Zimbra

dljordaneku · #1 (**permalink**) 09-30-2008, 09:35 AM

We got a call from our ISP that we were spamming again. It appears that an account password was hacked and being used to send out spam. One question I have is were they using the webclient to send it out. Here is something from the header of one of the spam messages that went out.

Quote:

X-Mailer: Zimbra 5.0.8_GA_2462.F7 (zclient/5.0.8_GA_2462.F7)

Thanks.

dj

y@w · #2 (**permalink**) 09-30-2008, 10:00 AM

Check out /opt/zimbra/audit.log for the break-in (then successful login) attempts.

dljordaneku · #3 (**permalink**) 09-30-2008, 11:16 AM

Well I know they were hacked. I have over 60 spam messages caught in our ISP's spam filter saying it was hacked. I am asking does that header information show they used the webclient to do it.

dj

y@w · #4 (**permalink**) 09-30-2008, 11:19 AM

Right, the audit logs will tell you what IP and access method they used.

dljordaneku · #5 (**permalink**) 09-30-2008, 11:26 AM

Ok. cool. thanks.

dj

Zimbra

Downloads

Product Information

Toolbox

Why Join?