Trying to track down spammer using my Zimbra server

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
omegainstitute
Advanced member
Advanced member
Posts: 67
Joined: Fri Sep 12, 2014 10:33 pm

Trying to track down spammer using my Zimbra server

Postby omegainstitute » Mon Jul 22, 2013 9:08 am

Thank you Quanah. I think I found the culprit and have things re-locked down for now. Going along the lines of LDAP locking down, it's safe to block outside access to port 389 then? That'll prevent further harvesting I presume.
Again, thank you for your assistance.. You've been more than helpful! :)
- Rob


User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1667
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Trying to track down spammer using my Zimbra server

Postby quanah » Mon Jul 22, 2013 9:14 am

Hi Rob,
That is correct, you can lock down 389 to outside access. :) Glad to have been of help!
Regards,

Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
omegainstitute
Advanced member
Advanced member
Posts: 67
Joined: Fri Sep 12, 2014 10:33 pm

Trying to track down spammer using my Zimbra server

Postby omegainstitute » Thu Jul 25, 2013 8:04 am

I thought I had it.. :( Turns out the account I thought was compromised, wasn't and just the fact that recently there has been a lot of activity (legit) involving said account. Trying to figure out what my next steps will be. I've activated cbpolicyd and upgraded my server to 7.2.4. Now to see what I can do next to figure out how to tighten up this stuff even further. I'm roughly at a 36% block rate right now, and I need to get that # up significantly (36% rejected via daily report information).
hugolf
Posts: 3
Joined: Sat Sep 13, 2014 3:08 am

Trying to track down spammer using my Zimbra server

Postby hugolf » Tue Aug 06, 2013 6:38 pm

I AM ALSO SUFFERING FROM THE SAME PROBLEM, IN MY UNDERSTANDING IT SEEMS THAT THE SPAMMER IS DETECTED

AND TAKING ADVANTAGE OF ANY WEAKNESS OR BUG ZIMBRA, BECAUSE EVEN WITHOUT BEING ABLE TO AUTHENTICATE,

IT MAKES THE SENDING OF EMAILS.
THE CATCH IS THAT IT DOES NOT USE SMTP FOR SENDING, BUT HE GOT AN AUTOMATIC WAY, USING SOAP OR SOMETHING,

TO MANIPULATE THE MESSAGES THROUGH WEBMAIL, CREATING NEW MESSAGES AND SENDING VIA WEBMAIL, THEN MOVE

THE MESSAGE TO TRASH (IN MY CASE). I KNOW THAT IT APPEARS IN THE LOG MAILBOX.LOG VERY CLEARLY.
I CHECKED TOO AND MY SERVER IS NOT OPEN RELAY, AND THE LOG MAILLOG, APPEARS AS THE SENDER LOCALHOST (CONNECT

FROM LOCALHOST.LOCALDOMAIN [127.0.0.1]).
BELOW IS MY MAILBOX.LOG PIECES. PART OF THE MORE DETAILED LOG AND WITHOUT MANY CUTS IS ATTACHED HERETO,

PLEASE LOOK AT THE ATTACHMENT, THE TEXT BELOW IS FOR EXAMPLE ONLY. FOR THOSE WHO ARE HELPING, THE BETTER

LOOKING THE ATTACHMENT:


MAILBOX.LOG
2013-08-06 02:59:29,809 INFO  [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41833, MESSAGE-ID=, PARENTID=41779, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 02:59:33,188 WARN [BTPOOL0-830://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SMTP - FAILED TO SEND MESSAGE

2013-08-06 02:59:33,190 INFO [BTPOOL0-830://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - DELETING MESSAGE (ID=41832).

2013-08-06 02:59:33,203 INFO [BTPOOL0-830://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAPENGINE - HANDLER EXCEPTION

2013-08-06 02:59:39,776 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - AUTOCOMPLETEREQUEST

2013-08-06 02:59:39,815 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - INDEXDEFERREDITEMS(NULL, 50350): DEFERRED COUNT OUT OF SYNC - FOUND=1 IN PROGRESS=0 (DEFERRED COUNT=2)

2013-08-06 02:59:39,827 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - DEFERRED INDEXING: SUBMITTED 1 ITEMS IN 14MS (71.43/SEC). (0 ITEMS FAILED TO INDEX). INDEXDEFERREDCOUNT NOW AT 1 NUMNOTSUBMITTED= 0

2013-08-06 02:59:39,938 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] GAL - AUTOCOMPLETE: OVERALL=162MS, RANKING=3MS, FOLDER=83MS, GAL=76MS

2013-08-06 02:59:40,310 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - AUTOCOMPLETEREQUEST

2013-08-06 02:59:40,389 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] GAL - AUTOCOMPLETE: OVERALL=79MS, RANKING=2MS, FOLDER=2MS, GAL=75MS

2013-08-06 02:59:44,728 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - SENDMSGREQUEST

2013-08-06 02:59:44,751 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - ADDING MESSAGE: ID=41834, MESSAGE-ID=, PARENTID=-1, FOLDERID=5, FOLDERNAME=SENT.

2013-08-06 02:59:44,760 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SMTP - SENDING MESSAGE TO MTA AT MAIL.NAVESA.COM.BR: MESSAGE-ID=, REPLYTYPE=R

2013-08-06 02:59:45,550 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41835, MESSAGE-ID=, PARENTID=24877, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 02:59:46,869 WARN [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SMTP - FAILED TO SEND MESSAGE

2013-08-06 02:59:46,871 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - DELETING MESSAGE (ID=41834).

2013-08-06 02:59:46,878 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAPENGINE - HANDLER EXCEPTION

2013-08-06 02:59:46,887 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - AUTOCOMPLETEREQUEST

2013-08-06 02:59:46,919 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - INDEXDEFERREDITEMS(NULL, 50353): DEFERRED COUNT OUT OF SYNC - FOUND=1 IN PROGRESS=0 (DEFERRED COUNT=2)

2013-08-06 02:59:46,933 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - DEFERRED INDEXING: SUBMITTED 1 ITEMS IN 16MS (62.50/SEC). (0 ITEMS FAILED TO INDEX). INDEXDEFERREDCOUNT NOW AT 1 NUMNOTSUBMITTED= 0

2013-08-06 02:59:47,029 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] GAL - AUTOCOMPLETE: OVERALL=142MS, RANKING=5MS, FOLDER=67MS, GAL=70MS

2013-08-06 03:00:55,841 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41917, MESSAGE-ID=, PARENTID=41779, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:00:55,852 INFO [LMTPSERVER-944] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41918, MESSAGE-ID=, PARENTID=41779, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:00:57,051 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/SAVEDRAFTREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - SAVEDRAFTREQUEST

2013-08-06 03:00:57,065 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/SAVEDRAFTREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - ADDING MESSAGE: ID=41919, MESSAGE-ID=, PARENTID=-1, FOLDERID=6, FOLDERNAME=DRAFTS.

2013-08-06 03:00:57,500 INFO [LMTPSERVER-944] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41920, MESSAGE-ID=, PARENTID=41802, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:00:57,510 INFO [LMTPSERVER-948] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41921, MESSAGE-ID=, PARENTID=41779, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:00:57,897 INFO [LMTPSERVER-948] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41922, MESSAGE-ID=, PARENTID=29049, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:00:57,986 INFO [LMTPSERVER-944] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41923, MESSAGE-ID=, PARENTID=41779, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:00:59,740 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - SENDMSGREQUEST

2013-08-06 03:01:01,117 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41924, MESSAGE-ID=, PARENTID=-1, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:01,199 INFO [LMTPSERVER-944] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41925, MESSAGE-ID=, PARENTID=35071, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:01,344 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - AUTOCOMPLETEREQUEST

2013-08-06 03:01:01,366 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: BCC:ACELGER@NETSCAPE.NET

2013-08-06 03:01:01,366 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: BCC:ALAININVC@NETSCAPE.NET

2013-08-06 03:01:01,366 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: BCC:ALAN33FRA@NETSCAPE.NET

2013-08-06 03:01:01,366 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: BCC:ALENDRICKELF@NETSCAPE.NET

2013-08-06 03:01:01,366 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: BCC:ALEX16600@NETSCAPE.NET

2013-08-06 03:01:01,371 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: SUBJECT:_BLANK_

2013-08-06 03:01:01,371 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: MIME-VERSION:1.0

2013-08-06 03:01:01,371 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: CONTENT-TYPE:MULTIPART/ALTERNA

2013-08-06 03:01:01,371 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: CONTENT-TYPE:BOUNDARY=

2013-08-06 03:01:01,371 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: CONTENT-TYPE:-

2013-08-06 03:01:01,371 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: CONTENT-TYPE:-

2013-08-06 03:01:01,371 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: CONTENT-TYPE:=_PART_408626_125

2013-08-06 03:01:01,380 INFO [LMTPSERVER-948] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41926, MESSAGE-ID=, PARENTID=-1, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:01,422 WARN [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - UNABLE TO INDEX: X-BIGFISH:ZZDD29HC89BHC85FHDBE

2013-08-06 03:01:01,447 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - DEFERRED INDEXING: SUBMITTED 9 ITEMS IN 99MS (90.91/SEC). (0 ITEMS FAILED TO INDEX). INDEXDEFERREDCOUNT NOW AT 10 NUMNOTSUBMITTED= 1

2013-08-06 03:01:01,572 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] GAL - AUTOCOMPLETE: OVERALL=228MS, RANKING=3MS, FOLDER=151MS, GAL=74MS

2013-08-06 03:01:02,592 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41932, MESSAGE-ID=, PARENTID=-1, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:03,640 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41933, MESSAGE-ID=, PARENTID=41928, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:04,018 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41934, MESSAGE-ID=, PARENTID=41928, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:04,525 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41935, MESSAGE-ID=, PARENTID=41928, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:05,412 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - SENDMSGREQUEST

2013-08-06 03:01:05,435 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - ADDING MESSAGE: ID=41936, MESSAGE-ID=, PARENTID=-1, FOLDERID=5, FOLDERNAME=SENT.

2013-08-06 03:01:05,448 INFO [BTPOOL0-832://LOCALHOST:8080/SERVICE/SOAP/SENDMSGREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SMTP - SENDING MESSAGE TO MTA AT MAIL.NAVESA.COM.BR: MESSAGE-ID=, REPLYTYPE=R

2013-08-06 03:01:06,312 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41937, MESSAGE-ID=, PARENTID=41928, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:06,765 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41938, MESSAGE-ID=, PARENTID=41928, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:09,183 INFO [LMTPSERVER-953] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41939, MESSAGE-ID=, PARENTID=41928, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:09,240 INFO [LMTPSERVER-956] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41940, MESSAGE-ID=, PARENTID=41928, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:09,970 INFO [LMTPSERVER-956] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=192.168.1.150;] MAILOP - ADDING MESSAGE: ID=41941, MESSAGE-ID=, PARENTID=35071, FOLDERID=2, FOLDERNAME=INBOX.

2013-08-06 03:01:12,704 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] INDEX - DEFERRED INDEXING: SUBMITTED 16 ITEMS IN 124MS (129.03/SEC). (0 ITEMS FAILED TO INDEX). INDEXDEFERREDCOUNT NOW AT 16 NUMNOTSUBMITTED= 0

2013-08-06 03:01:12,825 INFO [BTPOOL0-823://LOCALHOST:8080/SERVICE/SOAP/AUTOCOMPLETEREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] GAL - AUTOCOMPLETE: OVERALL=249MS, RANKING=3MS, FOLDER=175MS, GAL=71MS

2013-08-06 03:07:35,102 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/MSGACTIONREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] SOAP - MSGACTIONREQUEST

2013-08-06 03:07:35,104 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/MSGACTIONREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - MOVING MESSAGE (ID=42232) TO FOLDER TRASH (ID=3)

2013-08-06 03:07:35,105 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/MSGACTIONREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - MOVING MESSAGE (ID=42231) TO FOLDER TRASH (ID=3)

2013-08-06 03:07:35,106 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/MSGACTIONREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - MOVING MESSAGE (ID=42230) TO FOLDER TRASH (ID=3)

2013-08-06 03:07:35,107 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/MSGACTIONREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - MOVING MESSAGE (ID=42228) TO FOLDER TRASH (ID=3)

2013-08-06 03:07:35,108 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/MSGACTIONREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - MOVING MESSAGE (ID=42227) TO FOLDER TRASH (ID=3)

2013-08-06 03:07:35,110 INFO [BTPOOL0-829://LOCALHOST:8080/SERVICE/SOAP/MSGACTIONREQUEST] [NAME=LUCAS.QUEIROZ@NAVESA.COM.BR;MID=1680;IP=41.203.67.51;UA=ZCLIENT/7.1.4_GA_2555;] MAILOP - MOVING MESSAGE (ID=42226) TO FOLDER TRASH (ID=3)


mailbox.log

omegainstitute
Advanced member
Advanced member
Posts: 67
Joined: Fri Sep 12, 2014 10:33 pm

Trying to track down spammer using my Zimbra server

Postby omegainstitute » Thu Aug 08, 2013 9:09 am

Doesn't the user need to be authenticated with the machine in order to send SOAP commands to it?
What port does SOAP use for an outside connection? Is it piggy-backed in with regular HTTP requests? I wonder if there's a way to block injecting SOAP from the firewall standpont.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 15 guests