Results 1 to 3 of 3

Thread: MTA Security - SPAM Mass

  1. #1
    Join Date
    Nov 2012
    Posts
    1
    Rep Power
    3

    Default MTA Security - SPAM Mass

    Colleagues,
    I Zimbra ZCS-7.2.1_GA_2790.RHEL5 OpenSource version on a production server in CentOS 5.8.
    For the second time in a month, my server has been hacked or infected by malware, the first time he was sent over 2 million spam emails and now for the second time after 30 days, were sent over 30 thousand spam.
    Spam is sent as localhost, ie, my relay is closed and you can only send as localhost. Below is some important information:
    - I can not find the malware on the server;
    - I have a firewall enabled on the local system (iptables) closing all (INPUT DROP) and opening only the ports required for operation of service zimbra;
    - How to localhost using telnet, you can send emails with the domain and any sender to any addressee. Is this normal?
    - The spam is using gillianandadrian@bayfordspreen.com and gillianandadrian@donation.com how sender.

    I would like the help of the community, since I am having trouble solving the problem. For the second time I am in the list of spam PSBL.


    Follows below log PSBL.org:
    PSBL spamtrap mail for 200.198.6.pdf

  2. #2
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    6

    Default

    Quote Originally Posted by henriquexp90 View Post
    Spam is sent as localhost, ie, my relay is closed and you can only send as localhost.
    Meaning, someone has guessed one of your users account password.
    See this post

  3. #3
    Join Date
    Apr 2011
    Posts
    6
    Rep Power
    4

    Default

    This just happened to us last weekend. After 5 hours with support we found the problem. Check the postfix_sender_restrictions postfix variable and see if it is blank. If it is add the following - reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated, permit

    We're still blacklisted and can't send anything to GMail, Yahoo and several other domains but the spam has stopped. Best of luck

Similar Threads

  1. [SOLVED] security security security
    By Bart Hostens in forum Administrators
    Replies: 8
    Last Post: 12-15-2009, 01:30 AM
  2. Mass e-mails
    By afaith21 in forum Users
    Replies: 0
    Last Post: 08-26-2009, 03:26 PM
  3. mass mail
    By peo in forum Administrators
    Replies: 2
    Last Post: 04-17-2008, 08:16 AM
  4. Forum Spam & Security Update
    By GregA in forum Announcements
    Replies: 0
    Last Post: 02-15-2007, 05:53 PM
  5. Mass mailing
    By achow in forum Users
    Replies: 1
    Last Post: 05-21-2006, 11:28 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •