Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: [SOLVED] My zimbra server is under spamming attack.

  1. #21
    Crispin is offline Junior Member
    Join Date
    Jun 2008
    Posts
    8
    Rep Power
    6

    Default

    Quote Originally Posted by ght View Post
    Oh, Thanks, Many tasks you've suggested and After applying some of them,I will write the result here.
    But about upgrading, I scare that all mails maybe delete. Is upgrading painless?
    As I'm using community edition, is there possibelity to getting backup from everything, but painless and easy to perform?
    I've made many upgrades with the NE and everything goes fine, the only problem is the slapd.conf.in that it's rewrited on every upgrade, the order things are ok, no mails deletes, no accounts delete. But it's a good idea you make a backup before, this is the first action of a good system administrator ;-)

    Good luck!

  2. #22
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    There are many threads on the forum detailing how to make a backup on community edition, Open Source Edition Backup Procedure - Zimbra :: Wiki has a lot of the best information brought together. A very simple way to do it is to just shutdown the zimbra services, copy /opt/zimbra to say /opt/zimbra-backup and then run your upgrade.
    As long as you are doing an upgrade install all user mail and settings will be migrated, but a lot of manual customizations need to be redone after an upgrade (like changes to slapd.conf)

  3. #23
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    We would be grateful if any further posts about upgrades etc would be via a new thread ... does not quite fit with the OP's original thread post

  4. #24
    ght
    ght is offline Member
    Join Date
    Dec 2008
    Posts
    11
    Rep Power
    6

    Thumbs up

    Thanks Community, this is the power of OpenSource.
    I think my problem is solved, and I came here to say what was the problem and some hints that may help someone.

    First of all, I want to say I think the problem was because my mail server was an open relay. But zimbra is not an open relay by default. it was open relay because of my mistake in configuring it and get my MTA trust a range of IPs that my firewall was in it. I used something like : 192.168.1.0/24 , but I should only trust those servers that I wanted be able to send mail, you should add them in this way : 192.168.1.55/32

    For those people that are under attack and they don't know what is the problem, I suggest a trick. this trick may delete some non-spam emails, but for but it will be so good to have time to find the problem, without people's complain about mail server.

    I used this script and added it in my crontab to delete all mails are similar to spam.
    you can logged in as root and do these:

    Code:
    crontab -e
    then add this line (replace path with your postfix path and "domain.com" with a part in sender/receiver email, for example if spammers send from sub1.domain1.com, sub2.domain1.com, you can only put domain1.com to delete all mails from or to this domain) to the end of the file, save and exit:

    Code:
    * * * * * /opt/zimbra/postfix-2.4.7.5z/sbin/mailq | tail -n +2 | grep -v '^ *(' | gawk 'BEGIN {RS = ""} /domain.com/ {print $1}' | tr -d '*!' | /opt/zimbra/postfix-2.4.7.5z/sbin/postsuper -d - >& /home/queue.log
    this trick will help you to delete all of them in queue and don't let spammers kill your server.

    I hope this help someone.

  5. #25
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Hmmm ... as you say that could delete legitimate emails aswell. Why not just use Wiki :: Postfix Blacklists which are more suitable.

  6. #26
    ght
    ght is offline Member
    Join Date
    Dec 2008
    Posts
    11
    Rep Power
    6

    Default

    Quote Originally Posted by uxbod View Post
    Hmmm ... as you say that could delete legitimate emails aswell. Why not just use Wiki :: Postfix Blacklists which are more suitable.
    only because of time matters, you are right. I have lots of administration tasks

Page 3 of 3 FirstFirst 123

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. zmmailboxdctl is not running !!!!!!
    By olibite in forum Administrators
    Replies: 14
    Last Post: 04-28-2011, 05:50 AM
  2. Error after installation
    By robsontuxlinux in forum Installation
    Replies: 13
    Last Post: 09-11-2008, 09:48 PM
  3. [SOLVED] Why my MTA Cross???
    By fsloke in forum Installation
    Replies: 6
    Last Post: 07-30-2008, 08:55 PM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •