Spam problem

[GaryC]

I have hundreds of thousands of e-mails from the same address, when I look at /opt/Zimbra/data/postfix/spool/incoming and active. These are killing my e-mail server so the the users can not get e-mails.
I am at a loss as to what I need to do I have searched the forums but am not finding what I need.

I added the address to the salocal.cf.in as a blacklist line and restarted the zmamavisdctl. This did not seem to help.

I have attached a copy of the message including header. How do I get this problem fixed so that e-mail will start flowing again?

I can only access the zimbra from the server it self as I do not know what the password is for the Zimbra online console is.

However I have root access and can su as zimbra.

Please someone point me to somthing that may help.

Thanks
GC

[mtorres]

can you zmcontrol stop and go to /opt/Zimbra/data/postfix/spool/incoming and active and rm -rf all of the spams and start zimbra again?

[uxbod]

Quote:

Originally Posted by mtorres

can you zmcontrol stop and go to /opt/Zimbra/data/postfix/spool/incoming and active and rm -rf all of the spams and start zimbra again?

And delete valid email aswell

Check the headers and see whether the connecting IP is a valid MTA or not ... Why not just block it at your perimeter ?

[y@w]

Quote:

Originally Posted by uxbod

And delete valid email aswell

Check the headers and see whether the connecting IP is a valid MTA or not ... Why not just block it at your perimeter ?

Agreed. If they're only coming from one IP, it's much better to stop these messages as far away from your server as possible.

[GaryC]

I had already blocked at the perimeter. but had thousands of e-mails already on the server that were trying to resend to other e-mail address. I had to empty the defer, deferred, active, and incoming directories for the problem to stop.

Does'nt antispam on Zimbra prevent this spam storm problems?

[mtorres]

Quote:

Originally Posted by uxbod

And delete valid email aswell

Check the headers and see whether the connecting IP is a valid MTA or not ... Why not just block it at your perimeter ?

Yeah, that is the best, just block it at the firewall. But, I was in a jam one time like the o.p and I had to empty the active/incoming etc. folders for mail to start flowing again. Not the best, but it worked for me in a jam.

[mtorres]

Quote:

Originally Posted by GaryC

I had already blocked at the perimeter. but had thousands of e-mails already on the server that were trying to resend to other e-mail address. I had to empty the defer, deferred, active, and incoming directories for the problem to stop.

Does'nt antispam on Zimbra prevent this spam storm problems?

Hi Gary,

zimbra out of the box has some good anti-spam measures, but for me, I have searched the forums and read different wikis on tweaking it. I also blocked most foreign IP's at the firewall (although most spam comes from the U.S, it helped a lot). After just tweaking for a while and using some rbl's I can truthfully say that it is VERY rare if a spam gets through *knocks on wood*.

[uxbod]

Quote:

Originally Posted by GaryC

Does'nt antispam on Zimbra prevent this spam storm problems?

It depends on the type of SPAM ... What RBLs are you using ?