I'm a spammer ????
I was informed yesterday by a fairly creditable source that my email server had sent 30000 messages last month. This is alot more that i expected possibly someone, somehow may be using me for a relay. I promptly checked the zimba dashboard but it does not give as exact informations as i would like. Is there another way to track and check the zimbra stats?
I am pretty sure that some spam was slipping through my backup mx, a none Zimbra, postfix server on a FreeBSD box. I have since shut it down until i can figure out what is going on.
I also checked the RBL lists and of course i am on the top three. I went to the spews site and discovered that my whole ip block is listed i think. Would this be something i can fix or does my ISP have to take care of it, how do i find out?
l1.spews.dnsbl.sorbs.net http://l1.spews.dnsbl.sorbs.net l1.spews.dnsbl.sorbs.net LISTED
l2.spews.dnsbl.sorbs.net http://l2.spews.dnsbl.sorbs.net l2.spews.dnsbl.sorbs.net LISTED
spews.dnsbl.net.au http://spews.dnsbl.net.au spews.dnsbl.net.au LISTED
There are some sites out there that can test if you are an open relay. You can also look in your logs for mail not from your users. The next version will have admin UI support for the mail queues.
Wow, my God! "30000 messages last month"!!!
rmvg, You need a good spam filter...
It is quite common for whole IP blocks to be black listed - at least here in the UK. It is slightly unusual if you have a business agreement rather than a standard/personal one though. I would certainly check the type of sites that KevinH suggests, and also speak to your ISP and see if you can get moved to a new IP range.
What stats are being produced by Zimbra for messages (or is that just inbound?)
http://www.abuse.net/relay.html is a good site to test for relays. If you don't believe it is your mail server I would suggest firewalling port 25 on your network. There could very well be a compramised machine in your network, it may be a good idea to see if there are any open proxies on your network as well http://www.publicproxyservers.com/index.html there are also tests that can be run to find open proxies as well.
Oh and I wouldn't say 30000 messages is a lot for a month ~1000 a day. But I guess if you only have a few accounts than 30000 message would be a lot.