Results 1 to 2 of 2

Thread: Large volume of spam messages; see the log

  1. 12-31-2008, 02:43 AM #1
    snake_eyes's Avatar
    snake_eyes
    snake_eyes is offline Advanced Member
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    5

    Angry Large volume of spam messages; see the log

    Hello,

    I'm receiving a large volume of spam messages, one of them it sent from it@mydomain.com to it@mydomain.com although the it is alias name contain the I.T. Department stuff.

    I copied the log from /var/log/zimbra.log and I found this:

    Code:
    Dec 31 11:48:32 mail zmmailboxdmgr[2333]: status requested
Dec 31 11:48:32 mail zmmailboxdmgr[2333]: status OK
Dec 31 11:48:33 mail zmmailboxdmgr[2396]: status requested
Dec 31 11:48:33 mail zmmailboxdmgr[2396]: status OK
Dec 31 11:49:42 mail zmmailboxdmgr[2731]: status requested
Dec 31 11:49:42 mail zmmailboxdmgr[2731]: status OK
Dec 31 11:49:43 mail zmmailboxdmgr[2792]: status requested
Dec 31 11:49:43 mail zmmailboxdmgr[2792]: status OK
Dec 31 11:49:44 mail postfix/smtpd[1762]: connect from unknown[212.70.50.179]
Dec 31 11:49:44 mail postfix/smtpd[1762]: 95FE3AA02B6: client=unknown[212.70.50.179]
Dec 31 11:49:44 mail postfix/cleanup[1766]: 95FE3AA02B6: message-id=<0KCQ00HPAGH6WL@ling.atheer.net.sa>
Dec 31 11:49:44 mail postfix/qmgr[19037]: 95FE3AA02B6: from=<it@myomain.com>, size=2314, nrcpt=9 (queue active)
Dec 31 11:49:44 mail amavis[12859]: (12859-16) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20081230T115440-12859: <it@myomain.com> -> <d.nakouzi@myomain.com>,<dawood@myomain.com>,<h.kawass@myomain.com>,<hilal@myomain.com>,<k.jubeily@myomain.com>,<m.othman@myomain.com>,<r.baba@myomain.com>,<r.nawam@myomain.com>,<wafik@myomain.com> SIZE=2314 BODY=8BITMIME Received: from mail.myomain.com ([127.0.0.1]) by localhost (mail.myomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP; Wed, 31 Dec 2008 11:49:44 +0300 (AST)
Dec 31 11:49:44 mail amavis[12859]: (12859-16) Checking: EkJj7vpmdfLW [212.70.50.179] <it@myomain.com> -> <d.nakouzi@myomain.com>,<dawood@myomain.com>,<h.kawass@myomain.com>,<hilal@myomain.com>,<k.jubeily@myomain.com>,<m.othman@myomain.com>,<r.baba@myomain.com>,<r.nawam@myomain.com>,<wafik@myomain.com>
Dec 31 11:49:44 mail postfix/smtpd[1762]: disconnect from unknown[212.70.50.179]
Dec 31 11:49:46 mail postfix/smtpd[1777]: connect from localhost.localdomain[127.0.0.1]
Dec 31 11:49:46 mail postfix/smtpd[1777]: D0190AA02B7: client=localhost.localdomain[127.0.0.1]
Dec 31 11:49:46 mail postfix/cleanup[1766]: D0190AA02B7: message-id=<0KCQ00HPAGH6WL@ling.atheer.net.sa>
Dec 31 11:49:46 mail postfix/qmgr[19037]: D0190AA02B7: from=<it@myomain.com>, size=3072, nrcpt=9 (queue active)
Dec 31 11:49:46 mail postfix/smtpd[1777]: disconnect from localhost.localdomain[127.0.0.1]
Dec 31 11:49:46 mail amavis[12859]: (12859-16) FWD via SMTP: <it@myomain.com> -> <d.nakouzi@myomain.com>,<dawood@myomain.com>,<h.kawass@myomain.com>,<hilal@myomain.com>,<k.jubeily@myomain.com>,<m.othman@myomain.com>,<r.baba@myomain.com>,<r.nawam@myomain.com>,<wafik@myomain.com>,BODY=8BITMIME 250 2.6.0 Ok, id=12859-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D0190AA02B7
Dec 31 11:49:46 mail amavis[12859]: (12859-16) Passed SPAMMY, [212.70.50.179] [98.209.154.224] <it@myomain.com> -> <d.nakouzi@myomain.com>,<dawood@myomain.com>,<h.kawass@myomain.com>,<hilal@myomain.com>,<k.jubeily@myomain.com>,<m.othman@myomain.com>,<r.baba@myomain.com>,<r.nawam@myomain.com>,<wafik@myomain.com>, Message-ID: <0KCQ00HPAGH6WL@ling.atheer.net.sa>, mail_id: EkJj7vpmdfLW, Hits: 11.999, size: 2313, queued_as: D0190AA02B7, 2253 ms
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<d.nakouzi@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<dawood@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<h.kawass@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<hilal@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<k.jubeily@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<m.othman@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<r.baba@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<r.nawam@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/smtp[1767]: 95FE3AA02B6: to=<wafik@myomain.com>, orig_to=<it@myomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.05/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D0190AA02B7)
Dec 31 11:49:46 mail postfix/qmgr[19037]: 95FE3AA02B6: removed
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<d.nakouzi@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<dawood@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<h.kawass@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<hilal@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<k.jubeily@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<m.othman@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<r.baba@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<r.nawam@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/lmtp[1780]: D0190AA02B7: to=<wafik@myomain.com>, relay=mail.myomain.com[192.168.119.4]:7025, delay=0.99, delays=0.05/0.01/0/0.93, dsn=2.1.5, status=sent (250 2.1.5 OK)
Dec 31 11:49:47 mail postfix/qmgr[19037]: D0190AA02B7: removed
Dec 31 11:50:01 mail zimbramon[2847]: 2847:info: 2008-12-31 11:50:01, QUEUE: 0 0 
Dec 31 11:50:02 mail zimbramon[2858]: 2858:info: 2008-12-31 11:50:01, DISK: mail.myomain.com: dev: /dev/sda1, mp: /, tot: 200889, avail: 182518 
Dec 31 11:50:04 mail zmmailboxdmgr[3154]: status requested
Dec 31 11:50:04 mail zmmailboxdmgr[3154]: status OK
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: antispam: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: antivirus: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: ldap: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: logger: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: mailbox: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: mta: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: snmp: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: spell: Running 
Dec 31 11:50:05 mail zimbramon[2863]: 2863:info: 2008-12-31 11:50:01, STATUS: mail.myomain.com: stats: Running 
Dec 31 11:50:42 mail postfix/smtpd[1762]: connect from uslec-66-255-79-114.cust.uslec.net[66.255.79.114]
Dec 31 11:50:42 mail postfix/smtpd[3261]: connect from uslec-66-255-79-114.cust.uslec.net[66.255.79.114]
Dec 31 11:50:44 mail postfix/smtpd[1762]: NOQUEUE: reject: RCPT from uslec-66-255-79-114.cust.uslec.net[66.255.79.114]: 550
    Here is my MTA of global settings configuration

    Code:
    Protocol checks
	Hostname in greeting violates RFC (reject_invalid_hostname) (YES)
	Client must greet with a fully qualified hostname (reject_non_fqdn_hostname) (NO)
	Sender address must be fully qualified (reject_non_fqdn_sender) (YES)
DNS checks
	Client's IP address (reject_unknown_client) (NO)
	Hostname in greeting (reject_unknown_hostname) (NO)
	Sender's domain (reject_unknown_sender_domain) (NO)
    Please note that the time is the spam mail exact time that I checked on the spam folder of my mail address.

    another favor please if you can advice me to the proper way (configuration) to reduce the spam messages

    Cheers,
    Last edited by snake_eyes; 12-31-2008 at 02:48 AM.
    Reply With Quote Reply With Quote
  2. 12-31-2008, 05:54 AM #2
    uxbod's Avatar
    uxbod
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    7,980
    Rep Power
    22

    Default

    Wiki :: Improving Anti-Spam System
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Re-creating the spam training e-mail account
    By richard-hdd in forum Administrators
    Replies: 21
    Last Post: 03-20-2012, 07:34 AM
  2. Errors installing Outlook Connector
    By Tim G in forum Zimbra Connector for Outlook
    Replies: 57
    Last Post: 05-05-2011, 02:27 PM
  3. Upgrade 4.0.3 to 5.0.2 fails in migrate-MailboxGroup.sql
    By pacsteel in forum Installation
    Replies: 7
    Last Post: 02-27-2008, 04:17 PM
  4. Error Installing Outlook Connector
    By DanO in forum Zimbra Connector for Outlook
    Replies: 17
    Last Post: 08-28-2007, 09:35 AM
  5. Spam assassain not traiing properly!
    By Mike T in forum Administrators
    Replies: 1
    Last Post: 10-09-2006, 01:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules