Results 1 to 10 of 10

Thread: spam from in server zimbra

  1. #1
    hoangnam8484 Guest

    Default spam from in server zimbra

    many emails sent from server system
    help me!!!

    Last lines of /var/log/mail.log Only show lines with text

    Code:
    Nov  8 12:29:39 server1 postfix/error[6307]: 37FAD14E97F: to=<unakasprings@yahoo.com>, relay=none, delay=1.4, delays=0.14/0.09/0/1.1, dsn=4.7.0, status=deferred (delivery temporarily suspended: host f.mx.mail.yahoo.com[98.137.54.237] refused to talk to me: 421 4.7.0 [TS01] Messages from 118.69.228.253 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
    Nov  8 12:29:39 server1 postfix/smtp[4534]: 302B514E9E5: to=<onlinebanking@alert.bankofamerica.com>, relay=none, delay=7.4, delays=0.01/7.4/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=alert.bankofamerica.com type=A: Host not found)
    Nov  8 12:29:39 server1 postfix/qmgr[8951]: 302B514E9E5: removed
    Nov  8 12:29:39 server1 postfix/error[23297]: 37FAD14E97F: to=<umartind@comcast.net>, relay=none, delay=1.5, delays=0.14/0.09/0/1.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx4.comcast.net[76.96.26.14]:25: Connection timed out)
    Nov  8 12:29:39 server1 postfix/smtp[4558]: 090EA14E95C: to=<kokesch@earthlink.net>, relay=mx1.earthlink.net[209.86.93.226]:25, conn_use=2, delay=236, delays=0.23/220/14/0.65, dsn=5.0.0, status=bounced (host mx1.earthlink.net[209.86.93.226] said: 550 kokesch@earthlink.net...User account is unavailable (in reply to RCPT TO command))
    Nov  8 12:29:39 server1 postfix/smtpd[3030]: warning: 41.211.239.130: address not listed for hostname 130.239.211.41.client130.directonpc.net
    Nov  8 12:29:39 server1 postfix/smtpd[3030]: connect from unknown[41.211.239.130]
    Nov  8 12:29:40 server1 postfix/smtp[4550]: connect to aln-mailrelay.att.net[12.102.252.75]:25: Connection timed out
    Nov  8 12:29:40 server1 postfix/smtp[4811]: 415E214E826: to=<kitsales@ivillage.com>, relay=none, delay=239, delays=0.15/186/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=ivillage.com type=MX: Host not found, try again)
    Nov  8 12:29:40 server1 postfix/error[22854]: 37FAD14E97F: to=<ufo70@webtv.net>, relay=none, delay=2.1, delays=0.14/0.09/0/1.9, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to smtpin.mx.webtv.net[209.240.204.26]:25: Connection timed out)
    Nov  8 12:29:40 server1 postfix/smtp[4819]: BE52E14E929: to=<kip.britton@govworks.com>, relay=none, delay=239, delays=0.35/210/28/0, dsn=5.4.6, status=bounced (mail for govworks.com loops back to myself)
    Nov  8 12:29:40 server1 postfix/smtp[4820]: 415E214E826: to=<kit@klcent.com>, relay=none, delay=239, delays=0.15/186/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=klcent.com type=MX: Host not found, try again)
    Nov  8 12:29:40 server1 postfix/smtp[4866]: 5626614E93F: to=<koral@koralhalperin.com>, relay=mail.koralhalperin.com[67.159.7.133]:25, delay=235, delays=0.11/232/1.6/1.6, dsn=2.6.0, status=sent (250 2.6.0 10990 bytes received in 00:00:00; Message accepted for delivery)
    Nov  8 12:29:40 server1 postfix/smtp[4866]: 9990614E9E9: to=<onlinebanking@alert.bankofamerica.com>, relay=none, delay=3.9, delays=0.01/3.9/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=alert.bankofamerica.com type=A: Host not found)
    Nov  8 12:29:40 server1 postfix/qmgr[8951]: 9990614E9E9: removed
    Nov  8 12:29:40 server1 postfix/error[23239]: 37FAD14E97F: to=<ummzaahid@gmail.com>, relay=none, delay=2.3, delays=0.14/0.09/0/2.1, dsn=4.7.0, status=deferred (delivery temporarily suspended: host alt4.gmail-smtp-in.l.google.com[209.85.221.65] refused to talk to me: 421-4.7.0 [118.69.228.253] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 39si1905151qyk.118)
    Nov  8 12:29:40 server1 postfix/smtp[1555]: 04B6414E95B: to=<laclaire9@earthlink.net>, relay=mx3.earthlink.net[209.86.93.228]:25, delay=237, delays=0.16/218/18/0.5, dsn=5.0.0, status=bounced (host mx3.earthlink.net[209.86.93.228] said: 550 laclaire9@earthlink.net...User account is unavailable (in reply to RCPT TO command))
    Nov  8 12:29:40 server1 postfix/smtp[4547]: 252FF14E925: to=<krisanddale@earthlink.net>, relay=mx2.earthlink.net[209.86.93.227]:25, delay=236, delays=0.12/228/7.2/0.64, dsn=5.0.0, status=bounced (host mx2.earthlink.net[209.86.93.227] said: 550 krisanddale@earthlink.net...User unknown (in reply to RCPT TO command))
    Nov  8 12:29:40 server1 postfix/smtp[4767]: connect to ismtp.buckeye.everyone.net[216.200.145.235]:25: Connection timed out
    Nov  8 12:29:40 server1 postfix/smtp[4767]: BE52E14E929: to=<kingrat@buckeye-express.com>, relay=none, delay=239, delays=0.35/209/30/0, dsn=4.4.1, status=deferred (connect to ismtp.buckeye.everyone.net[216.200.145.235]:25: Connection timed out)
    Nov  8 12:29:40 server1 postfix/smtp[4809]: 432BF14E890: to=<kidslightys@bellsouth.com>, relay=cluster7.us.messagelabs.com[216.82.253.179]:25, delay=246, delays=0.14/133/112/0.61, dsn=5.0.0, status=bounced (host cluster7.us.messagelabs.com[216.82.253.179] said: 550 Invalid recipient <kidslightys@bellsouth.com> (#5.1.1) (in reply to RCPT TO command))
    Nov  8 12:29:40 server1 postfix/smtp[1555]: 04B6414E95B: to=<ladawnmercier@earthlink.net>, relay=mx3.earthlink.net[209.86.93.228]:25, delay=237, delays=0.16/218/18/0.76, dsn=5.0.0, status=bounced (host mx3.earthlink.net[209.86.93.228] said: 550 ladawnmercier@earthlink.net...User account is unavailable (in reply to RCPT TO command))
    Nov  8 12:29:41 server1 postfix/smtp[4559]: connect to mail.henryschein.com[209.64.143.115]:25: Connection timed out
    Nov  8 12:29:41 server1 postfix/smtp[4559]: 7BDAB14E8D5: to=<keggett@dentrix.com>, relay=none, delay=249, delays=0.12/123/125/0, dsn=4.4.1, status=deferred (connect to mail.henryschein.com[209.64.143.115]:25: Connection timed out)
    Nov  8 12:29:41 server1 postfix/cleanup[4344]: 1349614E9E5: message-id=<20091108052941.1349614E9E5@ssggroup.com.vn>
    Nov  8 12:29:41 server1 postfix/bounce[5000]: 7BDAB14E8D5: sender non-delivery notification: 1349614E9E5
    Nov  8 12:29:41 server1 postfix/qmgr[8951]: 1349614E9E5: from=<>, size=17821, nrcpt=1 (queue active)
    Nov  8 12:29:41 server1 postfix/cleanup[31022]: 2204114E9AE: message-id=<20091108052941.2204114E9AE@ssggroup.com.vn>
    Nov  8 12:29:41 server1 postfix/smtp[1554]: 0145A14E959: to=<kim.smith@dmax-ltd.com>, relay=mx1.mail.twtelecom.net[216.136.95.5]:25, delay=240, delays=0.11/175/65/0.27, dsn=4.1.8, status=deferred (host mx1.mail.twtelecom.net[216.136.95.5] said: 450 4.1.8 <onlinebanking@alert.bankofamerica.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
    Nov  8 12:29:41 server1 postfix/bounce[5000]: 432BF14E890: sender non-delivery notification: 2204114E9AE
