External address sending through my server

[Darkhalf]

Hi,
Got Zimbra 8.8.15 OSE installed 2 month ago. Everything was fine before yesterday. Some spammers used server as relay to send mass spam and also somehow sending through our network gateway.
Tried everything I found here, in Zimbra wiki and in the internet.
even activated and configured Cbpolicyd to block sending from unknown domains, but still... see attached screenshot.
Could someone help resolve?

problem.PNG (9.86 KiB) Viewed 1999 times

[phoenix]

Your server is either an open relay or you have a compromised account(s), you're going to have to look in the logs for further information (after you've checked if it's an open relay, or not).

[Darkhalf]

I've checked accounts before wrote here. Everything looks fine, amount is between 5 to 50, depends on user and it's notmal.
is there a way to bulk change passwords on all accounts or force users to change it? (it's about 500 )

in web console relay settings are empty, in both global settings and server configuration. How to check from server console?

[phoenix]

in web console relay settings are empty, in both global settings and server configuration. How to check from server console?

I didn't say your server was relaying mail, I said it might be an "open relay", try one (or more) of the tests you'll find here:https://www.startpage.com/do/dsearch?qu ... ge=english

[Darkhalf]

I didn't say your server was relaying mail, I said it might be an "open relay", try one (or more) of the tests you'll find here:https://www.startpage.com/do/dsearch?qu ... ge=english

Tested and it open-relay
how to resolve it?

[wentum]

Hi,
Got Zimbra 8.8.15 OSE installed 2 month ago. Everything was fine before yesterday. Some spammers used server as relay to send mass spam and also somehow sending through our network gateway.
Tried everything I found here, in Zimbra wiki and in the internet.
even activated and configured Cbpolicyd to block sending from unknown domains, but still... see attached screenshot.
Could someone help resolve?

problem.PNG

Hello,
what do you think this pic can tell us?

Anyway...

Do

su - zimbra
mailq|less

and then look if there is someting notable..

Regards
Joerg

[Darkhalf]

Hello,
what do you think this pic can tell us?

Anyway...

Do

su - zimbra
mailq|less

and then look if there is someting notable..

Regards
Joerg

mail queue is empty for now.

[phoenix]

Tested and it open-relay
how to resolve it?

You really should search for an answer to your problems before posting.

Zimbra, by default, is not an open relay so you must have made modifications to it so that it's become an open relay. Look at some of these comments and make sure ZimbraMtaMyNetworks is correctly configured : https://www.startpage.com/do/dsearch?qu ... ge=english

[Darkhalf]

You really should search for an answer to your problems before posting.

Zimbra, by default, is not an open relay so you must have made modifications to it so that it's become an open relay. Look at some of these comments and make sure ZimbraMtaMyNetworks is correctly configured : https://www.startpage.com/do/dsearch?qu ... ge=english

thanks for advice. I think found all I need and problem itself. Sorry, for maybe dumb topic, I'm very new with zimbra and even did not know what to search.

[phoenix]

You really should search for an answer to your problems before posting.

Zimbra, by default, is not an open relay so you must have made modifications to it so that it's become an open relay. Look at some of these comments and make sure ZimbraMtaMyNetworks is correctly configured : https://www.startpage.com/do/dsearch?qu ... ge=english

thanks for advice. I think found all I need and problem itself. Sorry, for maybe dumb topic, I'm very new with zimbra and even did not know what to search.

That's OK, I'm glad you have a solution.