How to show forwarding address

[dljordaneku]

Part of our spam problem is that when the account gets hacked they changed the forwarding address to something of theirs. Is there a way via CLI to show all accounts that have a forwarding address set up?

dj

[bdial]

this is easier than that. log into the admin web interface. on the bottom of th left hand side you'll see a "Searches" area that should have "Inactive accounts (30 days)"

[dljordaneku]

But part of the problem is that they are logging into the web interface a couple of times a day to send out there junk. It appears that they are using the forward to get any responses that come back. With that being the case then account wouldn't be inactive.

dj

[bdial]

oops that reply was actually meant for this thread sorry

[mrklaw]

Did you ever find a solution for this? We're facing the exact same situation right now. It seems that quite a few of our users gave out their usernames.

Thanks.

[phoenix]

Run a script that will go through all the user accounts and look for:

Code:

zmprov ga user@domain.com | grep zimbraPrefMailForwardingAddress

That should list the ones that have a forwarding address set.

[uxbod]

Code:

su - zimbra
zmprov gaa | while read EMAIL
do
    zmprov ga ${EMAIL} | awk -vEMAIL=${EMAIL} '/zimbraPrefMailForwardingAddress/ { printf("%s\t%s\n",EMAIL,$0); }'
done