[SOLVED] My Zimbra server sending out spam emails

General discussion about Zimbra Desktop.
abamkacamata
Posts: 7
Joined: Mon Aug 06, 2018 1:29 pm

[SOLVED] My Zimbra server sending out spam emails

Postby abamkacamata » Thu Oct 18, 2018 12:54 am

We're having a problem as of this morning as some of our email accounts are sending spam to different emails. it sends out estimated 9000+ emails. I think it started on weekend.
Almost all accounts are currently "locked" and others were deleted also I try changing the password but it still sends spam.
Our zimbra (email server) is installed on Centos 7.0
Last edited by abamkacamata on Fri Oct 19, 2018 1:17 am, edited 1 time in total.


User avatar
DualBoot
Elite member
Elite member
Posts: 1081
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: My Zimbra server sending out spam emails

Postby DualBoot » Thu Oct 18, 2018 7:10 am

Hello,

check first if your Zimbra is open relay, it should not be the case by default.
Then grep sasl_username in /var/log/zimbra.log to get account who is spamming.
Use iptables to drop connection on SMTP to stop it.

Regards,
abamkacamata
Posts: 7
Joined: Mon Aug 06, 2018 1:29 pm

Re: My Zimbra server sending out spam emails

Postby abamkacamata » Fri Oct 19, 2018 1:16 am

DualBoot wrote:Hello,

check first if your Zimbra is open relay, it should not be the case by default.
Then grep sasl_username in /var/log/zimbra.log to get account who is spamming.
Use iptables to drop connection on SMTP to stop it.

Regards,


I used this as my solution. Apart from it I also shutdown zimbra services and run clamav. This combo seems to do the trick
odiepus
Posts: 1
Joined: Thu Jul 18, 2019 4:53 am

Re: [SOLVED] My Zimbra server sending out spam emails

Postby odiepus » Thu Jul 18, 2019 4:56 am

HI,

what will I do if I found out what account is relaying to the spammer?
and what do you mean by ip drop?
Thank you
User avatar
DualBoot
Elite member
Elite member
Posts: 1081
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: [SOLVED] My Zimbra server sending out spam emails

Postby DualBoot » Fri Jul 19, 2019 8:49 am

1 - Change the account status from active to locked.
2 - iptables -I INPUT -s source_ip -j DROP
3 - option : stop and start (not restart) mta to end SMTP connections and re-force client to replay authentication
4 - change password acount
5 - kill the user :p

Return to “General Questions”

Who is online

Users browsing this forum: No registered users and 3 guests