My mail server is listed in black list, I need know how solve.

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
mvalenzuela.cl
Advanced member
Advanced member
Posts: 74
Joined: Fri Sep 12, 2014 10:44 pm

My mail server is listed in black list, I need know how solve.

Post by mvalenzuela.cl »

Hi, I have problem, my server is listed in spamhaus. I need solve this, but my problem is that I don't know how. I need know that log files see to discover who is o from that IP are the attack.

Now I blocked all access to smtp port(25) from any IP incluided LAN, only access permit from webmail zimbra.

What files logs I need see, and any example?, please
Can you help me!
Sorry, but my english is not good.
Top
chauvetp
Outstanding Member
Outstanding Member
Posts: 350
Joined: Fri Sep 12, 2014 11:28 pm

My mail server is listed in black list, I need know how solve.

Post by chauvetp »

You will want to look at:
/var/log/maillog

/opt/zimbra/log/audit.log
Top
jgutierrezg
Posts: 4
Joined: Sat Sep 13, 2014 2:58 am

My mail server is listed in black list, I need know how solve.

Post by jgutierrezg »

Hi mvalenzuela.cl,
I suggest you to see the mail queue from CLI executing: "/opt/zimbra/postfix/sbin/postqueue -p" (without quotes), if you see a large count of mails in queue you have to catch the account who send spam and search this account in /var/log/maillog or /var/log/zimbra.log, now find the source ip where the spammer is sending mail.
If your server is clean and it is in the same network of the pc's that means one of your pc's is infected with virus spammer.
Regards.
Top
anudeep@itopstube.com
Posts: 29
Joined: Sat Sep 13, 2014 3:02 am

My mail server is listed in black list, I need know how solve.

Post by anudeep@itopstube.com »

Go to your admin control panel and under server settings check Enable authentication option is checked or not.. if not check that one first (why because it will cat as anonymous SMTP) . check your mail activity my observing Daily mail report (which will generate daily at admin@ account mailbox)
If every thing looks good you may apply for unblock..
URL: Blocklist Removal Center - The Spamhaus Project
Top
Yves Pires
Advanced member
Advanced member
Posts: 56
Joined: Sat Sep 13, 2014 2:05 am

My mail server is listed in black list, I need know how solve.

Post by Yves Pires »

First you need to block spammer, then remove your IP from blacklists
cat /var/log/mail.log | grep "sasl_method=PLAIN" | cut -d: -f5 | sort | uniq -c | sort -n
40 client=unknown[200.103.xxx.xx], sasl_method=PLAIN, sasl_username=spammer

12262 client=200-103-.ctame706.dsl.brasiltelecom.net.br[200.103.xxx.xxx], sasl_method=PLAIN, sasl_username=spammer

12669 client=200-103-ctame706.dsl.brasiltelecom.net.br[200.103.xxx.xxx], sasl_method=PLAIN, sasl_username=spammer

20384 client=200-103-ctame706.dsl.brasiltelecom.net.br[200.103.xxx.xxx], sasl_method=PLAIN, sasl_username=spammer

28182 client=200-103-ctame706.dsl.brasiltelecom.net.br[200.103.xxx.xxx], sasl_method=PLAIN, sasl_username=spammer

52460 client=200-103-ctame706.dsl.brasiltelecom.net.br[200.103.xxx.xxx], sasl_method=PLAIN, sasl_username=spammer


to block acc: zmprov ma user@domain.com zimbraAccountStatus closed
Top
Post Reply

Return to “Administrators”