spam issue every 5min from random email ids+@mydomain.com

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Wam1988
Posts: 1
Joined: Tue Oct 12, 2021 5:28 pm

spam issue every 5min from random email ids+@mydomain.com

Postby Wam1988 » Tue Oct 12, 2021 9:11 pm

Hi friends,

if i repeat a similar post pls bare with me. i did search few times couldnt see a similar problem asked before

i`ve a zimbra server : Release 8.6.0.GA.1153.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.6.0_P14.

recently i found a compromised account in my server and i deleted the mail box. after that im still getting attack in a different way.
about 20+ emails sending from every 5 min from random email IDs (domain is my own domain) ex: 12344@mydomain.com , 224342@mydomain.com etc,

when i query the sasl_auth name, i cant find it, empty, & I have done already below remedies and no luck what so ever.

Enforcing a match between FROM address and sasl username
zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes
my_network only contains server network ip address
https://wiki.zimbra.com/wiki/Compromise ... _spam_mail

any help to see this much appreciated,


phoenix
Ambassador
Ambassador
Posts: 26878
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: spam issue every 5min from random email ids+@mydomain.com

Postby phoenix » Wed Oct 13, 2021 2:39 am

You need to upgrade your ZCS version and never run older versions of software. Your system has probably been exploited, do an internet search for this (and read the details of this exploit):

Code: Select all

zimbra compromised server bot
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 32 guests