Mi zimbra server is being used for spam, but I dont know how, I if test from some one mx relay test, the result is relay denied. viewing the logs I found this information:
2010-09-03 12:10:05,189 INFO [btpool0-53://localhost:7071/service/admin/soap/AuthRequest] [ip=127.0.0.1;] soap - AuthRequest
2010-09-03 12:10:05,333 INFO [btpool0-53://localhost:7071/service/admin/soap/GetAllServersRequest] [name=zimbra;ip=127.0.0.1;] soap
I understood from it, that somebody is using the zimbra user and it is masquerading with ip localhost.
What can I do for to block it, This problem is leaving me crazy!!!
From my firewall I only have opened the following port: www, dns, smtp, imap4.
Please help me.