MTA Security - SPAM Mass
I Zimbra ZCS-7.2.1_GA_2790.RHEL5 OpenSource version on a production server in CentOS 5.8.
For the second time in a month, my server has been hacked or infected by malware, the first time he was sent over 2 million spam emails and now for the second time after 30 days, were sent over 30 thousand spam.
Spam is sent as localhost, ie, my relay is closed and you can only send as localhost. Below is some important information:
- I can not find the malware on the server;
- I have a firewall enabled on the local system (iptables) closing all (INPUT DROP) and opening only the ports required for operation of service zimbra;
- How to localhost using telnet, you can send emails with the domain and any sender to any addressee. Is this normal?
- The spam is using firstname.lastname@example.org and email@example.com how sender.
I would like the help of the community, since I am having trouble solving the problem. For the second time I am in the list of spam PSBL.
Follows below log PSBL.org:
Meaning, someone has guessed one of your users account password.
Originally Posted by henriquexp90
See this post
This just happened to us last weekend. After 5 hours with support we found the problem. Check the postfix_sender_restrictions postfix variable and see if it is blank. If it is add the following - reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated, permit
We're still blacklisted and can't send anything to GMail, Yahoo and several other domains :mad: but the spam has stopped. Best of luck