well I opened zimbra up to the internet, and just checked the mail.log after a couple of days.
it was astonishing.

mail:/var/log# cat mail.log | grep reject | wc -l

yep, around 200k spam rejects in 1.5 days!!!

so I've disabled port 25 for now. Does anyone have any comment why I'd be copping this attack? Is there a weakness in zimbra? there doesnt seem to be, theres no accepts going through. my other mail server fends of 1500 spam per day, nothing like what I'm seeing here. I just dont see why the spammers would be throwing this at me unless they found some flaw. Backscatter spam? who knows?

Looks like I'll be putting my exim relay (spam/virus blocker) in the front line and zimbra behind it.