Zimbra sending SPAM. How to find sender IP?
Posted: Mon May 01, 2017 4:13 pm
Hi,
I am new in using zimbra and in hosting email servers. I could not solve an issue of mine and decided to post it here:
Our server is using a relay in order to send email. We noticed then that our relay limit keeps on getting full. Upon checking the relay site, We found out that a certain email address such as a@company.com (legit email from our server) keeps sending to unknown email addresses (obviously spamming). We tried opening a@company.com to see its sent emails but none are existent. We changed the password for this account and told the user that they should use a different computer. The Next day, b@company.com suddenly sent spam while a did not. I am therefore curious, is it possible that there is a different email account compromised and is simply telling the server that its another email address? Or is it simply that the virus has spread?
I think that in order to get more details we would need to find the IP address of the email address that sent the spam. Is there a way in zimbra to find the spam mail and check the IP of where it originated from? This way we can confirm the computer we are cleaning up is the cause.
Regards
PS
I read that spam assasin is for zimbra to protect against spam. Will this also help us in our current issue?
I am new in using zimbra and in hosting email servers. I could not solve an issue of mine and decided to post it here:
Our server is using a relay in order to send email. We noticed then that our relay limit keeps on getting full. Upon checking the relay site, We found out that a certain email address such as a@company.com (legit email from our server) keeps sending to unknown email addresses (obviously spamming). We tried opening a@company.com to see its sent emails but none are existent. We changed the password for this account and told the user that they should use a different computer. The Next day, b@company.com suddenly sent spam while a did not. I am therefore curious, is it possible that there is a different email account compromised and is simply telling the server that its another email address? Or is it simply that the virus has spread?
I think that in order to get more details we would need to find the IP address of the email address that sent the spam. Is there a way in zimbra to find the spam mail and check the IP of where it originated from? This way we can confirm the computer we are cleaning up is the cause.
Regards
PS
I read that spam assasin is for zimbra to protect against spam. Will this also help us in our current issue?