Howto stop vulnerable Open Memcached on a Zimbra Server.
19th May 2021 | category: Emails | Hits: 5563
Error::
The IP xxx.xxx.xx.xxx is exposing a Open Memcached Server service to the Internet. Such configuration could lead to Open Memcached Server amplification attacks.
There are two quick solutions to this problem and that is either configuring your Memcached to listen to localhost or completely stopping it.
Option 1: Configure Memcached Server listen to localhost
When running Zimbra mail server, memcached is a very important module because it helps proxy service achieve caching of upstream routes to mailstores on a per end-client basis - significantly reduces the route lookup time thus improving the total time required to process the request and boost performance.
Since now Memcached is necessary, let's configure our server memcached daemon to listen through localhost / 127.0.0.1 IP Address instead of public.
Access your Zimbra user
Configure MemcachedBindAddress
Note: replace zmhostname with your zimbra server name i.e “mail.mydomain.com”
Configure MemcachedClientServerList
Restart memcached:
You can go ahead to test if your memcached is running fine, zmmemcachedctl status. And also test your proxy if working fine zmproxyctl status, if not check out Proxy Server not running in Zimbra.
Option 2: Stop Memcached
Some system administrators with standalone servers, tend not to use memcached and as it is a huge security risk to have it open to internet, they just stop it.
The following commands help you achieve that.