Results 1 to 3 of 3

Thread: Moved to Zimbra for security, but still under attack?

  1. #1
    jeffls is offline Junior Member
    Join Date
    May 2011
    Posts
    5
    Rep Power
    3

    Exclamation Moved to Zimbra for security, but still under attack?

    Hello all. I moved to Zimbra open source edition after our other email server came under attack and was spamming massively, despite all my efforts to lock it down...

    I just finished setting up Zimbra and have only made one account to see how things work. I went into the Admin Console and I already see tons of messages trying to go out... how is this possible?

    More importantly, how do I stop them?

    All of the fields in "Sender" just say "mailer-daemon".

    I have not created any other accounts, have not written any messages on the one account I did make, and I have migrated no data to this server from the old one.

    Can anyone tell me what is going on? Right now there are 80+ messages trying to go out. And the server has been live for about 20 minutes.

  2. #2
    Krishopper is offline Dedicated Member
    Join Date
    Dec 2006
    Location
    Minneapolis MN
    Posts
    775
    Rep Power
    9

    Default

    The best thing would be to get the mail queue-id for one of the messages and trace through the log files to see if it is targeting a certain account or set of accounts, and see if there is a relay setting that isn't right somewhere.

    If you'd like some help, PM me and I can help you have a look.
    01 Networks, LLC / Cybernetik.net
    Zimbra NE and OSS Cloud Hosting
    Shared Web Hosting
    Consulting Services

  3. #3
    Jorgeos is offline Member
    Join Date
    Sep 2010
    Posts
    12
    Rep Power
    4

    Default

    Hi,
    as per this:
    All of the fields in "Sender" just say "mailer-daemon".
    it seems like backscatters - that means that your zcs receive email (ZCS close SMTP connection to the remote MTA server) which is spam (or recipient doesn't exists or any other reason - it will be described in your logs) and after antispam/antivirus check in after-queue ZCS realize that this email shouldn't be delivered, so ZCS will generate DSN and send it to (faked - all or at least most of spams have faked headers) MAIL FROM address.

    Send logs as already suggested to see details.

    Jorgeos
    Release 7.1.1_GA_3196.RHEL5_64_20110527001604 RHEL5_64 NETWORK edition.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra Admin Interface issue
    By Jack_Redington in forum Administrators
    Replies: 9
    Last Post: 08-04-2012, 04:51 AM
  2. [SOLVED] Clamav problem ? What's happening ?
    By aNt1X in forum Installation
    Replies: 23
    Last Post: 02-14-2008, 05:43 AM
  3. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •