Search found 10 matches
- Thu Sep 20, 2018 10:20 pm
- Forum: Administrators
- Topic: Hacking, spamming
- Replies: 6
- Views: 4624
Re: Hacking, spamming
What kind of spam ?? Always from the same address and always from 10 to 20 each time ??
- Thu Sep 20, 2018 8:10 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
Go for steps: - Disable authentication at MTA level, then restart MTA service. - Restrict zimbraMtaMynetworks to the mailserver only. It can't spam this way, if keeps spamming it wil come from the machine itself. I used this: zmprov modifyServer mail.veloce.ovh zimbraMtaAuthEnabled FALSE and this: ...
- Thu Sep 20, 2018 3:17 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
Go for steps: - Disable authentication at MTA level, then restart MTA service. - Restrict zimbraMtaMynetworks to the mailserver only. It can't spam this way, if keeps spamming it wil come from the machine itself. How to enforce this one: Disable authentication at MTA level, then restart MTA service...
- Thu Sep 20, 2018 2:52 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
Do you actually know where the spam is originating? Could you possibly have an infected/compromised machine on you network? Hi and tnx for your support This is mail.log when spamming Sep 20 14:47:59 mail postfix/qmgr[13032]: A01BA602AC: removed Sep 20 14:47:59 mail postfix/amavisd/smtpd[14620]: con...
- Thu Sep 20, 2018 1:40 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
I think you should not allow whole subnet, change to, for example: zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 192.168.5.1/32 192.168.5.3/32' postfix reload Use firewall to block smtp port on Web server. In my experience, do not allow web server having email server function. Regards. Fi...
- Wed Sep 19, 2018 10:39 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
Any chance that your workstation/laptop from which you ssh'd in to Zimbra to make your password change has a keystroke logger compromise installed? or a malicious wordpress plugin installed on your 446.it website? Have you explicitly set the website ip address into zimbraMtaMynetworks? Many tnx for...
- Wed Sep 19, 2018 10:34 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
Sounds like it could be the Mailsploit bug.... https://bugzilla.zimbra.com/show_bug.cgi?id=108709 If fixed, you should see for example: zimbra@zimbra:~$ zmprov ga john.doe@missioncriticalemail.com zimbraPrefShortEmailAddress # name john.doe@missioncriticalemail.com zimbraPrefShortEmailAddress: FALS...
- Wed Sep 19, 2018 1:56 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
Hello there and tnx for replay. It's not an open relay My mail server is: mail.veloce.ovh and my gateway is gateway.veloce.ovh. I have a virtual configuration so mail.veloce.ovh is 192.168.5.2 and gateway.veloce.ovh is 192.168.5.2 192.168.5.2 has opened 993, 995, 465, 587 (send everything to 192.168...
- Wed Sep 19, 2018 1:23 pm
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Re: Account compromised impossibile to stop spam
Hi and tnx for the reply:
My tests:
Change password, zmcontrol restart, set active -> spam
Changed password, set active, zmcontrol restar -> spam
Changed password, zmcontrol stop, shutdown vm, set active -> spam
My tests:
Change password, zmcontrol restart, set active -> spam
Changed password, set active, zmcontrol restar -> spam
Changed password, zmcontrol stop, shutdown vm, set active -> spam
- Wed Sep 19, 2018 10:08 am
- Forum: Administrators
- Topic: Account compromised impossibile to stop spam
- Replies: 17
- Views: 7408
Account compromised impossibile to stop spam
Hi there, I have a strange problem with my zimbra server: zimbra@mail:~$ zmcontrol -v Release 8.8.9.GA.3019.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.9_P4. Installed on Ubuntu Linux 16.04 updated and upgraded zimbra@mail:~$ cat /etc/*-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_COD...