PC used as Spam-Sender

[Oswald-Kolle]

Hey,

I have a big problem! It seems like my Server is used to send Spam-Mails!!
How is that possible?! I thought that I have to login/authentificate as a known user to zimbra so that it's possible to send an email - istn't that true!?

When I look into the Admin-Interface the "sender address"es are NOT users of my machine - how am I able to stop others (foreingers) sending mails via my system???? (currently there are about 14500 Mails in "Active" Mode!!!)

Urgent help needed....

Version 4.0.0 for Debian.

Mario

[dijichi2]

use an external email client outside of the servers subnet to try and send an email through it, or google for open mail relay checker.

sure someone hasn't found a vulnerable php or cgi script?

[Oswald-Kolle]

Well - there is nothing else running.... Just a Zimbra-Installation and a Apache/PHP - but no scripts or something else like that....

So it seems like Zimbra allows an unauthenticated user to send mails? That can't be true - is it?!

[dijichi2]

No, obviously, it's not true.

Well - there is nothing else running.... Just a Zimbra-Installation and a Apache/PHP - but no scripts or something else like that....

Yes, Apache/PHP is a common source of misconfigured and insecure scripts that are used by spammers, particularly if you don't know what you're doing wrt sysadmin.

use an external email client outside of the servers subnet to try and send an email through it, or google for open mail relay checker.

have you done this?

[Oswald-Kolle]

Okay - now I stopped Apache and made a Relay check - no connection was allowed...
But I still get more active and received mails :-(

[marcmac]

CHeck the zimbraMtaAllowedNetworks attribute - if you're on a cable modem, or DSL line, we'll probably set that to the class C of your IP address, which is wrong - change that to be just your IP and the loopback address:
zmprov ms HOSTNAME zimbraMtaMyNetworks "127.0.0.0/8 my.ip.add.ress/32"
zmcontrol stop
zmcontrol start

Quotes are important since there's a space in the value.

[Oswald-Kolle]

Hi Marcmac,

CHeck the zimbraMtaAllowedNetworks attribute - if you're on a cable modem, or DSL line, we'll probably set that to the class C of your IP address, which is wrong - change that to be just your IP and the loopback address:
zmprov ms HOSTNAME zimbraMtaMyNetworks "127.0.0.0/8 my.ip.add.ress/32"
zmcontrol stop
zmcontrol start
Quotes are important since there's a space in the value.

This WORKED for me! Thanks a lot!!

Maybe you should define this as default in the Open Source Version - otherwise many more users would get the same Problem...

Mario

[dijichi2]

gosh, i never even thought about that. sorry for the misinformation.

[Dirk]

CHeck the zimbraMtaAllowedNetworks attribute - if you're on a cable modem, or DSL line, we'll probably set that to the class C of your IP address, which is wrong - change that to be just your IP and the loopback address:
zmprov ms HOSTNAME zimbraMtaMyNetworks "127.0.0.0/8 my.ip.add.ress/32"
zmcontrol stop
zmcontrol start

Quotes are important since there's a space in the value.

I've tried to work out how to view the current value of this setting but cant seem to find it. I'd like to see what it's currently set to on our system before changing it. Also, when you say "your IP..." do you mean the internal or external IP ? or perhaps both ?

[phoenix]

As the zimbra use do 'postconf mynetworks' that will give you the current setting then change it via zmprov.