Search:

Type: Posts; User: nitsew; Keyword(s):

Search: Search took 0.00 seconds.

  1. Replies
    10
    Views
    884

    After running the rootkit scan, I got this: ...

    After running the rootkit scan, I got this:


    Checking `bindshell'... INFECTED (PORTS: 465)

    Ran

    fuser -vn tcp 465

    And got:
  2. Replies
    10
    Views
    884

    Klug - I don't believe the passwords were changed...

    Klug - I don't believe the passwords were changed for the user accounts. You may be on to something with the bruteforce idea though. After grepping through the logs, my account was never actually...
  3. Replies
    10
    Views
    884

    Thanks for the reply Klug. I was beginning to...

    Thanks for the reply Klug. I was beginning to think that I was the only one here. :)

    We have had 16 unique accounts compromised. I have forced a password change district wide [and actually...
  4. Replies
    10
    Views
    884

    5 more email accounts hijacked today. I guess it...

    5 more email accounts hijacked today. I guess it is time to move to Google Apps. This forum is worthless.
  5. Replies
    10
    Views
    884

    Another different account compromised today. ...

    Another different account compromised today. This is after changing every user password yesterday, deleting all but one admin account, and blocking port 7071 at the firewall. Client computers show...
  6. Replies
    3
    Views
    620

    Try running this command: tail -n 100000...

    Try running this command:

    tail -n 100000 /var/log/mail.log | grep "sasl_username=" > /tmp/smtpauthlogins.txt

    Then look through /tmp/smtpauthlogins.txt for any accounts that are authenticating...
  7. Replies
    10
    Views
    884

    I have a bunch of these logs: auth.log:Mar...

    I have a bunch of these logs:



    auth.log:Mar 30 06:43:40 mail saslauthd[2425]: zmauth: authenticating against elected url 'https://mydomain.com:7071/service/admin/soap/' ...
    auth.log:Mar 30...
  8. Replies
    10
    Views
    884

    10+ accounts hijacked

    Last night we had at least 10 accounts hijacked... mine being one of them. I am running 8.0.6 FOSS -- These accounts racked up close to 2 million outgoing messages in just a few hours. I know for a...
  9. Replies
    0
    Views
    475

    Sender address triggers FILTER smtp-amavis

    I am running Zimbra 8.0.6_GA_5922.FOSS.

    I am having a bunch of trouble with legitimate incoming mail being blocked. Which is funny, because a ton of spam and phishing emails get through with no...
  10. Replies
    2
    Views
    1,682

    We are also seeing this same problem. Not with...

    We are also seeing this same problem. Not with gmail, but with opaafood.com. And also another school district in the area. Both are being blocked with this message:



    Sender address triggers...
  11. Replies
    2
    Views
    368

    Sorry... I had the version info in my profile,...

    Sorry... I had the version info in my profile, but I failed to post it in the thread as well. The version I am using is: 8.0.6_GA_5922.FOSS



    I will check it out. I hadn't come across any...
  12. Replies
    2
    Views
    368

    Restricting Distribution List Senders

    Hey Folks,

    I tried following this wiki on restricting distribution lists to certain senders, but there were a few steps that I couldn't complete.

    RestrictPostfixRecipients - Zimbra :: Wiki
    ...
  13. Replies
    2
    Views
    1,225

    Sorry to dig up an old thread, but this is still...

    Sorry to dig up an old thread, but this is still an issue... just from the one domain. Any suggestions?
  14. Replies
    2
    Views
    1,225

    Update: I turned the spam filter off, and...

    Update: I turned the spam filter off, and messages are still being blocked from that one domain. Any suggestions would be much appreciated.
  15. Replies
    2
    Views
    1,225

    Cannot receive mail from specific domain

    Hey Folks,

    I work for a school district, and everything with Zimbra seems to be working fine, with the exception that we cannot receive mail from one particular district. I have whitelisted them...
  16. Replies
    4
    Views
    4,096

    Most likely an account has been compromised, and...

    Most likely an account has been compromised, and they are using that account to relay spam through your server.

    Run this command as root:

    tail -n 100000 /var/log/mail.log | grep...
  17. Replies
    6
    Views
    3,496

    Ok... I found yet another thread, and found this...

    Ok... I found yet another thread, and found this gem of a command:

    tail -n 100000 /var/log/mail.log | grep "sasl_username=" > smtpauthlogins.txt

    This showed many many connection attempts from...
  18. Replies
    6
    Views
    3,496

    Hi JakeMS, Thanks for the reply! I have...

    Hi JakeMS,

    Thanks for the reply! I have looked/grepped/etc through the file, and don't see anything too out of the ordinary. Most of it just looks like normal auth. I can't really find a user...
  19. Replies
    6
    Views
    3,496

    Sorry to keep replying to my own thread... but it...

    Sorry to keep replying to my own thread... but it looks as if one of our accounts was compromised, and is being used to auth with SMTP to send spam. *Maybe*

    Is there an easy way to see if there...
  20. Replies
    6
    Views
    3,496

    Is there a way I can tell the server to not even...

    Is there a way I can tell the server to not even queue a message where the sender is not a valid address on our system?
  21. Replies
    6
    Views
    3,496

    Zimbra server sending out lots of spam

    Hey Folks,

    I awoke this morning to a phone call from one of our techs telling me that people weren't receiving mail. I logged into Zimbra, and between the 'deferred', 'active', and 'incoming'...
  22. I am not sure what happened, but I was able to...

    I am not sure what happened, but I was able to start postfix manually, then do a zmcontrol stop/start, and everything seems to be working again. Weird.
  23. A network service error has occurred. [While Sending]

    Hey Folks,

    I have been running on this installation of Zimbra for several months now with no trouble. This morning, one of our techs managed to loop one of our switches, and brought most of the...
Results 1 to 23 of 23