Results 1 to 2 of 2

Thread: How to control spamming completely

  1. #1
    Join Date
    Jan 2009
    Rep Power

    Default How to control spamming completely


    I spammer was able to break through despite the SpamAssassin and AmavisD.

    Is there a way that i can do more to block those spammers that arent recognized yet by SpamAssassin or Amavis?

    An ISP network admin emailed us that our mail server is suspected to be the source of spam. See below;

    ================================================== ======

    From: "Mrs Linda Susan Spray" <>
    To: undisclosed-recipients:;
    Subject: Stop sending money to them...!!
    Date: Wed, 3 Jun 2009 23:20:30 -0700
    Return-Path: <>
    X-Ob-Received: from unknown ( by; 3 Jun 2009 22:33:22 -0000
    Received: from ( []) by (Postfix) with ESMTP id 116B1A50050 for <"">; Wed, 3 Jun 2009 22:33:23 +0000 (GMT)
    X-Spam-Flag: YES
    X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
    X-Spam-Level: ******
    X-Spam-Status: Yes, score=6.0 required=6.0 tests=CMAE_1 shortcircuit=spam autolearn=disabled version=3.2.5
    X-Spam-Cmae-Analysis: v=1.0 c=0 p=sHHLg3IM2hoGtoGvVgAA:9 a=8pUiMh0fzckA:10 a=8da1oD9WnRMA:10 a=PHnGcDMDf2ZQNkg42j1XSA==:17 a=HZJGGiqLAAAA:8 a=CjxXgO3LAAAA:8 xcat=Undefined/Undefined
    Received: from ( []) by (Postfix) with SMTP id 05F81A50051 for <"">; Wed, 3 Jun 2009 22:33:23 +0000 (GMT)
    X-Ob-Received: from unknown ( by; 3 Jun 2009 22:33:23 -0000
    Received: from mail.mydomain (mail.mydomain []) by (Postfix) with ESMTP id 5DCCA88CB for <>; Wed, 3 Jun 2009 22:33:20 +0000 (GMT)
    Received: from localhost (localhost.localdomain []) by mail.mydomain (Postfix) with ESMTP id 59331226BA; Wed, 3 Jun 2009 15:32:18 -0700 (PDT)
    X-Virus-Scanned: amavisd-new at mail.mydomain
    Received: from mail.mydomain ([]) by localhost (mail.mydomain []) (amavisd-new, port 10024) with ESMTP id BAcRTsIvxqIj; Wed, 3 Jun 2009 15:32:18 -0700 (PDT)
    Received: from User (unknown []) by mail.mydomain (Postfix) with ESMTP id 1B392226D3; Wed, 3 Jun 2009 15:31:03 -0700 (PDT)
    Reply-To: <>
    Mime-Version: 1.0
    Content-Type: text/plain; charset="Windows-1251"
    Content-Transfer-Encoding: 7bit
    X-Priority: 3
    X-Msmail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000
    Message-Id: <>

    ================================================== ======

    What can you say about the info i've quoted?

    I believe that the spammer ( tried to use my Zimbra via relay MTA as its launching pad.

    Is there a way where I can block such access via the MTA filter (if such filter exists)..?

    What other solutions can you suggest?


    The original source of spam mail is This is in Nigeria.

    Network Whois record
    Queried with ""...

    &#37; Note: this output has been filtered.

    % Information related to ' -'

    inetnum: -
    netname: INET-MLTL
    descr: CDMA 1x/EVDO Dial up pool
    country: NG
    admin-c: RIA27
    tech-c: RIA27
    status: ASSIGNED PA
    mnt-by: MLTL-INT-MNT
    mnt-lower: MLTL-INT-MNT
    source: AFRINIC # Filtered
    parent: -

    person: IP Admin-RIPE
    address: Multilinks Telecommunications Limited
    address: 231 Adeola Odeku Str.
    address: Victoria Island, Lagos, Nigeria
    remarks: complaints/spam report :
    phone: +2341774000
    nic-hdl: RIA27
    remarks: data has been transferred from RIPE Whois Database 20050221
    source: AFRINIC # Filtered


    This is the content of the spam mail;

    Mrs. Linda Susan Spray - Contract Recovery from Nigeria - Anti-Fraud International

  2. #2
    Join Date
    Nov 2006
    Rep Power


    Well that is a typical spam to be honest ... Check to ensure that the networks listed are only yours for the MTA
    su - zimbra
    zmprov gs `zmhostname` zimbraMtaMyNetworks
    You could also perform a remote test aswell Mail relay testing.

    With respect to reducing the amount of SPAM then I presume you have read Improving Anti-spam system - Zimbra :: Wiki ? You may also wish to search for the forums for SaneSecurity.

Similar Threads

  1. Detecting spammers spamming from zimbra accts
    By ronnyek in forum Administrators
    Replies: 2
    Last Post: 02-22-2008, 10:00 AM
  2. Multi user spam control
    By dlochart in forum Administrators
    Replies: 2
    Last Post: 12-13-2006, 10:13 AM
  3. One of my mailboxes has completely stalled!
    By adoroar in forum Developers
    Replies: 4
    Last Post: 12-08-2006, 08:48 AM
  4. Completely Idle server is maxed out!
    By geekgod in forum Developers
    Replies: 5
    Last Post: 10-04-2005, 04:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts