Page 1 of 2
SPAM from user@mydomain.com
Posted: Fri Sep 27, 2019 11:00 am
by iamrlufe
hi, all.
Not long ago, spam sending from my server to my own users began.
example:
Code: Select all
-Spam-Status: No, score=x required=6.6 WHITELISTED tests=[]
autolearn=unavailable
Received: from mail.mydomain.com ([127.0.0.1])
by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id WyiBPv-M92kI; Fri, 27 Sep 2019 04:31:08 +0600 (+06)
Received: from [190.232.110.130] (unknown [10.100.0.209])
by mail.mydomain.com (Postfix) with ESMTP id 5BAC52A8A2C
for <it@mydomain.com>; Fri, 27 Sep 2019 04:31:08 +0600 (+06)
Message-ID: <92EDBFF462C0A62956044FD97B1D92ED@L6IPEM5EJA>
From: <it@mydomain.com>
To: <it@mydomain.com>
Subject: Be sure to read this message! Your personal data is threatened!
Date: 26 Sep 2019 10:56:05 -0600
searching the internet for similar problems found this article, but there is not really about zimbra help please do the same on the zimbra server
https://serverfault.com/questions/51106 ... al-domains
Re: SPAM from user@mydomain.com
Posted: Fri Sep 27, 2019 12:56 pm
by phoenix
As is usual, no information of the ZCS version and no indication of what steps you've tried to research or fix this problem. I'll start with the most obvious question: have you checked if your ZCS server has been hacked or might there be some infected machine on your LAN?
Re: SPAM from user@mydomain.com
Posted: Sun Sep 29, 2019 4:29 pm
by iamrlufe
phoenix wrote:As is usual, no information of the ZCS version and no indication of what steps you've tried to research or fix this problem. I'll start with the most obvious question: have you checked if your ZCS server has been hacked or might there be some infected machine on your LAN?
thanks for your reply
my version of zimbra
Release 8.7.11.GA.1854.UBUNTU12.64 UBUNTU12_64 FOSS edition, Patch 8.7.11_P13.
Here is the problem: From any IP address not belonging to your mail server:
Code: Select all
telnet me.myemailserver.com 25
helo me.someserver.com
mail from: <yourusername@mydomain.com>
rcpt to: <yourusername@mydomain.com>
data
This is spam. Buy my stuff.
.
Re: SPAM from user@mydomain.com
Posted: Sun Sep 29, 2019 5:42 pm
by phoenix
That isn't spam, it's an email sent from your email address to your email address.
Re: SPAM from user@mydomain.com
Posted: Mon Sep 30, 2019 5:25 am
by iamrlufe
phoenix wrote:That isn't spam, it's an email sent from your email address to your email address.
but i received messages
from my email addres
to my email addres
subject Be sure to read this message! Your personal data is threatened!
Hello!
As you may have noticed, I sent you an email from your account.
This means that I have full access to your device.
I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $783 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").
My bitcoin address (BTC Wallet) is: 1N6dubqFmnyQ2qDWvi32ppVbc3kKMTYcGW
After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!
Re: SPAM from user@mydomain.com
Posted: Mon Sep 30, 2019 5:32 am
by iamrlufe
the problem is that the server does not require authorization when you send from a local domain
Re: SPAM from user@mydomain.com
Posted: Mon Sep 30, 2019 3:47 pm
by pdifeo
Re: SPAM from user@mydomain.com
Posted: Mon Sep 30, 2019 5:23 pm
by iamrlufe
thanks bro seems to have helped
501 5.5.2 <maio??d?[D?l.mydomain.com>: Helo command rejected: Invalid name
unfortunately first link not worked for me, but in first article was link for another article which helps me.
there is it
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
and finally
Code: Select all
220 mail.mydomain.com ESMTP Postfix
helo mail.mydomain.com
250 mail.mydomain.com
mail from:admin@mydomain.com
250 2.1.0 Ok
rcpt to:admin@mydomain.com
553 5.7.1 <admin@mydomain.com>: Sender address rejected: not logged in
Re: SPAM from user@mydomain.com
Posted: Wed Oct 02, 2019 9:54 am
by yeeP6rai
Hi,
I've this issue. After update zimbra from 8.7.11 to 8.8.15 i can send email from internet via my server without auth.
I followed this manual
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
My settings
Code: Select all
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdRejectUnlistedRecipient
zimbraMtaSmtpdRejectUnlistedRecipient: yes
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdRejectUnlistedSender
zimbraMtaSmtpdRejectUnlistedSender: yes
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdSenderLoginMaps
zimbraMtaSmtpdSenderLoginMaps: proxy:ldap:/opt/zimbra/conf/ldap-slm.cf
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdSenderRestrictions
zimbraMtaSmtpdSenderRestrictions: reject_authenticated_sender_login_mismatch
Tried this:
Code: Select all
[zimbra@mail ~]$ cat /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
permit_mynetworks, reject_sender_login_mismatch
and
Code: Select all
[zimbra@mail ~]$ cat /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re%%
permit_mynetworks,reject_sender_login_mismatch
permit_sasl_authenticated
permit_tls_clientcerts
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re%%
and
Code: Select all
[zimbra@mail ~]$ cat /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
permit_mynetworks,reject_sender_login_mismatch
permit_sasl_authenticated
permit_tls_clientcerts
Code: Select all
[zimbra@mail ~]$ zmprov gs `zmhostname` zimbraMtaMyNetworks
# name mail.example.com
zimbraMtaMyNetworks: !10.1.62.4 127.0.0.0/8 10.1.62.0/24 10.1.63.0/24 172.16.0.0/12 192.168.0.0/16
And I can send fake emails and i've receive messages like this
viewtopic.php?p=293648#p293648
Could you help?
Re: SPAM from user@mydomain.com
Posted: Wed Oct 02, 2019 11:04 am
by iamrlufe
try this instruction
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
I used
without exception db
Code: Select all
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
hope this helps you