Possible SMTP DoS attack?
am using Zimbra opensource edition. I can't remember the version but I don't think it's important as my issue seems to be a design flaw on my behalf!
Basically this is the issue:
I was having issues connecting to my version of Zimbra from OpenSolaris as both Thunderbird and Seamonkey didn't want to connect to the server when sending SMTP mail (POP3 and IMAP4 are fine).
This was very weird since in Ubuntu 9.04 Seamonkey is fine.... I am guessing there's an issue with plain text logins but I can't be certain.
Anyway, so due to my setup I have an SMTP relay agent in front of my Zimbra mail server running on a SPARC system and Solaris 9 using Postfix. This system basically just relays mail for my domain; but it seems to have been acting like a buffer between the net and my server. Due to my connection issues I changed my router configuration to have a static NAT definition between the Zimbra server and the ADSL interface rather then Solaris 9 based SMTP relay agent.
After a few hours though the Zimbra server didn't function correctly with only 3 out of 8 log emails managing to make it through from my daily logwatch setup.
I checked the logs and also the router static nat translations (it's a Cisco and is possible to do this), from the server the maillog showed that every second a few emails where being sent to the machine but subsequently denied as the system isn't an open relay and also got marked as SPAM. The router also showed many IP addresses being connected to the port of the Zimbra mail server too.......
What is the cause of this or why did this happen and more importantly how can I prevent my system from blowing up like this again??? It's almost like a few DoS mail attacks occurred!!!! Ok they didn't hog the bandwidth but they did kill the system and render it almost unusable!
Has anyone got any advice or an explanation for me???
Many thanks for any responses :-)
This would really help me learn admining a mail server better so the next time I setup a system like this I can open it 100% up to the web without any issues!!!