Internal Mail Attack

**Bufonx** · 11-12-2010, 05:47 AM

Hi Guys, sorry my english

Since a couple of days I'm having a serious problem with two different zimbra servers. I'm receiving internal mails of mailboxs that doesn't exist.

I don't know if is a new "world wide" problem or maybe can be just a internal problem ( i have my dude because the 2 servers are in different places, different nets..but they are the same zimbra version)

If you hear something about this problem..please post!!

Regards

Eduardo Campbell

**phoenix** · 11-12-2010, 06:54 AM

You should update your forum profile with the output of the following command (do not post the output in this thread):

Code:

zmcontrol -v

Originally Posted by Bufonx

Hi Guys, sorry my english

Since a couple of days I'm having a serious problem with two different zimbra servers. I'm receiving internal mails of mailboxs that doesn't exist.

I don't know if is a new "world wide" problem or maybe can be just a internal problem ( i have my dude because the 2 servers are in different places, different nets..but they are the same zimbra version)

If you hear something about this problem..please post!!

You need to post the headers of some of the spam emails and you should post some of the entries from your log files that show where this spam is coming from.

I'll also move this to the correct forum as it's not a Zimbra Desktop question.

**Bufonx** · 11-12-2010, 08:17 AM

Return-Path: hillduzyru57@senzablog.it
Received: from mail.ajax.cl (LHLO mail.ajax.cl) (192.168.2.3) by
mail.ajax.cl with LMTP; Fri, 12 Nov 2010 13:13:38 -0300 (CLST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.ajax.cl (Postfix) with ESMTP id F080B1A72C4;
Fri, 12 Nov 2010 13:13:37 -0300 (CLST)
X-Quarantine-ID: <mHHNpAeUzzBb>
X-Virus-Scanned: amavisd-new at mail.ajax.cl
X-Amavis-Alert: BAD HEADER SECTION, Header field occurs more than once: "Cc"
occurs 3 times
X-Spam-Flag: NO
X-Spam-Score: 2.464
X-Spam-Level: **
X-Spam-Status: No, score=2.464 tagged_above=-10 required=6.6
tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
RCVD_IN_PBL=0.905, RDNS_NONE=0.1] autolearn=no
Received: from mail.ajax.cl ([127.0.0.1])
by localhost (mail.ajax.cl [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id mHHNpAeUzzBb; Fri, 12 Nov 2010 13:13:36 -0300 (CLST)
Received: from [89.123.211.94] (unknown [89.123.211.94])
by mail.ajax.cl (Postfix) with ESMTP id 6AF2F1A72C1
for <nelly_rojas@ajax.cl>; Fri, 12 Nov 2010 13:13:35 -0300 (CLST)
Received: from [119.87.43.145] (helo=dcsgnwqnl.giuekzcn.tv)

**xtim0x** · 11-12-2010, 08:50 AM

Hello BufonX im having the same problem here.

Im using Release 5.0.23_GA_3242.UBUNTU6 UBUNTU6 FOSS edition
in ubuntu 6.

Are you from chile? This is attacking my internal network.

Code:

Return-Path: hillduzyru57@duecisrl.it
Received: from mail.tvi.cl (LHLO mail.tvi.cl) (192.168.169.33) by
 mail.tvi.cl with LMTP; Fri, 12 Nov 2010 09:05:21 -0300 (CLST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail.tvi.cl (Postfix) with ESMTP id 2D87E1F38004;
	Fri, 12 Nov 2010 09:05:21 -0300 (CLST)
X-Quarantine-ID: <1dMJ3uHuqPOj>
X-Virus-Scanned: amavisd-new at mail.tvi.cl
X-Amavis-Alert: BAD HEADER, Header field occurs more than once: "Cc" occurs 3
	times
X-Spam-Flag: NO
X-Spam-Score: 0.818
X-Spam-Level: 
X-Spam-Status: No, score=0.818 tagged_above=-10 required=6.6
	tests=[BAYES_20=-0.74, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
	RDNS_NONE=0.1]
Received: from mail.tvi.cl ([127.0.0.1])
	by localhost (mail.tvi.cl [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 1dMJ3uHuqPOj; Fri, 12 Nov 2010 09:05:04 -0300 (CLST)
Received: from [118.221.132.75] (unknown [118.221.132.75])
	by mail.tvi.cl (Postfix) with ESMTP id 8AA3F1F38008
	for <admin@tvi.cl>; Fri, 12 Nov 2010 09:05:04 -0300 (CLST)
Received: from [172.106.132.19] (account turnerfocomu74@collinemoreniche.it HELO xbwiaowafztgg.bqhhtdauvcqmcz.com)
	by  (CommuniGate Pro SMTP 5.2.3)
	with ESMTPA id 981620579 for <admin@tvi.cl>
Cc: <awuba666@tvi.cl>, <postmaster@tvi.cl>, <root@tvi.cl>,
	<wiki@tvi.cl>, <xrnx4u9lj4wy@tvi.cl>;, Fri@mail.tvi.cl,
	12@mail.tvi.cl, Nov@mail.tvi.cl, 2010@mail.tvi.cl,
	"21:08:13"@mail.tvi.cl, +0900@mail.tvi.cl
From: <admin@tvi.cl>
Cc: <awuba666@tvi.cl>,
	<postmaster@tvi.cl>,
	<root@tvi.cl>,
	<wiki@tvi.cl>,
	<xrnx4u9lj4wy@tvi.cl>
To: <admin@tvi.cl>
Cc: <awuba666@tvi.cl>,
	<postmaster@tvi.cl>,
	<root@tvi.cl>,
	<wiki@tvi.cl>,
	<xrnx4u9lj4wy@tvi.cl>
Subject: iHola!
Date: Fri, 12 Nov 2010 21:08:13 +0900
MIME-Version: 1.0
Content-Type: text/html
	charset="us-ascii"
X-Priority: 3
X-Mailer: dluhwpnxva-89
Message-ID: <4064129394.6TPGXAJ3685061@wivjwnbouoaxv.gibayrxqll.net>
Content-Transfer-Encoding: quoted-printable

**Bufonx** · 11-12-2010, 10:24 AM

Yeah!..I'm from Chile...

I'm searching for news about that error...if you have a solution please post it, i'll do the same

Regards

**xtim0x** · 11-13-2010, 08:12 AM

Any ideas from here? i dont know if this is a virus or is server side

Zimbra

Thread: Internal Mail Attack

LinkBack

Thread Tools

Search Thread

Display

Internal Mail Attack

this is one of the email headers

Thread Information

Users Browsing this Thread

Similar Threads

Problems with port 25

Post install : Zimbra start up is taking upwards of 10 minutes

[SOLVED] Upgraded to 5.0 OSS - Sendmail Problem

Issues...

fresh install down may be due to tomcat

Posting Permissions