Search found 10 matches

by cesko446
Thu Sep 20, 2018 10:20 pm
Forum: Administrators
Topic: Hacking, spamming
Replies: 6
Views: 4621

Re: Hacking, spamming

What kind of spam ?? Always from the same address and always from 10 to 20 each time ??
by cesko446
Thu Sep 20, 2018 8:10 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

Go for steps: - Disable authentication at MTA level, then restart MTA service. - Restrict zimbraMtaMynetworks to the mailserver only. It can't spam this way, if keeps spamming it wil come from the machine itself. I used this: zmprov modifyServer mail.veloce.ovh zimbraMtaAuthEnabled FALSE and this: ...
by cesko446
Thu Sep 20, 2018 3:17 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

Go for steps: - Disable authentication at MTA level, then restart MTA service. - Restrict zimbraMtaMynetworks to the mailserver only. It can't spam this way, if keeps spamming it wil come from the machine itself. How to enforce this one: Disable authentication at MTA level, then restart MTA service...
by cesko446
Thu Sep 20, 2018 2:52 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

Do you actually know where the spam is originating? Could you possibly have an infected/compromised machine on you network? Hi and tnx for your support This is mail.log when spamming Sep 20 14:47:59 mail postfix/qmgr[13032]: A01BA602AC: removed Sep 20 14:47:59 mail postfix/amavisd/smtpd[14620]: con...
by cesko446
Thu Sep 20, 2018 1:40 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

I think you should not allow whole subnet, change to, for example: zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 192.168.5.1/32 192.168.5.3/32' postfix reload Use firewall to block smtp port on Web server. In my experience, do not allow web server having email server function. Regards. Fi...
by cesko446
Wed Sep 19, 2018 10:39 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

Any chance that your workstation/laptop from which you ssh'd in to Zimbra to make your password change has a keystroke logger compromise installed? or a malicious wordpress plugin installed on your 446.it website? Have you explicitly set the website ip address into zimbraMtaMynetworks? Many tnx for...
by cesko446
Wed Sep 19, 2018 10:34 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

Sounds like it could be the Mailsploit bug.... https://bugzilla.zimbra.com/show_bug.cgi?id=108709 If fixed, you should see for example: zimbra@zimbra:~$ zmprov ga john.doe@missioncriticalemail.com zimbraPrefShortEmailAddress # name john.doe@missioncriticalemail.com zimbraPrefShortEmailAddress: FALS...
by cesko446
Wed Sep 19, 2018 1:56 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

Hello there and tnx for replay. It's not an open relay My mail server is: mail.veloce.ovh and my gateway is gateway.veloce.ovh. I have a virtual configuration so mail.veloce.ovh is 192.168.5.2 and gateway.veloce.ovh is 192.168.5.2 192.168.5.2 has opened 993, 995, 465, 587 (send everything to 192.168...
by cesko446
Wed Sep 19, 2018 1:23 pm
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Re: Account compromised impossibile to stop spam

Hi and tnx for the reply:

My tests:
Change password, zmcontrol restart, set active -> spam
Changed password, set active, zmcontrol restar -> spam
Changed password, zmcontrol stop, shutdown vm, set active -> spam
by cesko446
Wed Sep 19, 2018 10:08 am
Forum: Administrators
Topic: Account compromised impossibile to stop spam
Replies: 17
Views: 7405

Account compromised impossibile to stop spam

Hi there, I have a strange problem with my zimbra server: zimbra@mail:~$ zmcontrol -v Release 8.8.9.GA.3019.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.9_P4. Installed on Ubuntu Linux 16.04 updated and upgraded zimbra@mail:~$ cat /etc/*-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_COD...