hacked account keeps sending after password changed and blocked
Posted: Mon Apr 02, 2018 10:55 pm
hi, I'm having a very strange problem.
I have a lot of spam being sent from an account. I changed the password, blocked the account and clear all deferred messages from admin console. but I keep seeing new outgoing mail being deferred on the console and on mail.log from this account.
these line keeps showing up on mail.log:
zimbra@mail:~$ zmcontrol -v
Release 8.7.11.GA.1854.UBUNTU16.64 UBUNTU16_64 FOSS edition.
Apr 2 19:44:35 mail postfix/qmgr[30254]: 895193EA0C8: from=<user@mydomain>, size=1363, nrcpt=1 (queue active)
Apr 2 19:44:35 mail postfix/smtp[22262]: 585343B386C: to=<tototo3478@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, conn_use=29, delay=365247, delays=363473/1774/0/0.16, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 3EF2F5A95FD)
any ideas? don't know where to start looking.
thanks in advance
I have a lot of spam being sent from an account. I changed the password, blocked the account and clear all deferred messages from admin console. but I keep seeing new outgoing mail being deferred on the console and on mail.log from this account.
these line keeps showing up on mail.log:
zimbra@mail:~$ zmcontrol -v
Release 8.7.11.GA.1854.UBUNTU16.64 UBUNTU16_64 FOSS edition.
Apr 2 19:44:35 mail postfix/qmgr[30254]: 895193EA0C8: from=<user@mydomain>, size=1363, nrcpt=1 (queue active)
Apr 2 19:44:35 mail postfix/smtp[22262]: 585343B386C: to=<tototo3478@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, conn_use=29, delay=365247, delays=363473/1774/0/0.16, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 3EF2F5A95FD)
any ideas? don't know where to start looking.
thanks in advance