    Nov  8 12:29:41 server1 postfix/qmgr[8951]: 2204114E9AE: from=<>, size=21931, nrcpt=1 (queue active)
    Nov  8 12:29:41 server1 postfix/smtp[4824]: connect to mx3.crosswinds.net[8.21.33.47]:25: Connection timed out
    Nov  8 12:29:41 server1 postfix/cleanup[4344]: 629A514E978: message-id=<20091108052941.629A514E978@ssggroup.com.vn>
    Nov  8 12:29:41 server1 postfix/bounce[7676]: 0145A14E959: sender non-delivery notification: 629A514E978
    Nov  8 12:29:41 server1 postfix/qmgr[8951]: 629A514E978: from=<>, size=17557, nrcpt=1 (queue active)
    Nov  8 12:29:41 server1 postfix/smtp[4897]: 252FF14E925: to=<kriggs1@columbus.rr.com>, relay=hrndva-smtpin02.mail.rr.com[71.74.56.244]:25, delay=236, delays=0.12/227/9.1/0, dsn=4.7.1, status=deferred (host hrndva-smtpin02.mail.rr.com[71.74.56.244] refused to talk to me: 554 5.7.1 - Connection refused. IP name lookup failed for 118.69.228.253)
    Nov  8 12:29:43 server1 postfix/smtp[4818]: 5C6F014E91F: to=<kmccormack@gpsmanagement.com>, relay=none, delay=243, delays=0.29/189/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=gpsmanagement.com type=MX: Host not found, try again)
    Nov  8 12:29:43 server1 postfix/smtp[4818]: 1079814E83B: to=<onlinebanking@alert.bankofamerica.com>, relay=none, delay=6.9, delays=0.02/6.9/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=alert.bankofamerica.com type=A: Host not found)
    Nov  8 12:29:43 server1 postfix/qmgr[8951]: 1079814E83B: removed
    Nov  8 12:29:43 server1 postfix/smtp[4836]: 5626614E93F: host hrndva-smtpin01.mail.rr.com[71.74.56.243] refused to talk to me: 554 5.7.1 - Connection refused. IP name lookup failed for 118.69.228.253
    Nov  8 12:29:44 server1 postfix/smtp[4561]: connect to mx4.hotmail.com[65.55.92.136]:25: Connection timed out
    Nov  8 12:29:44 server1 postfix/smtp[4787]: connect to mailin-04.mx.aol.com[64.12.138.57]:25: Connection timed out
    Nov  8 12:29:44 server1 postfix/cleanup[7986]: F063B14E975: message-id=<20091108052834.F063B14E975@ssggroup.com.vn>
    Nov  8 12:29:44 server1 postfix/smtp[4816]: 8643114E957: to=<kmartink@midtel.net>, relay=mailin1.inoc.net[64.22.32.61]:25, delay=244, delays=0.19/172/71/0, dsn=4.0.0, status=deferred (host mailin1.inoc.net[64.22.32.61] refused to talk to me: 450 Your host has incomplete DNS. (see RFC1123 / RFC1912))
    Nov  8 12:29:44 server1 postfix/smtp[4526]: connect to smtp.sunclipse.com[207.104.211.8]:25: Connection timed out
    Nov  8 12:29:44 server1 postfix/smtp[4526]: BE52E14E929: to=<kirk.gray@landsberg.com>, relay=none, delay=243, delays=0.35/211/32/0, dsn=4.4.1, status=deferred (connect to smtp.sunclipse.com[207.104.211.8]:25: Connection timed out)
    Nov  8 12:29:45 server1 postfix/smtp[4536]: connect to smtpin.ptd.net[207.44.97.35]:25: Connection timed out
    Nov  8 12:29:45 server1 postfix/smtp[4840]: 5C6F014E91F: to=<kmoffett@grayharris.com>, relay=none, delay=244, delays=0.29/190/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=grayharris.com type=MX: Host not found, try again)
    Nov  8 12:29:45 server1 postfix/smtp[4812]: connect to mx1.lsu.edu.gslb.pphosted.com[67.231.144.37]:25: Connection timed out
    Nov  8 12:29:45 server1 postfix/smtp[4812]: 672D114E922: to=<klax@lsu.edu>, relay=none, delay=249, delays=0.14/136/113/0, dsn=4.4.1, status=deferred (connect to mx1.lsu.edu.gslb.pphosted.com[67.231.144.37]:25: Connection timed out)
    
