We notice there is a huge jump in the amount of emails/spams (10x) from the zimbra daily mail report. We notice that there are a huge number of message delivery going to .it domains and huge number of messsage received from cartabcc.it.
Is there a way to block .it domains in Zimbra or even just to mark them as spam? And is there a way to block non-member domain from using Zimbra to send out emails?
Also, the top sender is from firstname.lastname@example.org, which is not even from our email accounts. Thus, we suspect that one of our PCs might be infected. Is there a way to identity the IP address of the PC that is using email@example.com to send out emails thru Zimbra?
How do you guys proceed in resolving such issues?