We're having a problem as of this morning as some of our email accounts are sending spam to different emails. it sends out estimated 9000+ emails. I think it started on weekend.
Almost all accounts are currently "locked" and others were deleted also I try changing the password but it still sends spam.
Our zimbra (email server) is installed on Centos 7.0
[SOLVED] My Zimbra server sending out spam emails
-
- Posts: 8
- Joined: Mon Aug 06, 2018 1:29 pm
[SOLVED] My Zimbra server sending out spam emails
Last edited by abamkacamata on Fri Oct 19, 2018 1:17 am, edited 1 time in total.
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: My Zimbra server sending out spam emails
Hello,
check first if your Zimbra is open relay, it should not be the case by default.
Then grep sasl_username in /var/log/zimbra.log to get account who is spamming.
Use iptables to drop connection on SMTP to stop it.
Regards,
check first if your Zimbra is open relay, it should not be the case by default.
Then grep sasl_username in /var/log/zimbra.log to get account who is spamming.
Use iptables to drop connection on SMTP to stop it.
Regards,
-
- Posts: 8
- Joined: Mon Aug 06, 2018 1:29 pm
Re: My Zimbra server sending out spam emails
I used this as my solution. Apart from it I also shutdown zimbra services and run clamav. This combo seems to do the trickDualBoot wrote:Hello,
check first if your Zimbra is open relay, it should not be the case by default.
Then grep sasl_username in /var/log/zimbra.log to get account who is spamming.
Use iptables to drop connection on SMTP to stop it.
Regards,
Re: [SOLVED] My Zimbra server sending out spam emails
HI,
what will I do if I found out what account is relaying to the spammer?
and what do you mean by ip drop?
Thank you
what will I do if I found out what account is relaying to the spammer?
and what do you mean by ip drop?
Thank you
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: [SOLVED] My Zimbra server sending out spam emails
1 - Change the account status from active to locked.
2 - iptables -I INPUT -s source_ip -j DROP
3 - option : stop and start (not restart) mta to end SMTP connections and re-force client to replay authentication
4 - change password acount
5 - kill the user :p
2 - iptables -I INPUT -s source_ip -j DROP
3 - option : stop and start (not restart) mta to end SMTP connections and re-force client to replay authentication
4 - change password acount
5 - kill the user :p