IP in Ban of Spamhaus
IP in Ban of Spamhaus
Good afternoon. Once again, my IP address, on which the Zimbra mail is installed, gets banned from the Spamhaus list. Already several times I removed it from there through support. But the problem comes up again and again. They claim that we have an infection, check port 25 and so on. Please help with solving the problem, how you can look for a virus or find out about the infection on the server - Cent OS 7. Zimbra 8.8.15_GA_4018FOSS is installed inside.
- Attachments
-
- Spam from spamhouse.PNG (44.04 KiB) Viewed 4850 times
Re: IP in Ban of Spamhaus
This is how it looks in the server monitor.
- Attachments
-
- Spam..PNG (34.88 KiB) Viewed 4824 times
Re: IP in Ban of Spamhaus
Are you actually running a mail server on an unprotected public IP address? If you are that just asking for trouble. There are many ways you can find out if your server is infected, take a look at some of these articles on the internet, do a search with the following terms:
Code: Select all
check centos 7 for infections bots
Re: IP in Ban of Spamhaus
The IP address was issued by the ISP. The IP is white. Separately installed virtual machine and running zimbra mail for office in ubuntu. How can I protect my IP?
Re: IP in Ban of Spamhaus
I don't understand wht you mean by
Arte you telling me that you ZCS is behind a NAT router or is it on the Public IP? Please describe your configuration in more detail. In any case you should check that your ZCS is not an open relay, you can find details in the wiki or with an online check. You can also check if your server itself has been infected with some of the tools you'll find in the suggested search terms in my last post.GDA wrote:Separately installed virtual machine and running zimbra mail for office in ubuntu. How can I protect my IP?
Re: IP in Ban of Spamhaus
I made a check check.smtp.bz.
There is a keenetic giga router - VM (virt machine) - CentOS 7-Zimbra .
There is a keenetic giga router - VM (virt machine) - CentOS 7-Zimbra .
- Attachments
-
- Open Relay.PNG (1.51 KiB) Viewed 4780 times
Re: IP in Ban of Spamhaus
Good afternoon. Please help. Probably spam is being sent through our server. The length of the queue = 99 (https://skr.sh/sA69s0Thxmi?a), but in the Server Monitor, the mail queue is only 8 letters (https://skr.sh/sA6QMmlRToD?a). What can be done?
Re: IP in Ban of Spamhaus
You've given no information on your ZCS configuration with which anyone can help you. Zimbra, by default, is not an open relay. You need tell us what changes you've made to your server, specifically the 'mynetworks' setting. I'd also suggest you read some of the articles on the wiki about an 'open relay'.
Re: IP in Ban of Spamhaus
If the open relay is closed then you most likely have compromised account(s) on your ZCS server or there an infection on the ZCS server or one of your LAN PCs.