Results 1 to 4 of 4

Thread: Server Hijacked

  1. #1
    Join Date
    Jul 2007
    Posts
    13
    Rep Power
    8

    Default Server Hijacked

    Earlier today my zimbra server was hijacked and messages were being sent out appearing to be from another domain. I've captured some of the messages in the hold queue.

    If my user is me@mydomain.com can I stop my users from sending an email that appears to be from joedomain.com?

    Why can my users send an email to appear as if it is coming from another domain?

    Is there a way to find out how these messages were generated?

    Do I need to fix something in my setup?

    Thanks for your help.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Kent17 View Post
    Why can my users send an email to appear as if it is coming from another domain?
    It's called a 'Persona' and it's a feature.

    Quote Originally Posted by Kent17 View Post
    Is there a way to find out how these messages were generated?
    That would depend on what you mean by 'hijacked', search the forums for the words "compromised account". If it's some for of rootkit then you'll have to check your server, if it's an infected PC then you'll have to check your LAN for the source.

    Quote Originally Posted by Kent17 View Post
    Do I need to fix something in my setup?
    That would depend on what your problem actually is. If it's a hijacked account then you'll need to enforce strong passwords (look in the Admin UI for password settings).
    Last edited by phoenix; 01-21-2012 at 06:58 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jul 2007
    Posts
    13
    Rep Power
    8

    Default

    Thanks for the quick reply.

    I will start searching about compromised accounts, and I've made some adjustments to our password policy. hopefully that will help.

    The 'Persona' feature, can this be disabled, and are there negatives that would come from disabling it?

  4. #4
    Join Date
    Jul 2007
    Posts
    13
    Rep Power
    8

    Default

    I believe the answer to my question is on this page

    RestrictPostfixSenders - Zimbra :: Wiki

    Thanks fo your help.

Similar Threads

  1. How to: cold standby server (no cluster)
    By fisch09 in forum Installation
    Replies: 50
    Last Post: 02-18-2014, 10:51 AM
  2. Keeping a backup server synced with live server
    By Q-Mike in forum Administrators
    Replies: 5
    Last Post: 04-11-2008, 02:40 PM
  3. [SOLVED] Server migration/move for OS steps I used
    By newmember in forum Migration
    Replies: 0
    Last Post: 09-06-2007, 11:57 PM
  4. Replies: 1
    Last Post: 09-17-2006, 12:02 AM
  5. Replies: 18
    Last Post: 03-20-2006, 02:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •