My zimbra is being used to send spam by malicious outsiders!

[uxbod]

Also, if you have a website hosted on the same server as your Zimbra installation check if you are using a form2email script and if so that it has some sort of validation method.

[higeon]

Thank you uxbod and phoenix.
It seems everything is OK after I checked my server by ./chkrootkit and /var/log/secure.
I have deleted all the spam mails in the queue and change the mail account's password that could be compromised.
What I want to know is how I can avoid the same thing if another mail account is compromised in the future.
Is there any measure can be done such as some setting in zimbra or postfix?

[uxbod]

Use complex passwords and ensure that within the Admin GUI you have set that if somebody enters a incorrect password three time the account is locked out.

[higeon]

Quote:

Originally Posted by uxbod

Also, if you have a website hosted on the same server as your Zimbra installation check if you are using a form2email script and if so that it has some sort of validation method.

There is no any website hosted on my zimbra server.

[phoenix]

Quote:

Originally Posted by higeon

What I want to know is how I can avoid the same thing if another mail account is compromised in the future.
Is there any measure can be done such as some setting in zimbra or postfix?

There's nothing you can do against an account being compromised except to use strong passwords and set them to expire regularly and make sure you enforce the policy, users don't like that but in the interests of safety for your server (and users) you must set and follow good practice.

[higeon]

Is it possible to set zimbra/postfix to restrict the number of sending mails in one connection or restrict the number of mails can be sent in a period of time such as a minute?

And can it be restricted that the "from" mail addresses of the sending mails must be my domain's accounts?

[uxbod]

You could use something like PolicyD to limit the amount of emails sent.