          Last  lines of /var/log/mail.log    Only show lines with text

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    So is your other problem of not being able to start mailboxd solved now? It's difficult to follow your problems when you never seem to give any follow-up to the threads you start.

    If you really have got a spammer on your system then I'd suggest you check all your users PCs to see if they have a virus or you may have a compromised account on your server that (possibly) has a weak password - search the forums for what steps you can take to minimise this problem. This is not a Zimbra problem it's more a problem of your security in your LAN and standards you apply to things like users passwords.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    hoangnam8484 Guest

    Default spam from in server zimbra

    apologize to you, I always annoying problems and I can not wait long if it is a problem too difficult.
    I see unusual problem here, I'm not the mechanism how it works?
    problem derives from the internal network from outside the network.
    found in mail sent and this is the start of their
    Here proplem
    I need advice, what should I do to end this problem.
    Thank you very much!!!

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Go to this page and run the test and see what it says.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Jan 2009
    Posts
    369
    Rep Power
    6

    Default

    All I see in that log is: all mails were sent from your server were deffered.
    Did you check your server queues?
    Did you try to change MTA trusted network?
    Let's do it and report here, I hope this help

  6. #6
    hoangnam8484 Guest

    Default

    Queue does not matter what, all was delete.
    such is my mail ip server: 1.2.3.4 IP ISP
    MTA currently in my trusted network:
    127.0.0.0 / 8 1.2.3.1/29
    I have to change how? advice to help you make your

  7. #7
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    So seems one of your account might be compromised. Better to change password. Also i suggest to add RBL zen.spamhaus.org. to reject spammer at source rather than wasting your resources to finally decide its a spam.

  8. #8
    Join Date
    Jan 2009
    Posts
    369
    Rep Power
    6

    Default

    U can try change your MTA trusted network to: 1.2.3.4/32

  9. #9
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Your trusted network needs to have 127.0.0.1/32 in there or the server will not work. Same with the server's internal IP address. Beyond that it really shouldn't have anything else unless you have very special circumstances.

    For example here is my server's MTA Trusted Networks:
    127.0.0.1/32 192.168.1.6/32

  10. #10
    hoangnam8484 Guest

    Default

    Quote Originally Posted by ArcaneMagus View Post
    Your trusted network needs to have 127.0.0.1/32 in there or the server will not work. Same with the server's internal IP address. Beyond that it really shouldn't have anything else unless you have very special circumstances.

    For example here is my server's MTA Trusted Networks:
    127.0.0.1/32 192.168.1.6/32
    I changed the MTA are as follows: 127.0.0.1/32 myIP/32
    More RBL simultaneously as follows: Zen.spamhaus.org

    Current mailserver is working very well, no more spam

    Thanks everyone very much

Similar Threads

  1. Replies: 9
    Last Post: 02-25-2009, 04:39 AM
  2. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  3. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  4. Cleanup after many upgrades
    By tobru in forum Installation
    Replies: 1
    Last Post: 12-23-2007, 09:21 AM
  5. Replies: 22
    Last Post: 12-02-2007, 05:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •