Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: my zimbra smtp used by someone

  1. #1
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default my zimbra smtp used by someone

    Hello,

    I'm receiving a lot of messages (return failure), someone is using my mail.domain.com to send spam mails, so how I can take the necessary action with matter?

    Cheers,
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by snake_eyes View Post
    I'm receiving a lot of messages (return failure), someone is using my mail.domain.com to send spam mails, so how I can take the necessary action with matter?
    You've given no examples of what the messages are, no headers or other information. If they really are NDR then search the forums or wiki (or google/yahoo) for backscatter spam, this is not someone using your server but rather someone using NDR as a means of getting mail to you. You should also look in the wiki for details on improving the anti-spam system - you are using 'smtpd_reject_unlisted_recipients yes' aren't you? This is not a Zimbra problem but rather a side effect of running a mail server.

    Further details and reading: Spam Links - backscatter
    ndr spam - Yahoo! Search Results
    Last edited by phoenix; 12-25-2009 at 08:37 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default

    sorry for delay to reply to the topic..

    I have the always_bcc in the main.cf, there is an out@domain.com and as you know it will catch all the outbound traffic, I checked the out@domain.com and I founded that there are too many messages from myaccount@domain.com to someaccount@hotmail.com or from admin@domain.com to user@yahoo.com or support@domain.com to another@gmail.com, so is there anything must I do to trace and stop this kind of messages?
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

  4. #4
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default

    I got some message header:

    From: "Medusa Maritime s.a / PLS ADD OUR ADRESS '' chartering@medusamaritime.com '' NOT smtp"
    To: "Medusa Maritime s.a / PLS ADD OUR ADRESS '' chartering@medusamaritime.com '' NOT smtp"
    Sent: Thursday, January 21, 2010 2:31:17 PM GMT +03:00 Iraq
    Subject: NEED VSL OPEN WEST/ CENTRAL MED BALE- 170/190K CBFT
    Please note that I added the always_bcc=out@domain.com in the main.cf of postfix, so when I login into out@domain.com I founded a lot of messages such as the above header...

    So how I can stop them?
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

  5. #5
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    If you are never going to email yourself from outside then you could make a change to the Postfix configuration and add the following
    Code:
    check_sender_access hash:/etc/postfix/spoofprotection,
    under smtpd_recipient_restrictions; with the following in the file
    Code:
    yourdomain		REJECT we never email ourself from outside so go away!
    and then
    Code:
    postmap spoofprotection

  6. #6
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default

    what do you mean by if we are never email ourself from outside? so I couldn't receive any email from the same domain? or what? your explanation plz....
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

  7. #7
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default

    still the same problem, I activated the DSPAM in the server still when I login in into the archive@mydomain.com "Which is alwasy_bcc in the postfix" I see some messages that sent from xx@somedomain.com to xxx@anotherdomain.com

    it shouldn't be in the mailbox...

    Any help plz?
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

  8. #8
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Quote Originally Posted by snake_eyes View Post
    what do you mean by if we are never email ourself from outside? so I couldn't receive any email from the same domain? or what? your explanation plz....
    If you are never going to send a email from your domain too your domain directly from the Internet then your domain should never be listed as the from domain.

  9. #9
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Quote Originally Posted by snake_eyes View Post
    still the same problem, I activated the DSPAM in the server still when I login in into the archive@mydomain.com "Which is alwasy_bcc in the postfix" I see some messages that sent from xx@somedomain.com to xxx@anotherdomain.com

    it shouldn't be in the mailbox...

    Any help plz?
    So they are in your archive account and but not in the mailbox ? If that is the case then this is the expected behaviour. I believe in 6.0.5 you can now direct any emails that have been marked as SPAM into a different HSM mail store.

  10. #10
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default

    but I don't know if the messages are spam or someone attack the SMTP of the server... how can I check this scenario via log or something else...
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

Similar Threads

  1. ldap id2entry.bdb has bad LSN
    By pixelplumber in forum Administrators
    Replies: 5
    Last Post: 02-03-2010, 10:44 PM
  2. [SOLVED] Moving Zimbra to a new server
    By krolen in forum Administrators
    Replies: 109
    Last Post: 02-05-2009, 11:38 AM
  3. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 08:25 PM
  4. zmperditionctl start asking for password
    By k7sle in forum Administrators
    Replies: 32
    Last Post: 02-20-2008, 11:13 AM
  5. Cleanup after many upgrades
    By tobru in forum Installation
    Replies: 1
    Last Post: 12-23-2007, 09:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •