Results 1 to 7 of 7

Thread: thousands of mail in mail queues why

Hybrid View

  1. #1
    Join Date
    Apr 2009
    Posts
    5
    Rep Power
    6

    Unhappy thousands of mail in mail queues why

    from yesterday, when I login to admin UI, I found these's always thousands of mail in mail queues,both deferred and active, and the sender and receiver are not my domain.

    where these mail come from? how to stop dealing with these spam?

    I do these things below, but do not take effect
    1. change ssh password
    2. disable ssh port
    3. lock all user in zimbra except admin
    4. disable all port except 25/80/7071

    thx for any help

  2. #2
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    454
    Rep Power
    5

    Default

    After all that, you still need to purge the queue.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  3. #3
    Join Date
    Apr 2009
    Posts
    5
    Rep Power
    6

    Unhappy

    thanks for reply

    of cource, when I finished each step I metioned, I purge the queue by hand, but after a few minutes, there are thousands of mail in the queues again...

  4. #4
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    454
    Rep Power
    5

    Default

    Then I guess until you get a handle on what's going on, you need to pull the network cable. And then review your logs.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  5. #5
    Join Date
    Apr 2009
    Posts
    5
    Rep Power
    6

    Default

    Quote Originally Posted by lytledd View Post
    Then I guess until you get a handle on what's going on, you need to pull the network cable. And then review your logs.

    Doug
    which log I can find the problem? what I need to find in logs? some log is more than 400M, I don't know find what to locate the problem.

  6. #6
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    454
    Rep Power
    5

    Default

    The logs that you need to deal with are:

    /var/log/zimbra.log
    /var/log/mail.info
    /opt/zimbra/log/audit.log
    /opt/zimbra/log/mailbox.log

    And any of their associated compressed .tgz files. I'm running under Ubuntu and have mc (Midnight Commander) installed. Makes it easy to view compressed files.

    You can search most logs for auth or failed to give you an idea which account was compromised. Usually brute forced accounts will have lots of failed.

    You should also be able to see what account is being used to authenticate to your mail server when sending spam. Since you said you've changed all password except the admin password, my guess is that the admin account is the one being used.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  7. #7
    Join Date
    Oct 2010
    Posts
    44
    Rep Power
    5

    Default

    I think maybe your Zimbra server has the MTA authentication disabled, so with the port 25 opened every spammer is able to send emails.
    This could be verified in the admin console under the server -> MTA tab or under the global config -> MTA tab.

Similar Threads

  1. Replies: 8
    Last Post: 04-10-2011, 10:14 AM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Problem with Postfix and MTA
    By ZMilton in forum Administrators
    Replies: 16
    Last Post: 04-16-2008, 07:47 AM
  4. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 12:44 PM
  5. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 09:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •