Hi there, we have been hacked. I wonder if anyone could help get to the bottom of it. Mails have been sent out from addresses that do not exist within zimbra. (ra@ourdomain, co@ourdomainde@ourdomain ,ki@ourdomain ,lu@ourdomain , by@ourdomain, cy@ourdomain) I have no idea how they have been sent.. the only reason i knew there was a problem at first was a number of users reported they had bounce messages for things they had not sent. It turns out they were members of a list (NUT@our domain). the sever has had its network cable unplugged but, i can still see things that are being added to the queue.

Can I make it so zimbra will only send mail when a user has Authenticated and has a valid address? What is the best way to diagnose if there is a virus or if there is an account
compromised?

Using IMAP over ssl. Can a user send mail without authenticating?

I have looked through log file after log file but am lost as to making anything tally..

Please help. We are a high school that starts term on monday -(

Thanks in advance

Andy