10 Feb 2008 chkrootkit: false positive on port 465
On my Debian Etch server I’ve got Zimbra Open Source Edition mail solution installed and when I use chkrootkit to scan for rootkits it reports the following
Checking `bindshell'... INFECTED (PORTS: 465)
After a quick research I realized that this port 465 is SMTP over SSL on a Zimbra installation.
Further investigation reveals that port 465 is run by
# fuser -vn tcp 465
USER PID ACCESS COMMAND
465/tcp: root 19053 F.... master
And then I checked pid 19053
# ps aux|grep 19053 root 19053 0.0 0.2 6628 1236 ? Ss Feb09 0:00 /opt/zimbra/postfix-2.4.3.4z/libexec/master
This tells me that the postfix daemon is running on port 465 and obviously chkrootkit is giving me a false positive.
Tags: chkrootkit, fuser, Postfix, rootkit, Zimbra
Posted by Hans-Henry Jakobsen
09 Feb 2008 Alias root mail to an Zimbra account
To receive root mail from the server I’ve had to make a change in the /opt/zimbra/postfix-2.4.3.4z/conf/aliases file. Uncomment the following line
root: user@example.com
The postfix daemon have to reread it’s config files before this change is recognized.
Do the following as zimbra user
/opt/zimbra/bin/postfix reload
Posted by Hans-Henry Jakobsen
03 Feb 2008 Problem sending e-mail from console
After installing Zimbra 5.0.x on my Debian Etch 4.0 server some of my shell scripts couldnæt send mail anymore. The reason to this behaviour was that I hadn’t removed the Exim mail server package, and I wouldnt do it either.
The solution to this problem was to remove exim or locate the sendmail binaries and remove the symlinks to exim as emailer client and create symlinks to Zimbra’s Postfix sendmail binary. I did the latter
# whereis sendmail sendmail: /usr/sbin/sendmail /usr/lib/sendmail # rm /usr/sbin/sendmail # ln -s /opt/zimbra/postfix-2.4.3.4z/sbin/sendmail sendmail # rm /usr/lib/sendmail # ln -s /opt/zimbra/postfix-2.4.3.4z/sbin/sendmail sendmail
Now my scripts can send e-mails as expected.
Tags: exim, Postfix, sendmail, Zimbra
Posted by Hans-Henry Jakobsen
02 Feb 2008 Kill zmlogger in Zimbra 5.0.x
The zmlogger prosess does never stop even though I run the zmcontrol stop command as zimbra user on my Zimbra 5.0.x installation. A temporary solution to stop the zmlogger process is to do the following in a console
# su -zimbra # zmcontrol stop # exit # kill -9 `ps -u zimbra -o "pid="`
Tags: Zimbra, zmcontrol, zmlogger
Posted by Hans-Henry Jakobsen
02 Feb 2008 Zimbra upgraded from 5.0.1 to 5.0.2
Today, my Zimbra installation was upgraded from version 5.0.1 to 5.0.2 on my Debian Etch 4.0 server. It looks like everything is working properly after the upgrade.
Short description of the upgrade prosess
- Stop Zimbra and make sure every process has stopped
# su - zimbra # zmcontrol stop # lsof | grep opt | grep zimbra
You should kill all running prosesses lsof gives you before continuing the upgrade.
- Download the latest version of Zimbra
- Make a full backup of /opt/zimbra
- Unpack the installation packag
# tar xfz zcs-5.0.2_GA_1975.DEBIAN4.0.20080130234700.tgz
- Change directory to the zimbra 5.0.2 directory, start the upgrade and follow the instructions
# cd zcs-5.0.2_GA_1975.DEBIAN4.0.20080130234700 # ./install
Posted by Hans-Henry Jakobsen
