Calm down.
Your supposition is incorrect. If we had open relay on by default, then we would have noticed.
Now, if someone is using a username and password on your network, that they got a hold of, then it's possible someone is using your e-mail server as a relay.
Unless you provide the /var/log/zimbra.log, we won't be able to help you.
(PS quit typing in all caps.) |