protect zimbra from memcached attack



Zimbra uses memcached and if not properly configured could lead to a vulnerable system.

If you want to read more on memcached attack read this:


How to resolve this vulnerability in 3 steps:

  1. Enable firewall on your server
  2. Setup zimbra specific rules
  3. Bind memcached to localhost
  4. Deny memcached port from localhost

Let’s start.

Enable firewall on your server

To resolve memcached vulnerability on zimbra systems you have to enable firewall, if it’s not already enabled. On ubuntu, you could use ufw. To check whether ufw is already enabled:

sudo ufw status verbose

You can find a nice guide here:


To sum up main steps of the article above:

  • Make sure ufw is installed
  • Check whether it’s running or not
  • Important! Make sure you preserve yourself from locking out of your system. Enable ssh port whether it is 22, 2222 or whatever is it.
  • Enable firewall.
sudo ufw enable

Setup zimbra firewall rules

This is not difficult but you have to be careful to not forget some important zimbra port. I include some basic port below.

sudo nano /etc/ufw/applications.d/zimbra

If file does not already exist create it.

Add the following contents.

title=Zimbra Collaboration Server
description=Open source server for email, contacts, calendar, and more.

Save the file and enable newly configured rules.

Important! Before enabling, make sure you have ssh port open (ufw allow ssh).

sudo ufw allow Zimbra
sudo ufw enable

To check the status of ufw:

sudo ufw status verbose

For more details, consult the following article:

Zimbra Firewall Configuration with Ufw & Firewalld

Bind memcached to localhost

For Zimbra Single Server Installation

Configure memcached to listen on only to avoid this attack. Use below commands.

 su - zimbra
 /opt/zimbra/bin/zmprov ms `zmhostname` zimbraMemcachedBindAddress 
 /opt/zimbra/bin/zmprov ms `zmhostname` zimbraMemcachedClientServerList

Restart service:

 zmmemcachedctl restart



Deny memcached port from localhost

UFW rules for Ubuntu servers

Drop all connections to port 11211.

 ufw deny 11211 

Accept connections from localhost.

 ufw allow from to any port 11211  

Accept connections from other proxy servers. Run below two commands for each proxy server IP in your zimbra setup.

 ufw allow from <Proxy1 IP> to any port 11211   




More interesting articles on Zimbra:

install and configure policyd on zimbra





Leave a Reply

Your email address will not be published. Required fields are marked *