Zimbra Forums

hi, I'm having a very strange problem.

I have a lot of spam being sent from an account. I changed the password, blocked the account and clear all deferred messages from admin console. but I keep seeing new outgoing mail being deferred on the console and on mail.log from this account.

these line keeps showing up on mail.log:

zimbra@mail:~$ zmcontrol -v
Release 8.7.11.GA.1854.UBUNTU16.64 UBUNTU16_64 FOSS edition.

Apr 2 19:44:35 mail postfix/qmgr[30254]: 895193EA0C8: from=<user@mydomain>, size=1363, nrcpt=1 (queue active)
Apr 2 19:44:35 mail postfix/smtp[22262]: 585343B386C: to=<tototo3478@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, conn_use=29, delay=365247, delays=363473/1774/0/0.16, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 3EF2F5A95FD)

any ideas? don't know where to start looking.

thanks in advance

I've seen that kind of behaviour on a 8.6 - which was unpatched for a while,

Those connections come from external?

Do you have 8.7.11 Patch 1 installed?

hi! thanks for your reply.

I've just patched my installation but doesn't solve the problem.

from the undelivered mail returned to sender I can see that mails come from external connections:

Received: from [127.0.0.1] (unknown [200.66.125.225])
by mail.mydomain (Postfix) with ESMTPSA id 9EACA48DF5A
for <kpistole@bellsouth.net>; Thu, 29 Mar 2018 22:37:15 -0300 (-03)
From: user@mydomain

You need to make sure you restart postfix if you change a password and have spam being sent. Most spammers use persistent connections and it can take awhile for one to drop and stop the flow of spam.

Sent from my SM-G950U using Tapatalk