Results 1 to 6 of 6

Thread: Is my server being exploited?

  1. #1
    azeem is offline Active Member
    Join Date
    May 2007
    Location
    Norway
    Posts
    28
    Rep Power
    8

    Default Is my server being exploited?

    Recently, I have received a lot of Mailer-Daemon type messages with undeliverable messages from mailservers I KNOW my users haven't been mailing to. Some are anti-spam messages from these mailservers spam-filters.
    I suspect that someone is using my mailserver to relay spam. Also my mail.warn file contains many warnings like:
    Apr 20 13:59:21 mail2 postfix/smtpd[16680]: warning: 88.230.48.121: hostname dsl88.230-12409.ttnet.net.tr verification failed: Name or service not known
    These are all unknown hosts to me. So, as you see, I supect foul play.

    How do I go about detecting what is going on, and how can I prevent my mailserver from being exploited?

    Appeciate any help on this...

    Regards Arnljot

  2. #2
    liston13 is offline Intermediate Member
    Join Date
    Oct 2007
    Location
    New York City - Hell's Kitchen
    Posts
    17
    Rep Power
    7

    Smile backscatter

    Chances are you aren't being exploited directly.
    As anyone with an email account is exploited.

    The undeliverable messages are more than likely backscatter from forged headers. It happened to me last week. I received 15K emails in 48 hours.
    Set up some filters to automatically delete them.

    I never knew blackberries could count so high.

  3. #3
    azeem is offline Active Member
    Join Date
    May 2007
    Location
    Norway
    Posts
    28
    Rep Power
    8

    Default

    Thank you. I think you are right, but what about the entries in the mail.warn log? What do they mean? Are they just unverified sources from all the daily spam I receive?

    Arnljot

  4. #4
    kogo is offline Active Member
    Join Date
    Nov 2006
    Location
    Chicago
    Posts
    35
    Rep Power
    8

    Default

    Quote Originally Posted by liston13 View Post
    Chances are you aren't being exploited directly.
    As anyone with an email account is exploited.

    The undeliverable messages are more than likely backscatter from forged headers. It happened to me last week. I received 15K emails in 48 hours.
    Set up some filters to automatically delete them.

    I never knew blackberries could count so high.
    How can you set up filters to delete backscatter messages?

  5. #5
    liston13 is offline Intermediate Member
    Join Date
    Oct 2007
    Location
    New York City - Hell's Kitchen
    Posts
    17
    Rep Power
    7

    Default carefully

    Carefully :-)

    There is not an easy solution, I usually do it on user specific cases..through the browser interface.

    I have 9 rules dedicated to dumping...
    "User Does Not Exist"
    "Relaying Denied"
    "Message Failure"
    etc...

    to my Trash/Folder/Spam...as if they are purged right away, that one false positive will screw your entire week up.

    I mark any foreign language reply as Spam and this seems to work fairly well.
    If the message is sent to one of the users aliases.
    I will kill the alias for a few days...if possible.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by kogo View Post
    How can you set up filters to delete backscatter messages?
    Search the forums, there's a recent thread on how to get rid of backscatter spam 'correctly' using spamassassin.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. initializing ldap...FAILED(256)ERROR
    By manjunath in forum Installation
    Replies: 39
    Last Post: 06-07-2013, 10:27 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. Error 256 on Installation
    By RuinExplorer in forum Installation
    Replies: 5
    Last Post: 10-19-2006, 09:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •