Hi everyone!

I found out a bug in the postfix authentication, because an email accounts from a domain that it's not set up in my server was sending spam from my mail server. My Zimbra version is Release 7.1.4_GA_2555.F11_64_20120105094338 F11_64 FOSS edition.

I got this in my zimbra.log file

Jul 5 15:03:47 mail postfix/smtpd[6614]: connect from unknown[177.145.182.254]
Jul 5 15:03:47 mail postfix/smtpd[29642]: disconnect from unknown[177.145.182.254]
Jul 5 15:03:48 mail postfix/smtpd[6614]: setting up TLS connection from unknown[177.145.182.254]
Jul 5 15:03:48 mail postfix/smtpd[6614]: Anonymous TLS connection established from unknown[177.145.182.254]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 5 15:03:50 mail postfix/smtpd[6614]: 598F921297: client=unknown[177.145.182.254], sasl_method=LOGIN, sasl_username=info
Jul 5 15:03:51 mail amavis[21926]: (21926-16) Checking: M7iXHCVrAhVI [177.145.182.254] <no-replay@itau.com.br> -> <trabalhandocomsucesso2012@gmail.com>
Jul 5 15:03:51 mail amavis[21926]: (21926-16) Passed CLEAN, [177.145.182.254] [177.145.182.254] <no-replay@itau.com.br> -> <trabalhandocomsucesso2012@gmail.com>, Message-ID: <20120705210350.598F921297@mail.garciabodan.com> , mail_id: M7iXHCVrAhVI, Hits: 0.041, size: 3064, queued_as: 7464D2129A, 371 ms
Jul 5 15:03:51 mail postfix/smtpd[6614]: disconnect from unknown[177.145.182.254]
Jul 5 15:08:03 mail postfix/anvil[24145]: statistics: max connection rate 3/60s for (smtp:177.145.182.254) at Jul 5 15:02:38
Jul 5 15:08:03 mail postfix/anvil[24145]: statistics: max connection count 1 for (smtp:177.145.182.254) at Jul 5 14:59:08


I don't know how this account from this IP was allowed to send mail using my smtp, can someone give me a hand trying to understand what happened and how to avoid to happen again?

Thank you very much.