Outgoing Spam

brenoacp · Post by **brenoacp** » Wed Jan 31, 2018 6:06 pm

Hello everyone,
Today we had a problem sending bulk spam for an account in our Zimbra.
The IP of our server has been added to several blacklists.
How can I restrict this type of situation? Is it possible to block mass mailing or enable outgoing spam filtering?
I'm using Zimbra 8.7.1.

Best regards,
Breno Padovan

phoenix · Post by **phoenix** » Wed Jan 31, 2018 9:10 pm

Part of the answer to your question is "Cbpolicyd" for rate limiting, you can read about it in the wiki or search the forums for some details. The other part of the answer is to ask yourself why your server is sending spam, is it a compromised account or is it a bot on your LAN or is your Zimbra server an ope4n relay - I'm afraid that's a problem local to you and is something you'll need to investigate to find the cause.

zimico · Post by **zimico** » Thu Feb 01, 2018 2:22 am

Hi,

You can configure some parameters following this wiki:
https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses
and this: https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
You need to review your MTA mynetwork to ensure you only allow required IP, for example:

Code: Select all

$zmprov gs `zmhostname` zimbraMtaMyNetworks
# name mail.zimilab.com
zimbraMtaMyNetworks: 127.0.0.0/8 11.22.33.44/32

View your daily report to see what happened. You can list user account who sent "large number of mails" by:

Code: Select all

$grep sasl_user /var/log/zimbra.log | sed 's/.*sasl_username=//g' | sort | uniq -c | sort -nr | head

You can turn on fail login policy and only allow https/pop3s/imaps connection from your clients.

Hope that help.
Regards,
Minh.

L. Mark Stone · Post by **L. Mark Stone** » Thu Feb 01, 2018 3:13 pm

As Phoenix stated, the best way to deal with this is with cbpolicyd. By rate limiting your end users, you'll keep your server from being blacklisted due to bulk email sending.

You may also want to consider adjusting your password policies to require longer, but less frequently changed passwords.

https://wiki.zimbra.com/wiki/Cluebringer_Policy_Daemon

All the best,
Mark

king0770 · Post by **king0770** » Thu Feb 01, 2018 3:31 pm

Yes, cbpolicyd is a great tool for this; however, if you simply enable cbpolicyd, and expect it to work, you are going to have a bad day. There is a bit of work involved, for instance you need to add your domains, and subnets. I have a request for enhancement (RFE) for this, see https://bugzilla.zimbra.com/show_bug.cgi?id=106489

brenoacp · Post by **brenoacp** » Fri Feb 02, 2018 10:14 am

Thanks guys for the answers.
I am configuring cbpolicyd and checking the relay settings.

Best regards,
Breno Padovan

zimico · Post by **zimico** » Sat Feb 03, 2018 2:49 pm

Hi Rick,

I am suprised that we need some extra work when using cbpolicyd. I do not see any note about this in the wiki. I always configure rate limit manually. When doing this I have to create domain and user for group policy... I am not very clear about your suggestion. Could you please describe the situation when i am going to have a bad day with default cbpolicyd setting?

Thank you.
Minh.

mhammett · Post by **mhammett** » Mon Aug 20, 2018 11:56 am

I would like to circle back to the question the OP had and ask how to send outgoing mail through the spam filters.

Zimbra Forums

Outgoing Spam

Outgoing Spam

Re: Outgoing Spam

Re: Outgoing Spam

Re: Outgoing Spam

Re: Outgoing Spam

Re: Outgoing Spam

Re: Outgoing Spam

Re: Outgoing Spam