Results 1 to 3 of 3

Thread: SPAM attack through the SOAP protocol??

  1. #1
    guillotte is offline Starter Member
    Join Date
    Oct 2010
    Posts
    3
    Rep Power
    4

    Question SPAM attack through the SOAP protocol??

    SPAM attack through the SOAP protocol??.
    The IP is not in trusted_networks.


    Here I copy a sequence of actions
    /opt/zimbra/log/mailbox.log


    2013-04-04 05:05:00,432 INFO [btpool0-3://localhost/service/soap/GetInfoRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - GetInfoRequest
    2013-04-04 05:05:01,152 INFO [btpool0-3://localhost/service/soap/SearchRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - SearchRequest
    2013-04-04 05:05:02,677 INFO [btpool0-3://localhost/service/soap/GetAvailableSkinsRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - GetAvailableSkinsRequest
    2013-04-04 05:05:58,431 INFO [btpool0-2://localhost/service/soap/SearchRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - SearchRequest
    2013-04-04 05:06:42,977 INFO [btpool0-0://localhost/service/soap/SendMsgRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - SendMsgRequest
    2013-04-04 05:06:42,999 INFO [btpool0-0://localhost/service/soap/SendMsgRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] smtp - Sending message to MTA at srv-mail.test.com: Message-ID=<746491801.6.1365062802996.JavaMail.root@srv-mail.test.com>, replyType=r
    2013-04-04 05:07:10,551 INFO [btpool0-3://localhost/service/soap/SendMsgRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - SendMsgRequest
    2013-04-04 05:07:57,920 INFO [btpool0-0://localhost/service/soap/SendMsgRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - SendMsgRequest
    2013-04-04 05:07:57,943 INFO [btpool0-0://localhost/service/soap/SendMsgRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] smtp - Sending message to MTA at srv-mail.test.com: Message-ID=<115923247.12.1365062877940.JavaMail.root@srv-mail.test.com>, replyType=r
    2013-04-04 05:13:09,506 INFO [btpool0-0://localhost/service/soap/SendMsgRequest] [name=atencionalcliente@test.com;mid=302;ip=94.78.8 4.35;ua=zclient/6.0.16_GA_2998;] soap - SendMsgRequest
    2013-04-04 05:13:09,934 INFO [LmtpServer-516] [name=atencionalcliente@test.com;mid=302;ip=10.100. 48.2;] mailop - Adding Message: id=36762, Message-ID=<20130404081209.EECF3198E75F@smtp-bsf2.o1.com>, parentId=36723, folderId=2, folderName=Inbox.


    I stopped for now with this:

    blacklist_from atencionalcliente@test.com

    body LOCAL_RULE /IMPORTANT CONSIGNMENT DELIVERY/ #this is subject of message
    score LOCAL_RULE 5.5



    Is there any fix or settings to prevent this exploit

    Thanks.

  2. #2
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    find out who has mailbod id 302 and change their password the attacker is usding that

  3. #3
    vavai's Avatar
    vavai is offline Special Member
    Join Date
    May 2007
    Location
    Indonesia
    Posts
    149
    Rep Power
    8

    Default

    And to prevent this exploit, enforce strong password combination for all users (set it out via Class of Services | advanced) and then enforce all user to change their password
    Best Regards
    ---
    Masim "Vavai" Sugianto
    Zimbra Tutorial
    Personal Blog [ID]

    Release 8.0.6_GA_5922.SLES11_64_20131203103702 SLES11_64 FOSS edition.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Help] Spam Attack in my ZIMBRA sever.
    By wcpon in forum Administrators
    Replies: 7
    Last Post: 11-06-2012, 12:00 AM
  2. removing .msg files directly after spam "attack"
    By ecobrazim in forum Administrators
    Replies: 2
    Last Post: 04-25-2012, 04:55 AM
  3. spam attack!
    By BrianA in forum Administrators
    Replies: 3
    Last Post: 06-07-2008, 04:23 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •