Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page How to control spamming completely

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-04-2009, 02:14 PM
Senior Member
  
Posts: 59
Default How to control spamming completely
Fellows,



I spammer was able to break through despite the SpamAssassin and AmavisD.

Is there a way that i can do more to block those spammers that arent recognized yet by SpamAssassin or Amavis?

An ISP network admin emailed us that our mail server is suspected to be the source of spam. See below;

================================================== ======

From: "Mrs Linda Susan Spray" <mrs.lindaspray@sbcglobal.net>
To: undisclosed-recipients:;
CC:
Subject: Stop sending money to them...!!
Date: Wed, 3 Jun 2009 23:20:30 -0700
Return-Path: <mrs.lindaspray@sbcglobal.net>
Delivered-To: 1331:mail.com@mail.com
X-Ob-Received: from unknown (192.168.10.30) by 66.11.168.192.in-addr.arpa; 3 Jun 2009 22:33:22 -0000
Received: from as2-2.us4.outblaze.com (as2-2.us4.outblaze.com [127.0.0.1]) by as2-2.us4.outblaze.com (Postfix) with ESMTP id 116B1A50050 for <"1331:mail.com"@mail.com>; Wed, 3 Jun 2009 22:33:23 +0000 (GMT)
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on as2-2.us4.outblaze.com
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.0 required=6.0 tests=CMAE_1 shortcircuit=spam autolearn=disabled version=3.2.5
X-Spam-Cmae-Analysis: v=1.0 c=0 p=sHHLg3IM2hoGtoGvVgAA:9 a=8pUiMh0fzckA:10 a=8da1oD9WnRMA:10 a=PHnGcDMDf2ZQNkg42j1XSA==:17 a=HZJGGiqLAAAA:8 a=CjxXgO3LAAAA:8 xcat=Undefined/Undefined
Received: from as2-2.us4.outblaze.com (as2-2.us4.outblaze.com [127.0.0.1]) by as2-2.us4.outblaze.com (Postfix) with SMTP id 05F81A50051 for <"1331:mail.com"@mail.com>; Wed, 3 Jun 2009 22:33:23 +0000 (GMT)
X-Ob-Received: from unknown (192.168.8.68) by as2-4.us4.outblaze.com; 3 Jun 2009 22:33:23 -0000
Received: from mail.mydomain (mail.mydomain [200.138.139.11]) by spf8.us4.outblaze.com (Postfix) with ESMTP id 5DCCA88CB for <1331@mail.com>; Wed, 3 Jun 2009 22:33:20 +0000 (GMT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.mydomain (Postfix) with ESMTP id 59331226BA; Wed, 3 Jun 2009 15:32:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at mail.mydomain
Received: from mail.mydomain ([127.0.0.1]) by localhost (mail.mydomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BAcRTsIvxqIj; Wed, 3 Jun 2009 15:32:18 -0700 (PDT)
Received: from User (unknown [82.128.47.12]) by mail.mydomain (Postfix) with ESMTP id 1B392226D3; Wed, 3 Jun 2009 15:31:03 -0700 (PDT)
Reply-To: <briand113@att.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20090603223106.1B392226D3@mail.mydomain.net>

================================================== ======

What can you say about the info i've quoted?

I believe that the spammer (82.128.47.12) tried to use my Zimbra via relay MTA as its launching pad.

Is there a way where I can block such access via the MTA filter (if such filter exists)..?

What other solutions can you suggest?


REFERENCE:


The original source of spam mail is 82.128.47.12. This is in Nigeria.

------------------------------------------------------------------------
Network Whois record
Queried whois.afrinic.net with "82.128.47.12"...

% Note: this output has been filtered.

% Information related to '82.128.32.0 - 82.128.63.255'

inetnum: 82.128.32.0 - 82.128.63.255
netname: INET-MLTL
descr: CDMA 1x/EVDO Dial up pool
country: NG
admin-c: RIA27
tech-c: RIA27
status: ASSIGNED PA
mnt-by: MLTL-INT-MNT
mnt-lower: MLTL-INT-MNT
source: AFRINIC # Filtered
parent: 82.128.0.0 - 82.128.127.255

person: IP Admin-RIPE
address: Multilinks Telecommunications Limited
address: 231 Adeola Odeku Str.
address: Victoria Island, Lagos, Nigeria
e-mail: ipadmin@multilinks.com
remarks: complaints/spam report : abuse@multilinks.com
phone: +2341774000
nic-hdl: RIA27
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC # Filtered

--------------------------------------------------------------------------

This is the content of the spam mail;

Mrs. Linda Susan Spray - Contract Recovery from Nigeria - Anti-Fraud International
Reply With Quote
  #2 (permalink)  
Old 06-05-2009, 12:34 AM
Moderator
  
Posts: 7,911
Default
Well that is a typical spam to be honest ... Check to ensure that the networks listed are only yours for the MTA
Code:
su - zimbra
zmprov gs `zmhostname` zimbraMtaMyNetworks
You could also perform a remote test aswell Mail relay testing.

With respect to reducing the amount of SPAM then I presume you have read Improving Anti-spam system - Zimbra :: Wiki ? You may also wish to search for the forums for SaneSecurity.
__________________
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.