IP in Ban of Spamhaus

GDA · Post by **GDA** » Thu Sep 09, 2021 11:18 am

Good afternoon. Once again, my IP address, on which the Zimbra mail is installed, gets banned from the Spamhaus list. Already several times I removed it from there through support. But the problem comes up again and again. They claim that we have an infection, check port 25 and so on. Please help with solving the problem, how you can look for a virus or find out about the infection on the server - Cent OS 7. Zimbra 8.8.15_GA_4018FOSS is installed inside.

GDA · Post by **GDA** » Thu Sep 09, 2021 12:55 pm

This is how it looks in the server monitor.

phoenix · Post by **phoenix** » Thu Sep 09, 2021 1:00 pm

Are you actually running a mail server on an unprotected public IP address? If you are that just asking for trouble. There are many ways you can find out if your server is infected, take a look at some of these articles on the internet, do a search with the following terms:

Code: Select all

check centos 7 for infections bots

GDA · Post by **GDA** » Thu Sep 09, 2021 1:09 pm

The IP address was issued by the ISP. The IP is white. Separately installed virtual machine and running zimbra mail for office in ubuntu. How can I protect my IP?

phoenix · Post by **phoenix** » Thu Sep 09, 2021 1:42 pm

I don't understand wht you mean by

GDA wrote:Separately installed virtual machine and running zimbra mail for office in ubuntu. How can I protect my IP?

Arte you telling me that you ZCS is behind a NAT router or is it on the Public IP? Please describe your configuration in more detail. In any case you should check that your ZCS is not an open relay, you can find details in the wiki or with an online check. You can also check if your server itself has been infected with some of the tools you'll find in the suggested search terms in my last post.

GDA · Post by **GDA** » Thu Sep 09, 2021 2:02 pm

I made a check check.smtp.bz.
There is a keenetic giga router - VM (virt machine) - CentOS 7-Zimbra .

GDA · Post by **GDA** » Sat Sep 18, 2021 7:28 am

Good afternoon. Please help. Probably spam is being sent through our server. The length of the queue = 99 (https://skr.sh/sA69s0Thxmi?a), but in the Server Monitor, the mail queue is only 8 letters (https://skr.sh/sA6QMmlRToD?a). What can be done?

phoenix · Post by **phoenix** » Sat Sep 18, 2021 7:38 am

You've given no information on your ZCS configuration with which anyone can help you. Zimbra, by default, is not an open relay. You need tell us what changes you've made to your server, specifically the 'mynetworks' setting. I'd also suggest you read some of the articles on the wiki about an 'open relay'.

GDA · Post by **GDA** » Sat Sep 18, 2021 11:41 am

mynetworks = 127.0.0.0/8 172.16.10.30/32
Open Relay is closed. But

https://skr.sh/s/180921/q84gv4w2

phoenix · Post by **phoenix** » Sat Sep 18, 2021 7:44 pm

If the open relay is closed then you most likely have compromised account(s) on your ZCS server or there an infection on the ZCS server or one of your LAN PCs.

Zimbra Forums

IP in Ban of Spamhaus

IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus

Re: IP in Ban of Spamhaus