Non existent account spamming

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
bryllej8
Posts: 41
Joined: Sun Aug 04, 2019 10:41 pm

Non existent account spamming

Post by bryllej8 »

Good day everyone,

I notice that there is one account which is named as (info@mydomain.com) spamming from our zimbra mail server. I checked this account on our accounts lists but it does not exist.

1. How can we find this account and delete it ?
2. Is there any commands that we can stop spamming from our mail server ?

Hope someone can help me. Thanks.
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Non existent account spamming

Post by zimico »

Hi,
You can follow this wiki: https://wiki.zimbra.com/wiki/Spamming_troubleshooting

Regards,
Minh.
bryllej8
Posts: 41
Joined: Sun Aug 04, 2019 10:41 pm

Re: Non existent account spamming

Post by bryllej8 »

Yes i followed it and check the users and already changed their passwords to strong ones.

The biggest issue is the non-existing account which is info@mydomain spamming from our zimbra. I tried to delete it in cli but it returns not exists.

Thanks
zimico wrote:Hi,
You can follow this wiki: https://wiki.zimbra.com/wiki/Spamming_troubleshooting

Regards,
Minh.
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Non existent account spamming

Post by zimico »

Hi,
If you know who is sending spam out, you should go and check/scan her/his PC/Laptop/Mobile for virus/malware. For example, if her/his PC is infected, malware/virus can use this PC (Outlook or other mail clients) to send out spam without knowing password.

Regards,
Minh.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Non existent account spamming

Post by phoenix »

bryllej8 wrote:Yes i followed it and check the users and already changed their passwords to strong ones.
One of the most important pieces of information is missing from your post, that's the ZCS version you have installed. Always post the full output of the following command (yes, sometimes it is important):

Code: Select all

zmcontrol -v
Have you checked your ZCS server for any odd/unknown process that may be running? Have you also checked your LAN for infected machines? Did you read the Administrators forum on an 'Exploit' that was infecting ZCS server? I'd suggest you also take a look at that thread.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
Post Reply