Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
Hello. We have a NE 5.0.16 server recently upgraded from 5.0.12. All of a sudden we were receiving TONS of spam that appeared to be coming from an internal user. I assumed some sort of spoof and/or backscatter problem. zimbra.log grew to a huge size and we are now blacklisted on several domains. So someone hit us hard.
I started to suspect that one of our accounts was actually compromised. I then looked at /opt/zimbra/jetty/logs/access_log.2009-05-14 and there were a TON of entries in there listed below:
There are tons of these every 20 seconds or so. All the other logs previous to this do not have these. I assume that the account that was "sending" all the spam was compromised and the spammer is using the account for sending spam. Is this possible to send that volume of spam through the Zimbra web interface? Is there a vulnerability somewhere? The passwords are pretty strong so I am surprised it was hacked.
Instead of posting a 'me too' to a thread that's almost three years old how about giving some details of your problem actual problem and what's your definition of 'similar'? There's also threads in the forums that cover the details of what to do if you have a compromised account on the server and other spam problems.
Bugzilla
Wiki
Source
Spam Through WEBMAIL 
Linear Mode
