Page 1 of 1

[SOLVED] My Zimbra server sending out spam emails

Posted: Thu Oct 18, 2018 12:54 am
by abamkacamata
We're having a problem as of this morning as some of our email accounts are sending spam to different emails. it sends out estimated 9000+ emails. I think it started on weekend.
Almost all accounts are currently "locked" and others were deleted also I try changing the password but it still sends spam.
Our zimbra (email server) is installed on Centos 7.0

Re: My Zimbra server sending out spam emails

Posted: Thu Oct 18, 2018 7:10 am
by DualBoot
Hello,

check first if your Zimbra is open relay, it should not be the case by default.
Then grep sasl_username in /var/log/zimbra.log to get account who is spamming.
Use iptables to drop connection on SMTP to stop it.

Regards,

Re: My Zimbra server sending out spam emails

Posted: Fri Oct 19, 2018 1:16 am
by abamkacamata
DualBoot wrote:Hello,

check first if your Zimbra is open relay, it should not be the case by default.
Then grep sasl_username in /var/log/zimbra.log to get account who is spamming.
Use iptables to drop connection on SMTP to stop it.

Regards,


I used this as my solution. Apart from it I also shutdown zimbra services and run clamav. This combo seems to do the trick

Re: [SOLVED] My Zimbra server sending out spam emails

Posted: Thu Jul 18, 2019 4:56 am
by odiepus
HI,

what will I do if I found out what account is relaying to the spammer?
and what do you mean by ip drop?
Thank you

Re: [SOLVED] My Zimbra server sending out spam emails

Posted: Fri Jul 19, 2019 8:49 am
by DualBoot
1 - Change the account status from active to locked.
2 - iptables -I INPUT -s source_ip -j DROP
3 - option : stop and start (not restart) mta to end SMTP connections and re-force client to replay authentication
4 - change password acount
5 - kill the user :p