Outgoing Spam

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
brenoacp
Posts: 8
Joined: Thu Mar 16, 2017 6:10 pm

Outgoing Spam

Postby brenoacp » Wed Jan 31, 2018 6:06 pm

Hello everyone,
Today we had a problem sending bulk spam for an account in our Zimbra.
The IP of our server has been added to several blacklists.
How can I restrict this type of situation? Is it possible to block mass mailing or enable outgoing spam filtering?
I'm using Zimbra 8.7.1.

Best regards,
Breno Padovan


phoenix
Ambassador
Ambassador
Posts: 25772
Joined: Fri Sep 12, 2014 9:56 pm

Re: Outgoing Spam

Postby phoenix » Wed Jan 31, 2018 9:10 pm

Part of the answer to your question is "Cbpolicyd" for rate limiting, you can read about it in the wiki or search the forums for some details. The other part of the answer is to ask yourself why your server is sending spam, is it a compromised account or is it a bot on your LAN or is your Zimbra server an ope4n relay - I'm afraid that's a problem local to you and is something you'll need to investigate to find the cause.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
zimico
Advanced member
Advanced member
Posts: 81
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.7.5
Contact:

Re: Outgoing Spam

Postby zimico » Thu Feb 01, 2018 2:22 am

Hi,

You can configure some parameters following this wiki:
https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses
and this: https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
You need to review your MTA mynetwork to ensure you only allow required IP, for example:

Code: Select all

$zmprov gs `zmhostname` zimbraMtaMyNetworks
# name mail.zimilab.com
zimbraMtaMyNetworks: 127.0.0.0/8 11.22.33.44/32

View your daily report to see what happened. You can list user account who sent "large number of mails" by:

Code: Select all

$grep sasl_user /var/log/zimbra.log | sed 's/.*sasl_username=//g' | sort | uniq -c | sort -nr | head

You can turn on fail login policy and only allow https/pop3s/imaps connection from your clients.

Hope that help.
Regards,
Minh.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1888
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.10 Network Edition
Contact:

Re: Outgoing Spam

Postby L. Mark Stone » Thu Feb 01, 2018 3:13 pm

As Phoenix stated, the best way to deal with this is with cbpolicyd. By rate limiting your end users, you'll keep your server from being blacklisted due to bulk email sending.

You may also want to consider adjusting your password policies to require longer, but less frequently changed passwords.

https://wiki.zimbra.com/wiki/Cluebringer_Policy_Daemon

All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
User avatar
king0770
Zimbra Employee
Zimbra Employee
Posts: 195
Joined: Fri Sep 12, 2014 10:44 pm
Contact:

Re: Outgoing Spam

Postby king0770 » Thu Feb 01, 2018 3:31 pm

Yes, cbpolicyd is a great tool for this; however, if you simply enable cbpolicyd, and expect it to work, you are going to have a bad day. There is a bit of work involved, for instance you need to add your domains, and subnets. I have a request for enhancement (RFE) for this, see https://bugzilla.zimbra.com/show_bug.cgi?id=106489
brenoacp
Posts: 8
Joined: Thu Mar 16, 2017 6:10 pm

Re: Outgoing Spam

Postby brenoacp » Fri Feb 02, 2018 10:14 am

Thanks guys for the answers.
I am configuring cbpolicyd and checking the relay settings.

Best regards,
Breno Padovan
User avatar
zimico
Advanced member
Advanced member
Posts: 81
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.7.5
Contact:

Re: Outgoing Spam

Postby zimico » Sat Feb 03, 2018 2:49 pm

Hi Rick,

I am suprised that we need some extra work when using cbpolicyd. I do not see any note about this in the wiki. I always configure rate limit manually. When doing this I have to create domain and user for group policy... I am not very clear about your suggestion. Could you please describe the situation when i am going to have a bad day with default cbpolicyd setting?

Thank you.
Minh.
mhammett
Advanced member
Advanced member
Posts: 80
Joined: Sat Jul 19, 2014 7:07 am
ZCS/ZD Version: Release 8.6.0.GA.1153.UBUNTU14.64 U

Re: Outgoing Spam

Postby mhammett » Mon Aug 20, 2018 11:56 am

I would like to circle back to the question the OP had and ask how to send outgoing mail through the spam filters.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 27 guests