Hello, a few days ago I have some problems with my server Zimbra NE 8.8.8 patch 4. An account was compromised and was used to send spam. The problem is that the account was blocked, the password was changed and the services were restarted. But the account keeps sending spam. The only way to not send is to set it as closed.
I have reviewed Mynetworks and everything is fine.
I consult them if they have any idea what is happening. Thank you.
I copy the mail.log output where you can see one of the many emails sent.
161081 Mar 18 23:11:38 correo postfix/smtpd[30673]: NOQUEUE: filter: RCPT from correo.midominio[178.X.X.X]: <user@midominio>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@midominio> to=<smithjack@yahoo.com> proto=ESMTP helo=<correo.midominio>
161116 Mar 18 23:11:38 correo postfix/smtpd[30673]: NOQUEUE: filter: RCPT from correo.midominio[178.X.X.X]: <user@midominio>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@midominio> to=<smithjack@yahoo.com> proto=ESMTP helo=<correo.midominio>
Compromised account sending massive spam
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: Compromised account sending massive spam
Hello,
check the desktop, devices of the user (keylogger ?), maybe the user has set the reset the password after you changed it with the compromised one (true life).
Regards,
check the desktop, devices of the user (keylogger ?), maybe the user has set the reset the password after you changed it with the compromised one (true life).
Regards,