Results 1 to 6 of 6

Thread: security problem

  1. #1
    juancanic is offline Junior Member
    Join Date
    Sep 2009
    Posts
    9
    Rep Power
    5

    Angry security problem

    Hi there,

    Mi zimbra server is being used for spam, but I dont know how, I if test from some one mx relay test, the result is relay denied. viewing the logs I found this information:

    2010-09-03 12:10:05,189 INFO [btpool0-53://localhost:7071/service/admin/soap/AuthRequest] [ip=127.0.0.1;] soap - AuthRequest
    2010-09-03 12:10:05,333 INFO [btpool0-53://localhost:7071/service/admin/soap/GetAllServersRequest] [name=zimbra;ip=127.0.0.1;] soap
    - GetAllServersRequest

    I understood from it, that somebody is using the zimbra user and it is masquerading with ip localhost.

    What can I do for to block it, This problem is leaving me crazy!!!

    From my firewall I only have opened the following port: www, dns, smtp, imap4.

    Please help me.

  2. #2
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default

    port 7071 is for the Admin interface.

  3. #3
    juancanic is offline Junior Member
    Join Date
    Sep 2009
    Posts
    9
    Rep Power
    5

    Default

    Quote Originally Posted by jrefl5 View Post
    port 7071 is for the Admin interface.
    yes!, I know that, it is the case, somebody is reaching the web admin interface with the zimbra user. I put a password to this user and the problem still persist.

    I have disabled the admin user and only have one user with this privileges, my user. so when I access to the admin web page I have this log:

    2010-09-03 12:43:09,861 INFO [btpool0-44://192.168.1.X:7071/service/admin/soap/GetLoggerStatsRequest] [name=myuser@domain;m
    id=4;ip=192.168.1.XX;ua=ZimbraWebClient - FF3.0 (Win);] soap - GetLoggerStatsRequest

    I have checked all the computer in my lan (about 15 pcs) with kaspersky antivirus and Malwarebytes' Anti-Malware and I did not found any computer infected.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by juancanic View Post
    yes!, I know that, it is the case, somebody is reaching the web admin interface with the zimbra user. I put a password to this user and the problem still persist.
    You've not actually given any evidence that your server is being used to send spam, why do you think that's happening? What evidence do you have to show mail going through your server? Other than the Admin user login, what other log entries do you have to show that spam is going through your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    juancanic is offline Junior Member
    Join Date
    Sep 2009
    Posts
    9
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    You've not actually given any evidence that your server is being used to send spam, why do you think that's happening? What evidence do you have to show mail going through your server? Other than the Admin user login, what other log entries do you have to show that spam is going through your server.
    I only have about 20 pcs in my Lan, nobody leave the computer turned on in the night and in the middle of the night appear to be sent about 12K email. attached the graph.spam.jpg

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Look in the log files and see what's happening on your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  2. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  3. Security phishing problem with zimbra
    By xusnbb in forum Administrators
    Replies: 16
    Last Post: 11-01-2007, 01:29 PM
  4. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  5. [SOLVED] Small problem stopping zimbra
    By jml75 in forum Administrators
    Replies: 13
    Last Post: 07-13-2006, 08:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •