Moved to Zimbra for security, but still under attack?

[jeffls]

Hello all. I moved to Zimbra open source edition after our other email server came under attack and was spamming massively, despite all my efforts to lock it down...

I just finished setting up Zimbra and have only made one account to see how things work. I went into the Admin Console and I already see tons of messages trying to go out... how is this possible?

More importantly, how do I stop them?

All of the fields in "Sender" just say "mailer-daemon".

I have not created any other accounts, have not written any messages on the one account I did make, and I have migrated no data to this server from the old one.

Can anyone tell me what is going on? Right now there are 80+ messages trying to go out. And the server has been live for about 20 minutes.

[Krishopper]

The best thing would be to get the mail queue-id for one of the messages and trace through the log files to see if it is targeting a certain account or set of accounts, and see if there is a relay setting that isn't right somewhere.

If you'd like some help, PM me and I can help you have a look.

[Jorgeos]

Hi,
as per this:

Quote:

All of the fields in "Sender" just say "mailer-daemon".

it seems like backscatters - that means that your zcs receive email (ZCS close SMTP connection to the remote MTA server) which is spam (or recipient doesn't exists or any other reason - it will be described in your logs) and after antispam/antivirus check in after-queue ZCS realize that this email shouldn't be delivered, so ZCS will generate DSN and send it to (faked - all or at least most of spams have faked headers) MAIL FROM address.

Send logs as already suggested to see details.

Jorgeos