Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Mailbox are getting hacked...Need Urgent helppppp

  1. #11
    chandu is offline Elite Member
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    I am refereing below link :

    ZIMBRA SMTP AUTH problem


    Here I want to enable reject_sender_login_mismatch but in my configuration,
    file is /opt/zimbra/conf/ldap-scm.cf...But in this post it is showing to modify
    /opt/zimbra/conf/ldap-slm.cf. Do we need to create this file manually...????
    Last edited by chandu; 04-24-2012 at 08:33 AM.

  2. #12
    chandu is offline Elite Member
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    I am thinking to do this setting base on below post from Raj :

    Hacked account sending spam

    So please guide ..will this be useful ??

  3. #13
    chandu is offline Elite Member
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    guys...
    it will be great if you respond to my post # 11...our mail server got blacklisted and offcourse we are under pressure...need your support ...

  4. #14
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    allright - first of all

    youre in the wrong log - the audit log tells you who has authenticated but that doenst help us you probably see only your own regular accesses


    so that said how to find the intruder - ahm we have to find the mailbox which is cracked - by message log or whatever

    once you know your mailbox grep the logs searching for all event related to it and put it in a new log files

    this is easy by something like
    cat *.log |grep mailboxidentifier > newlog.txt
    this gonna help you to see what going on
    then - you look for the ip adresses accessing this mailbox - and try to find out which one are the bad one (like if its comming from china its bad


    in addition some questions -
    1. are those mails sended out in the sent emails folder of that account?
    2. which networks does your zimbra smtp trust (for relay messages)
    3. are those "hacked" accounts used outside your company and if yes where are they used - fixed somewhere in an office and/or on the road
    4. do your customers have to use complexe passwords and can they use only encrypted ssl access or can they also use unencrypted?



    in addition i doubt that a worm is hacking your admin panel - i dont think someone wrote a worm to use the zimbra api - very unlickly


    more possible sources - open relay - bad passwords
    virusproblem at client computers


    btw since youre mentioned it - i see a heavy spike in spams since last friday - so looks like a new bigass mailworm is active

  5. #15
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    btw

    no offense BUT honestly are you serious ?

    you talk about having customers and now youre asking in the forums for - free - instant help ?

    i mean you said its your customers so you make money with it - so why dont you have proper knowlege or why dont you pay for support

    man really if thats your customers means youre in the it business so its exactly your business what you expect from that forum

    really man thats kinda cheap


    anyway iam still gonna help but cmon you need a better solution for the future thats not professional


    ...

    btw that the soap authenticates from your own server is normal totally
    when you use the admin webinterface this is exactly what happens
    youll see another log where you can see the actual user who is using the interface but trust me thats not your issue

    pps: its way harder todo such support trough a forum - it takes only a few minutes with access but doing this as remotesupport by trying to explain what you have todo is not very effective or satisfiying

    see my post above

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 39
    Last Post: 09-04-2012, 11:18 PM
  2. Cant delete mailbox after Upgrade to Zimbra 7.1.3
    By kkimani in forum Administrators
    Replies: 0
    Last Post: 02-13-2012, 04:46 AM
  3. Replies: 210
    Last Post: 01-17-2012, 01:19 AM
  4. server dropped connection
    By ferra in forum Installation
    Replies: 20
    Last Post: 10-06-2008, 04:32 PM
  5. can't you help me
    By iwan siahaan in forum Administrators
    Replies: 6
    Last Post: 12-17-2007, 06:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •