I noticed that thousands of spam messages were sent out from my zimbra server to my relay host (ISP) since yesterday. The messages were received by postfix as connected from 127.0.0.1 localhost.localdomain. However, I confirmed that they come from outside: once I disable port 25 forwarding from my router, there were no more spam messages sending out from the zimbra server. The spamming resume once I re-enable the port 25 port forwarding. Is it possible that some spammers masquerade their IP as 127.0.0.1 to get connected to my zimbra server? How to solve this problem? I have tried various configuration for postfix including rejecting unlisted sender, unlisted recipient, unauthorised sender etc., without success. Any suggestions?