Large amount of emails sent during the night (possible spam)

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
anthony-b
Posts: 4
Joined: Mon Apr 04, 2016 9:09 am

Large amount of emails sent during the night (possible spam)

Postby anthony-b » Thu Sep 29, 2016 9:24 am

For some reason a large amount of email is being sent during the night. I dont have any crons set up to send anything and we dont send mailshots. Can anyone tell me how I can view the actual emails that are being sent and any possible ways to go about removing a possible spambot.
I have looked through our accounts and there are no email accounts that shouldnt be there. I also have SPA set up so the passwords should be secure.
HELP PLEASE :cry: :cry: :cry: :cry:
See attachment for better explanation.
https://drive.google.com/file/d/0B68GL5FFHQncTmRXUkNibjFlWmc/view?usp=sharing


User avatar
syslint
Posts: 36
Joined: Wed Feb 24, 2016 7:59 am
Contact:

Re: Large amount of emails sent during the night (possible spam)

Postby syslint » Thu Sep 29, 2016 2:25 pm

First thing is you should check the maillog at the time for sending . You can see everything in that file.
24x7 PROACTIVE ZIMBRA SERVER MANAGEMENT | Sales : sales @ syslint.com | Skype us : SyslintSkype | Call us : (+91) 471-60 - 7799 | visit : https://syslint.com
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: Large amount of emails sent during the night (possible spam)

Postby howanitz » Thu Sep 29, 2016 2:44 pm

Don't be too confident that an account is not compromised, users tend to reuse passwords...

I would recommend you look through /var/log/tmp_zauthlog to see which accounts might have been sending email at that time. You can use https://www.iplocation.net/ to geo-locate ip addresses you do not recognize.

Don't know the number of users you have, but I have a script email me about logins each night so I can spot compromised accounts. I posted the basic version of it here:

viewtopic.php?f=15&t=58860&p=265683#p265683

Good luck and let us know how it turns out.
anthony-b
Posts: 4
Joined: Mon Apr 04, 2016 9:09 am

Re: Large amount of emails sent during the night (possible spam)

Postby anthony-b » Mon Oct 03, 2016 12:10 pm

Thanks for the replies. This script looks exactly what I need.
@howanits - Do I execute this script using crontab? I have pasted it into a .sh script and tried to run it using /bin/bash as su but i was getting a command not found error.
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: Large amount of emails sent during the night (possible spam)

Postby howanitz » Mon Oct 03, 2016 5:05 pm

I do run it as a cron job, but if you cannot run it manually, it will not run as a cron job either.

Did you change all the "example.com" text?

Did you make your file executable with chmod?

Did you remember to include the path when running it?

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 16 guests