Help Understanding Daily Report Logs!
Love Zimbra! Quite easy to setup and it just works! -- Not to mention free is awesome compared to Exchange and I can run it on Linux which is always a huge plus!
I run a Zimbra 7.2.0 server ontop of CentOS 6.1 64 bit server. This is the only production email server my company has so we can't afford to turn it off, etc. I have necessary ports punched through our firewall to allow SMTP, IMAP over SSL, and web access to email.
Our domain gets a huge (by my standard) amount of spam email every day. The average Daily Report says we reject anywhere between 80-99% of incoming emails as spam which sometimes can be about 134,000 emails (rejected) per day. Crazy!
My question is about the top 50 receivers and top 50 senders by message count sections of this report. I'm confused as to what this report is really showing me.
For example: My understanding is the Top 50 Senders by Message Count section is listing the number of emails sent by someone else to my email server. Is this correct? I can see many of our email addresses in this list, however there are a lot that I don't recognize... which would be normal with this assumption since anyone can send to my email server so long as the destination is a valid address...
But, my understanding of the Top 50 Recipients by Message Count worries me. My understanding is that the Recipients would be addresses my email servers has sent mail to. Is this correct? If so, I have a lot of email addresses in this list that I don't recognize, and this is really concerning. I have made sure I don't have an open relay by using multiple tools online to test for this as well as scanned the ports to make sure we aren't advertising anything compromising, etc.
Can someone help me understand this log better so i can sleep easier at night!?!?!? Thanks!