.com is a complete catalog of O’Reilly’s books on Resource Center Linux and Unix and related technologies, including sample chapters and code examples. ONLamp.com is the premier site for the open source web plat- form: Linux, Apache, MySQL, and either Perl, Python, or PHP. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit conferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today with a free trial. LINUX COOKBOOK ™ Carla Schroder Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Linux Cookbook™ by Carla Schroder Copyright © 2005 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use.
    [Show full text]