Since a few days I recognized something strange happening with the stats. They are showing that a huge amount of mail is sent via lmtp or smtp, e.g about 6000 mails in one hour.
I think thats quite a lot for 22 user accounts.
I don't have an open relay. Trusted MTA-Networks are 127.0.0.1/8 and 192.168.0.101/32 (zimbra host).
I checked the logs for a compromised account with this:
I found nothing strange. Only 2 logins by admin.
tail -n 100000 /var/log/mail.log | grep "sasl_username=" > /tmp/smtpauthlogins.txt
So this pointed nothing out I added the
to /opt/zimbra/postfix-22.214.171.124z/conf/main.cf to see all traffic. But everything seems to be finde, I don't see any SPAM.
always_bcc = firstname.lastname@example.org
Also the daily mail reports show nothing uncommon.
Has anyone an idea where this huge amount of mails comes from?
Thanks for any suggestions.