Hello,
I'm here again because I have a complicated problem which is that the zimbra server is sending spam despite still not being used by users, and I have already been blacklisted, plus the service is being consumed zimbra all the RAM.
How I can fix this?
This is the zimbra MTA log:
Code:
May  8 03:40:01 mail zimbramon[26961]: 26961:info: 2012-05-08 03:40:01, QUEUE: 0 0
May  8 03:40:01 mail postfix/sendmail[27023]: warning: the Postfix sendmail command has set-uid root file permissions
May  8 03:40:01 mail postfix/sendmail[27023]: warning: or the command is run from a set-uid root process
May  8 03:40:01 mail postfix/sendmail[27023]: warning: the Postfix sendmail command must be installed without set-uid root file permissions
May  8 03:50:01 mail postfix/postqueue[28207]: fatal: Queue report unavailable - mail system is down
May  8 03:50:01 mail zimbramon[28126]: 28126:info: 2012-05-08 03:50:01, QUEUE: 0 0
May  8 03:50:02 mail postfix/sendmail[28208]: warning: the Postfix sendmail command has set-uid root file permissions
May  8 03:50:02 mail postfix/sendmail[28208]: warning: or the command is run from a set-uid root process
May  8 03:50:02 mail postfix/sendmail[28208]: warning: the Postfix sendmail command must be installed without set-uid root file permissions
mailbox log:
Code:
2012-05-02 00:00:16,928 INFO  [MailboxPurge] [name=ham.lzcjyuucz@mydomain.com;mid=4;] purge - Purging messages.
2012-05-02 00:00:26,471 INFO  [btpool0-9://localhost:7071/service/admin/soap/AuthRequest] [ip=127.0.0.1;ua=zmprov/7.1.4_GA_2568;] soap - AuthRequest
2012-05-02 00:00:30,062 INFO  [btpool0-9://localhost:7071/service/admin/soap/GetAllServersRequest] [name=zimbra;ip=127.0.0.1;ua=zmprov/7.1.4_GA_2568;] soap - GetAllServersRequest
2012-05-02 00:01:26,161 INFO  [MailboxPurge] [name=spam.regjsfrgja@mydomain.com;mid=3;] purge - Purging messages.
2012-05-02 00:02:30,158 INFO  [MailboxPurge] [name=ham.lzcjyuucz@mydomain.com;mid=4;] purge - Purging messages.
2012-05-02 00:03:36,694 INFO  [MailboxPurge] [name=spam.regjsfrgja@mydomain.com;mid=3;] purge - Purging messages.
2012-05-02 00:04:38,254 INFO  [MailboxPurge] [name=ham.lzcjyuucz@mydomain.com;mid=4;] purge - Purging messages.
2012-05-02 00:05:38,960 INFO  [MailboxPurge] [name=spam.regjsfrgja@mydomain.com;mid=3;] purge - Purging messages.
2012-05-02 00:06:40,201 INFO  [MailboxPurge] [name=ham.lzcjyuucz@mydomain.com;mid=4;] purge - Purging messages.
2012-05-02 00:07:51,092 INFO  [MailboxPurge] [name=spam.regjsfrgja@mydomain.com;mid=3;] purge - Purging messages.
2012-05-02 00:08:51,701 INFO  [MailboxPurge] [name=ham.lzcjyuucz@mydomain.com;mid=4;] purge - Purging messages.
2012-05-02 00:09:52,345 INFO  [MailboxPurge] [name=spam.regjsfrgja@mydomain.com;mid=3;] purge - Purging messages.
2012-05-02 00:10:54,722 INFO  [MailboxPurge] [name=ham.lzcjyuucz@mydomain.com;mid=4;] purge - Purging messages.
2012-05-02 00:10:55,967 INFO  [btpool0-5://localhost:7071/service/admin/soap/AuthRequest] [ip=127.0.0.1;ua=zmprov/7.1.4_GA_2568;] soap - AuthRequest
Mail server emitting "Digital Photo/Video Editing" spam and other spam, very probably an open relay.

mail.mydomain.com. 4H IN A my.IP.public.static

*SPAM EVIDENCE IS IN THE MAIL LOG FILE OF THE SERVER* (and possibly in the mail queue). Spam messages can be located by looking for the following forged sender(s) (but not necessarily the only ones):
letelaioa54igaso@msn.com

Note that removing virus/malware, even if generally helpful, is *NOT* the way to solve this problem. This is an open relay problem.

I appreciate any help.

Note: The email account listed in the log of mailbox does not exist, or at least we have not created us. example lzcjyuucz@mydomain.com and / or spam.regjsfrgja @ mydomain.com