Results 1 to 10 of 10

Thread: PC used as Spam-Sender

  1. #1
    Oswald-Kolle is offline Loyal Member
    Join Date
    May 2006
    Posts
    83
    Rep Power
    9

    Default PC used as Spam-Sender

    Hey,

    I have a big problem! It seems like my Server is used to send Spam-Mails!!
    How is that possible?! I thought that I have to login/authentificate as a known user to zimbra so that it's possible to send an email - istn't that true!?

    When I look into the Admin-Interface the "sender address"es are NOT users of my machine - how am I able to stop others (foreingers) sending mails via my system???? (currently there are about 14500 Mails in "Active" Mode!!!)

    Urgent help needed....

    Version 4.0.0 for Debian.

    Mario

  2. #2
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    use an external email client outside of the servers subnet to try and send an email through it, or google for open mail relay checker.

    sure someone hasn't found a vulnerable php or cgi script?

  3. #3
    Oswald-Kolle is offline Loyal Member
    Join Date
    May 2006
    Posts
    83
    Rep Power
    9

    Default

    Well - there is nothing else running.... Just a Zimbra-Installation and a Apache/PHP - but no scripts or something else like that....

    So it seems like Zimbra allows an unauthenticated user to send mails? That can't be true - is it?!

  4. #4
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    No, obviously, it's not true.

    Well - there is nothing else running.... Just a Zimbra-Installation and a Apache/PHP - but no scripts or something else like that....
    Yes, Apache/PHP is a common source of misconfigured and insecure scripts that are used by spammers, particularly if you don't know what you're doing wrt sysadmin.

    use an external email client outside of the servers subnet to try and send an email through it, or google for open mail relay checker.
    have you done this?

  5. #5
    Oswald-Kolle is offline Loyal Member
    Join Date
    May 2006
    Posts
    83
    Rep Power
    9

    Default

    Okay - now I stopped Apache and made a Relay check - no connection was allowed...
    But I still get more active and received mails :-(

  6. #6
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default

    CHeck the zimbraMtaAllowedNetworks attribute - if you're on a cable modem, or DSL line, we'll probably set that to the class C of your IP address, which is wrong - change that to be just your IP and the loopback address:
    zmprov ms HOSTNAME zimbraMtaMyNetworks "127.0.0.0/8 my.ip.add.ress/32"
    zmcontrol stop
    zmcontrol start

    Quotes are important since there's a space in the value.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  7. #7
    Oswald-Kolle is offline Loyal Member
    Join Date
    May 2006
    Posts
    83
    Rep Power
    9

    Default

    Hi Marcmac,

    Quote Originally Posted by marcmac
    CHeck the zimbraMtaAllowedNetworks attribute - if you're on a cable modem, or DSL line, we'll probably set that to the class C of your IP address, which is wrong - change that to be just your IP and the loopback address:
    zmprov ms HOSTNAME zimbraMtaMyNetworks "127.0.0.0/8 my.ip.add.ress/32"
    zmcontrol stop
    zmcontrol start
    Quotes are important since there's a space in the value.
    This WORKED for me! Thanks a lot!!

    Maybe you should define this as default in the Open Source Version - otherwise many more users would get the same Problem...

    Mario

  8. #8
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    gosh, i never even thought about that. sorry for the misinformation.

  9. #9
    Dirk's Avatar
    Dirk is offline Moderator
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    10

    Default

    Quote Originally Posted by marcmac
    CHeck the zimbraMtaAllowedNetworks attribute - if you're on a cable modem, or DSL line, we'll probably set that to the class C of your IP address, which is wrong - change that to be just your IP and the loopback address:
    zmprov ms HOSTNAME zimbraMtaMyNetworks "127.0.0.0/8 my.ip.add.ress/32"
    zmcontrol stop
    zmcontrol start

    Quotes are important since there's a space in the value.
    I've tried to work out how to view the current value of this setting but cant seem to find it. I'd like to see what it's currently set to on our system before changing it. Also, when you say "your IP..." do you mean the internal or external IP ? or perhaps both ?

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    As the zimbra use do 'postconf mynetworks' that will give you the current setting then change it via zmprov.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  2. Spam being scored with BAYES_00
    By flyerguybham in forum Administrators
    Replies: 6
    Last Post: 04-24-2007, 12:07 PM
  3. How to check if spam training is working?
    By tbovingdon in forum Administrators
    Replies: 1
    Last Post: 03-13-2007, 05:57 AM
  4. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM
  5. Spam questions 3.11
    By cdyer in forum Administrators
    Replies: 10
    Last Post: 05-22-2006, 10:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •