Results 1 to 8 of 8

Thread: Mail from 127.0.0.1

  1. #1
    kolson3208 is offline Junior Member
    Join Date
    Apr 2007
    Posts
    8
    Rep Power
    8

    Default Mail from 127.0.0.1

    I have a lot of "Spam" that is bing able to be delivered to local users on my Zimbra machine. The mail source in the headers are from either 127.0.0.1 or from mailer-deamon.

    I have 'require authentication' enabled for users sending mail and it seems to work. It is almost like the system is sending mail itself but I haven't been able to determine where or how...

    Kelly

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,497
    Rep Power
    56

    Default

    Welcome to the forums.

    You'd need to post some headers for anyone to make a comment on where it's come from. Is there anything in the logs to indicate a problem?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    See here for a list of logfiles: /docs/ne/latest/administration_guide/9_Monitoring.12.1.html#1075561
    We're specifically interested in /var/log/zimbra.log & /opt/zimbra/log/mailbox.log
    They will be big, post relevant sections-or attach them in a txt or zip.

  4. #4
    kolson3208 is offline Junior Member
    Join Date
    Apr 2007
    Posts
    8
    Rep Power
    8

    Default Email Header Sample

    Received: from localhost (localhost.localdomain [127.0.0.1])
    by webmail.asiserve.net (Postfix) with ESMTP id 773CAC28BAA
    for <kolson@mtsweb.net>; Wed, 19 Sep 2007 12:50:37 -0400 (EDT)
    X-Virus-Scanned: amavisd-new at
    X-Spam-Score: 3.993
    X-Spam-Level: ***
    X-Spam-Status: No, score=3.993 tagged_above=-10 required=4
    tests=[BAYES_50=0.001, RCVD_IN_NJABL_DUL=1.946,
    RCVD_IN_SORBS_DUL=2.046]
    Received: from webmail.asiserve.net ([127.0.0.1])
    by localhost (webmail.asiserve.net [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id uQV35R9JCwPv for <kolson@mtsweb.net>;
    Wed, 19 Sep 2007 12:50:35 -0400 (EDT)
    Received: from aus208.neoplus.adsl.tpnet.pl (aus208.neoplus.adsl.tpnet.pl [83.27.26.208])
    by webmail.asiserve.net (Postfix) with ESMTP id 967C9C28B8F
    for <sales@mtsweb.net>; Wed, 19 Sep 2007 12:50:27 -0400 (EDT)
    Received: from [83.27.26.208] by bluebadgelabel.com; Wed, 19 Sep 2007 17:50:50 +0100
    Date: Wed, 19 Sep 2007 17:50:50 +0100
    From: "Tammi Jeffries" <yeux@bluebadgelabel.com>
    X-Mailer: The Bat! (v2.00.0) Business
    Reply-To: yeux@bluebadgelabel.com
    X-Priority: 3 (Normal)
    Message-ID: <854233889.40052149537585@bluebadgelabel.com>
    To: sales@mtsweb.net
    Subject: Re:MAIL MERGE
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset=us-ascii
    Content-Transfer-Encoding: 7bit



    I guess the part that confuses me is that all of our mail first goes through a Barracuda Filter and has headers stating such. This one appears to have been accepted directly by the mail server without needing authentication.

    Kelly

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,497
    Rep Power
    56

    Default

    Quote Originally Posted by kolson3208 View Post
    I guess the part that confuses me is that all of our mail first goes through a Barracuda Filter and has headers stating such. This one appears to have been accepted directly by the mail server without needing authentication.
    I guess the Barracuda is on the same subnet as the ZImbra server? If that's the case, it won't need authentication as it's in the same Trusted Network.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,497
    Rep Power
    56

    Default

    BTW, that message you've posted isn't spam according to this:

    Code:
    X-Spam-Score: 3.993
    X-Spam-Level: ***
    X-Spam-Status: No, score=3.993 tagged_above=-10 required=4
    as it doesn't meet the 'Required' score.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  8. #8
    kolson3208 is offline Junior Member
    Join Date
    Apr 2007
    Posts
    8
    Rep Power
    8

    Default Update Example

    This may have been covered and I still haven't dug through the logs to fine the specific emails. But this would be great if it could be calrified.

    In the Zimbra Message queue, I am seeing mail messages queued with a "Sender Address: of mailer-deamon. "Receiver address" aue usually not on our domain, "Sender Domain" is blank and "Origin IP" is blank.

    I am wondering if this is "Normal" or a if many more messages may have been going out...

    Kelly

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 03:34 PM
  5. Mail not getting to mail boxes
    By ehults in forum Installation
    Replies: 5
    Last Post: 10-31-2005, 09:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •