Hello all,

I was running the beta of zimbra on a internet facing server and last week it got hacked. It looks like only zimbra got hacked as apache and bind were untouched. When I deleted and reinstalled (without performing an actual uninstall) I got the following from the install output:

Setting defaults... MX: grey-area.mailhostingserver.com (209.62.85.74)
MX: grey-area.mailhostingserver.com (67.15.149.233)

Interface: 64.251.xx.xx
Interface: 64.251.xx.xx
Interface: 127.0.0.1
67.15.149.233
209.62.85.74
209.62.85.74
67.15.149.233
67.15.149.233
209.62.85.74

Now, the first two interfaces were correct, as is 127 obviously. but the others were NOT mine, nor was the MX default correct. And I couldn't figure out where it was pulling this data from. But either way, i did an actual uninstall and reinstalled.

Now, it WAS the beta of 5, I believe. and I have since upgraded to the final and reinstalled and all is well. But now I worry about my mail server security.

Aside from fire walling the server (which I already have) what other steps can be taken to prevent this from happening again?

I'm not blaming zimbra for the hack, I'm certainly not a genius when it comes to this stuff anyway. But I'd like to take steps to make sure this doesn't happen again.