Constant Zimbra phishing attacks not caught my spamassassin/amavis/rspamd/etc
Posted: Wed Jan 07, 2026 3:34 pm
It seems that there's a list of sites running ZCS (presumably by scanning for signatures) that I'm on, and I've been seeing huge volumes of phishing attacks (mostly phony calendar invites) that link out to a fake Zimbra login page to steal credentials. These all come in through compromised accounts at other (mostly Zimbra) sites.
Has anyone found a solution to this? I haven't had much luck crafting custom rules because the attacks are so varied and otherwise innocuous-looking, but I'm getting hundreds of Zimbra phishing attempts daily. Every time an account get compromised from this we get blocklisted from Gmail for days until its sorted out.
Has anyone found a solution to this? I haven't had much luck crafting custom rules because the attacks are so varied and otherwise innocuous-looking, but I'm getting hundreds of Zimbra phishing attempts daily. Every time an account get compromised from this we get blocklisted from Gmail for days until its sorted out.