Page 1 of 1
Outgoing Spam
Posted: Wed Jan 31, 2018 6:06 pm
by brenoacp
Hello everyone,
Today we had a problem sending bulk spam for an account in our Zimbra.
The IP of our server has been added to several blacklists.
How can I restrict this type of situation? Is it possible to block mass mailing or enable outgoing spam filtering?
I'm using Zimbra 8.7.1.
Best regards,
Breno Padovan
Re: Outgoing Spam
Posted: Wed Jan 31, 2018 9:10 pm
by phoenix
Part of the answer to your question is "Cbpolicyd" for rate limiting, you can read about it in the wiki or search the forums for some details. The other part of the answer is to ask yourself why your server is sending spam, is it a compromised account or is it a bot on your LAN or is your Zimbra server an ope4n relay - I'm afraid that's a problem local to you and is something you'll need to investigate to find the cause.
Re: Outgoing Spam
Posted: Thu Feb 01, 2018 2:22 am
by zimico
Hi,
You can configure some parameters following this wiki:
https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses
and this:
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
You need to review your MTA mynetwork to ensure you only allow required IP, for example:
Code: Select all
$zmprov gs `zmhostname` zimbraMtaMyNetworks
# name mail.zimilab.com
zimbraMtaMyNetworks: 127.0.0.0/8 11.22.33.44/32
View your daily report to see what happened. You can list user account who sent "large number of mails" by:
Code: Select all
$grep sasl_user /var/log/zimbra.log | sed 's/.*sasl_username=//g' | sort | uniq -c | sort -nr | head
You can turn on fail login policy and only allow https/pop3s/imaps connection from your clients.
Hope that help.
Regards,
Minh.
Re: Outgoing Spam
Posted: Thu Feb 01, 2018 3:13 pm
by L. Mark Stone
As Phoenix stated, the best way to deal with this is with cbpolicyd. By rate limiting your end users, you'll keep your server from being blacklisted due to bulk email sending.
You may also want to consider adjusting your password policies to require longer, but less frequently changed passwords.
https://wiki.zimbra.com/wiki/Cluebringer_Policy_Daemon
All the best,
Mark
Re: Outgoing Spam
Posted: Thu Feb 01, 2018 3:31 pm
by king0770
Yes, cbpolicyd is a great tool for this; however, if you simply enable cbpolicyd, and expect it to work, you are going to have a bad day. There is a bit of work involved, for instance you need to add your domains, and subnets. I have a request for enhancement (RFE) for this, see
https://bugzilla.zimbra.com/show_bug.cgi?id=106489
Re: Outgoing Spam
Posted: Fri Feb 02, 2018 10:14 am
by brenoacp
Thanks guys for the answers.
I am configuring cbpolicyd and checking the relay settings.
Best regards,
Breno Padovan
Re: Outgoing Spam
Posted: Sat Feb 03, 2018 2:49 pm
by zimico
Hi Rick,
I am suprised that we need some extra work when using cbpolicyd. I do not see any note about this in the wiki. I always configure rate limit manually. When doing this I have to create domain and user for group policy... I am not very clear about your suggestion. Could you please describe the situation when i am going to have a bad day with default cbpolicyd setting?
Thank you.
Minh.
Re: Outgoing Spam
Posted: Mon Aug 20, 2018 11:56 am
by mhammett
I would like to circle back to the question the OP had and ask how to send outgoing mail through the spam filters.