have this occurs problem to a Zimbra server. Spammer will used any
account they can breach to spam. More than 6000 spam email will be
send for every successfully try before we found out.

Ok I know you know we know, we need to ask users to change and use
harden password. Yes, we are doing it, so its going to
take time until the users used to it. At this moments, sysadmin busy
with locked accounts due to accounts try by outsider. We have set the
policy after 3 times login failure, account will locked but this burden our sysadmin.

For information, this attack is using the login using HTML.

Re: Dealing with compromised Zimbra accounts


I have use this script to delete the account email, after locked the account.

HOWTO: Remove mail from postfix queue based on from email or rcpto email address

Can anyone share any information how they enject the spam emails so I can block using http filter?