I setup a whitelist for my domain by adding a -10.0 rule in /opt/zimbra/conf/amavid.conf
Not knowing any better, I also whitelisted it through /opt/zimbra/conf/salocal.cf.in using "whitelist_from *@mydomain.com"
I did this because, for some reason some of my linux system reports were being flagged as spam (including the one that was coming from my Zimbra server).
Now all of my system reports are coming through, but I have spam that fakes the from: address coming through as well. In other words, I have a spammer that's connecting to my server and using valid to: email addresses and using one of my valid email addresses as the from: field. I looked at the message body and it's definitely coming from outside my environment (italy and brazil so far).
Did I overkill with one of those whitelist rules? Is there a way to prevent this from happening?