Results 1 to 5 of 5

Thread: Spam from inside the office?

  1. #1
    fernandoflorez is offline Project Contributor
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    8

    Default Spam from inside the office?

    Hello guys,

    Our zimbra install has been very slow and watching the logs i see that there is an ip range (168.16.5.0/24) that is hitting the server like crazy.

    What can i do? Is there a way i can drop those calls?

    Thanks,

  2. #2
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    That ip range is not inside your office:
    Code:
    $ whois 168.16.5.2
    
    OrgName:    State of Georgia/Board of Regents
    OrgID:      SGR
    Address:    2500 Daniells Bridge Rd
    Address:    Building 300
    City:       Athens
    StateProv:  GA
    PostalCode: 30606
    Country:    US
    
    NetRange:   168.16.0.0 - 168.31.255.255
    CIDR:       168.16.0.0/12
    NetName:    NETBLK-PEACHNETB-BLK2
    NetHandle:  NET-168-16-0-0-1
    Parent:     NET-168-0-0-0-0
    NetType:    Direct Allocation
    NameServer: NS1.USG.EDU
    NameServer: NS2.USG.EDU
    NameServer: NS3.USG.EDU
    NameServer: NS4.USG.EDU
    Comment:
    RegDate:    1993-07-16
    Updated:    2004-10-01
    
    RTechHandle: ZU47-ARIN
    RTechName:   University System of Georgia
    RTechPhone:  +1-706-583-2001
    RTechEmail:  nic-tech@usg.edu
    
    OrgTechHandle: ZU47-ARIN
    OrgTechName:   University System of Georgia
    OrgTechPhone:  +1-706-583-2001
    OrgTechEmail:  nic-tech@usg.edu
    
    # ARIN WHOIS database, last updated 2008-03-05 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    You need to block that through a firewall or router's DOS protection tools. It's a good reason to have your server on a DMZ behind a firewall--makes filtering this kind of stuff a lot easier.

    You can do it with the linux firewall on your server, but be careful if you try that route--I've seen more than one user turn on his mailserver firewall and forget to open crucial ports (like, for example, allowing 7071 from the internal network) which makes it REAL hard to administer. Most admins would, I think, consider it best practice to have your firewall on a separate box. . .

    Cheers,

    Dan

  3. #3
    fernandoflorez is offline Project Contributor
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    8

    Default

    Whoa! Thanks!

    I'll setup a freebsd box and do some pf

    Thanks again!

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    For good measure:
    switch to root/superuser
    nano /etc/hosts.deny
    ALL: 168.16.5.

    Postfix level: Blocking SPAM (UCE) using Postfix
    -You can make use of postfix_recipient_restrictions.cf or zmmta.cf so it gets copied to main.cf - just don't overwrite all the other good things in there or you'll be in a world of hurt even faster
    -And of course be sure to go through Improving Anti-spam system - Zimbra :: Wiki when you have the time.

  5. #5
    fernandoflorez is offline Project Contributor
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    8

    Default

    Thanks Mike!

    I found smth weird today. If i take a look at /var/log/maillog i see lot's of connection timed out and deferred messages. Actually one appears every second.

    I plugged off the server from the switch and the messages keep appearing.

    From what i can imagine, that means that there is smth inside the server trying to send spam, right?

    Any way i can shut it down? Any idea on what can i test?

    Thanks,

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Spam/Ham training under Outlook/Thunderbird/etc.
    By chuckm in forum Administrators
    Replies: 23
    Last Post: 03-18-2009, 11:01 AM
  2. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  3. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM
  4. antispam not working?
    By moebis in forum Installation
    Replies: 16
    Last Post: 12-03-2005, 08:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •