Results 1 to 7 of 7

Thread: thousands of mail in mail queues why

  1. #1
    stenlylee is offline Junior Member
    Join Date
    Apr 2009
    Posts
    5
    Rep Power
    6

    Unhappy thousands of mail in mail queues why

    from yesterday, when I login to admin UI, I found these's always thousands of mail in mail queues,both deferred and active, and the sender and receiver are not my domain.

    where these mail come from? how to stop dealing with these spam?

    I do these things below, but do not take effect
    1. change ssh password
    2. disable ssh port
    3. lock all user in zimbra except admin
    4. disable all port except 25/80/7071

    thx for any help

  2. #2
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    440
    Rep Power
    5

    Default

    After all that, you still need to purge the queue.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  3. #3
    stenlylee is offline Junior Member
    Join Date
    Apr 2009
    Posts
    5
    Rep Power
    6

    Unhappy

    thanks for reply

    of cource, when I finished each step I metioned, I purge the queue by hand, but after a few minutes, there are thousands of mail in the queues again...

  4. #4
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    440
    Rep Power
    5

    Default

    Then I guess until you get a handle on what's going on, you need to pull the network cable. And then review your logs.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  5. #5
    stenlylee is offline Junior Member
    Join Date
    Apr 2009
    Posts
    5
    Rep Power
    6

    Default

    Quote Originally Posted by lytledd View Post
    Then I guess until you get a handle on what's going on, you need to pull the network cable. And then review your logs.

    Doug
    which log I can find the problem? what I need to find in logs? some log is more than 400M, I don't know find what to locate the problem.

  6. #6
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    440
    Rep Power
    5

    Default

    The logs that you need to deal with are:

    /var/log/zimbra.log
    /var/log/mail.info
    /opt/zimbra/log/audit.log
    /opt/zimbra/log/mailbox.log

    And any of their associated compressed .tgz files. I'm running under Ubuntu and have mc (Midnight Commander) installed. Makes it easy to view compressed files.

    You can search most logs for auth or failed to give you an idea which account was compromised. Usually brute forced accounts will have lots of failed.

    You should also be able to see what account is being used to authenticate to your mail server when sending spam. Since you said you've changed all password except the admin password, my guess is that the admin account is the one being used.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  7. #7
    alessandro.motta is offline Trained Alumni
    Join Date
    Oct 2010
    Posts
    43
    Rep Power
    4

    Default

    I think maybe your Zimbra server has the MTA authentication disabled, so with the port 25 opened every spammer is able to send emails.
    This could be verified in the admin console under the server -> MTA tab or under the global config -> MTA tab.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 04-10-2011, 09:14 AM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Problem with Postfix and MTA
    By ZMilton in forum Administrators
    Replies: 16
    Last Post: 04-16-2008, 06:47 AM
  4. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM
  5. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •