Results 1 to 3 of 3

Thread: Spam Through WEBMAIL

  1. #1
    dhayes is offline Intermediate Member
    Join Date
    May 2009
    Posts
    15
    Rep Power
    6

    Default Spam Through WEBMAIL

    Hello. We have a NE 5.0.16 server recently upgraded from 5.0.12. All of a sudden we were receiving TONS of spam that appeared to be coming from an internal user. I assumed some sort of spoof and/or backscatter problem. zimbra.log grew to a huge size and we are now blacklisted on several domains. So someone hit us hard.

    I started to suspect that one of our accounts was actually compromised. I then looked at /opt/zimbra/jetty/logs/access_log.2009-05-14 and there were a TON of entries in there listed below:

    10.0.0.170 - - [14/May/2009:03:54:31 -0400] "POST /service/admin/soap/ HTTP/1
    .1" 200 520 "-" "-"
    10.0.0.170 - - [14/May/2009:03:54:31 -0400] "POST /service/admin/soap/ HTTP/1
    .1" 200 520 "-" "-"

    There are tons of these every 20 seconds or so. All the other logs previous to this do not have these. I assume that the account that was "sending" all the spam was compromised and the spammer is using the account for sending spam. Is this possible to send that volume of spam through the Zimbra web interface? Is there a vulnerability somewhere? The passwords are pretty strong so I am surprised it was hacked.

    Thanks for any input

    Dave

  2. #2
    mutuku is offline Active Member
    Join Date
    Jun 2009
    Posts
    49
    Rep Power
    6

    Default

    How did you fix this. I am having a similar issue

  3. #3
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,492
    Rep Power
    56

    Default

    Quote Originally Posted by mutuku View Post
    How did you fix this. I am having a similar issue
    Instead of posting a 'me too' to a thread that's almost three years old how about giving some details of your problem actual problem and what's your definition of 'similar'? There's also threads in the forums that cover the details of what to do if you have a compromised account on the server and other spam problems.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  2. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 10:26 AM
  3. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  4. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  5. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •