Results 1 to 3 of 3

Thread: Spam Through WEBMAIL

  1. #1
    Join Date
    May 2009
    Rep Power

    Default Spam Through WEBMAIL

    Hello. We have a NE 5.0.16 server recently upgraded from 5.0.12. All of a sudden we were receiving TONS of spam that appeared to be coming from an internal user. I assumed some sort of spoof and/or backscatter problem. zimbra.log grew to a huge size and we are now blacklisted on several domains. So someone hit us hard.

    I started to suspect that one of our accounts was actually compromised. I then looked at /opt/zimbra/jetty/logs/access_log.2009-05-14 and there were a TON of entries in there listed below: - - [14/May/2009:03:54:31 -0400] "POST /service/admin/soap/ HTTP/1
    .1" 200 520 "-" "-" - - [14/May/2009:03:54:31 -0400] "POST /service/admin/soap/ HTTP/1
    .1" 200 520 "-" "-"

    There are tons of these every 20 seconds or so. All the other logs previous to this do not have these. I assume that the account that was "sending" all the spam was compromised and the spammer is using the account for sending spam. Is this possible to send that volume of spam through the Zimbra web interface? Is there a vulnerability somewhere? The passwords are pretty strong so I am surprised it was hacked.

    Thanks for any input


  2. #2
    Join Date
    Jun 2009
    Rep Power


    How did you fix this. I am having a similar issue

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Vannes, France
    Rep Power


    Quote Originally Posted by mutuku View Post
    How did you fix this. I am having a similar issue
    Instead of posting a 'me too' to a thread that's almost three years old how about giving some details of your problem actual problem and what's your definition of 'similar'? There's also threads in the forums that cover the details of what to do if you have a compromised account on the server and other spam problems.


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  2. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 09:26 AM
  3. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  4. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 08:59 AM
  5. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 02:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts