Results 1 to 3 of 3

Thread: Zimbra 6.0.6 - spam originating from localhost

  1. #1
    chenthil is offline Active Member
    Join Date
    Oct 2006
    Location
    India
    Posts
    49
    Rep Power
    8

    Default Zimbra 6.0.6 - spam originating from localhost

    For last last few weeks , we are getting spam originated from our mail server .. It is specially originating from ID : contact@tavas.in where we have deleted this mailbox 1 yr ago .. but still , we can see mail originating from this ID .. it is originating from localhost ... This spamming cause our domain to blocked in several blacklisted sight .. Kindly suggest a way for this ..

    Sep 27 04:27:53 mail postfix/qmgr[15219]: 7E1F832E59A0: from=<contact@tavas.in>, size=4906, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 714C832E617B: from=<contact@tavas.in>, size=4976, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 11A4832E6216: from=<contact@tavas.in>, size=2413, nrcpt=18 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 1F78232E592F: from=<contact@tavas.in>, size=2419, nrcpt=17 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 9DD3A32E5D3E: from=<contact@tavas.in>, size=2321, nrcpt=20 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 9962D32E6048: from=<contact@tavas.in>, size=5422, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 9B48932E57F3: from=<contact@tavas.in>, size=5007, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: D0EC332E6100: from=<contact@tavas.in>, size=5485, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: EA15032E5D49: from=<contracts@tvh.in>, size=700475, nrcpt=1 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 860F232E61A7: from=<contact@tavas.in>, size=5490, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 8281732E5A30: from=<contact@tavas.in>, size=2315, nrcpt=19 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 88DA432E61EA: from=<contact@tavas.in>, size=5051, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: AFBB932E61A6: from=<contact@tavas.in>, size=5488, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: ACA8232E58D2: from=<contact@tavas.in>, size=5506, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: A011D32E61F0: from=<contact@tavas.in>, size=2336, nrcpt=19 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: C341732E5980: from=<contact@tavas.in>, size=5004, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/error[19472]: 860F232E61A7: to=<SEAN8800@TOM.COM>, relay=none, delay=35360, delays=35360/0.04/0/0.03, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/qmgr[15219]: B1BFA32E5F8B: from=<contact@tavas.in>, size=5412, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/error[19475]: 88DA432E61EA: to=<qidanei@eyou.com>, relay=none, delay=35492, delays=35492/0.04/0/0.02, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx2.eyou.com[61.136.58.184] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-10013-AB66F73-C0000000})
    Sep 27 04:27:53 mail postfix/error[19472]: C341732E5980: to=<hang_zi@tom.com>, relay=none, delay=38260, delays=38259/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 61D0132E5A5C: from=<contact@tavas.in>, size=5043, nrcpt=1 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 6829632E5948: from=<contact@tavas.in>, size=5025, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 4CF9432E61C3: from=<contact@tavas.in>, size=4983, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 41FBA32E6186: from=<contact@tavas.in>, size=4983, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/error[19482]: 4CF9432E61C3: to=<zp0220336@eyou.com>, relay=none, delay=36364, delays=36364/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx2.eyou.com[61.136.58.184] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-10013-AB66F73-C0000000})
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 2757532E6128: from=<contact@tavas.in>, size=5503, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 3E9C932E6151: from=<contact@tavas.in>, size=5540, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 5511432E612D: from=<contact@tavas.in>, size=5005, nrcpt=50 (queue active)
    Sep 27 04:27:53 mail postfix/qmgr[15219]: 5F8C732E6197: from=<contact@tavas.in>, size=5519, nrcpt=31 (queue active)
    Sep 27 04:27:53 mail postfix/smtp[19480]: 9B48932E57F3: to=<hao_xing_fu@163.co>, relay=163.co[116.212.117.220]:25, delay=38183, delays=38183/0.07/0.08/0, dsn=4.0.0, status=deferred (host 163.co[116.212.117.220] refused to talk to me: 421 No SMTP service here)
    Sep 27 04:27:53 mail postfix/error[19475]: 41FBA32E6186: to=<zsrschscd@tom.com>, relay=none, delay=36364, delays=36364/0.02/0/0.03, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19472]: 2757532E6128: to=<sdhuvf7384@tom.com>, relay=none, delay=37181, delays=37181/0/0/0.02, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19493]: 5511432E612D: to=<hftogo@tom.com>, relay=none, delay=37419, delays=37419/0.01/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19475]: 41FBA32E6186: to=<zsx2211@tom.com>, relay=none, delay=36364, delays=36364/0.02/0/0.03, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19482]: 3E9C932E6151: to=<sdhr@tom.com>, relay=none, delay=37203, delays=37203/0/0/0.03, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19493]: 5511432E612D: to=<hg1995@tom.com>, relay=none, delay=37419, delays=37419/0.01/0/0.02, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19475]: 41FBA32E6186: to=<zsz.168@tom.com>, relay=none, delay=36364, delays=36364/0.02/0/0.04, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19493]: 5511432E612D: to=<hghhgh@tom.com>, relay=none, delay=37419, delays=37419/0.01/0/0.02, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19475]: 41FBA32E6186: to=<zty-265@tom.com>, relay=none, delay=36364, delays=36364/0.02/0/0.04, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19475]: 41FBA32E6186: to=<zuibang@tom.com>, relay=none, delay=36364, delays=36364/0.02/0/0.04, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/error[19475]: 41FBA32E6186: to=<zuocongquan@tom.com>, relay=none, delay=36364, delays=36364/0.02/0/0.04, dsn=4.0.0, status=deferred (delivery temporarily suspended: host tommx.cdn.163.net[202.108.255.210] refused to talk to me: 554 Policy violation. Email Session ID: {5244BDB9-1003A-AB66F73-C0000001})
    Sep 27 04:27:53 mail postfix/smtp[19467]: 714C832E617B: to=<zili@mail.huptt.zj.cn>, relay=mail.huptt.zj.cn[202.96.111.18]:25, delay=36994, delays=36994/0.03/0.31/0, dsn=4.0.0, status=deferred (host mail.huptt.zj.cn[202.96.111.18] refused to talk to me: 421 No SMTP service here)
    Sep 27 04:27:53 mail postfix/smtp[19498]: ACA8232E58D2: to=<sdsf_652@163.co>, relay=163.co[116.212.117.220]:25, delay=36304, delays=36304/0.14/0.11/0, dsn=4.0.0, status=deferred (host 163.co[116.212.117.220] refused to talk to me: 421 No SMTP service here)
    Sep 27 04:27:53 mail postfix/smtp[19471]: 1F78232E592F: to=<fish206452@sfilc.com>, relay=sfilc.com[208.87.35.103]:25, delay=33949, delays=33948/0.03/0.5/0, dsn=4.0.0, status=deferred (host sfilc.com[208.87.35.103] refused to talk to me: 421 No SMTP service here)
    Sep 27 04:27:53 mail postfix/smtp[19492]: 88DA432E61EA: host lycan.impsat.net.ec[201.234.196.229] refused to talk to me: 421 No SMTP service here

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by chenthil View Post
    For last last few weeks , we are getting spam originated from our mail server .. It is specially originating from ID : contact@tavas.in where we have deleted this mailbox 1 yr ago .. but still , we can see mail originating from this ID .. it is originating from localhost ... This spamming cause our domain to blocked in several blacklisted sight .. Kindly suggest a way for this ..
    Have you looked at any of the forum threads on this topic or on "compromised account"? What have you tried or researched to solve this problem?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    chenthil is offline Active Member
    Join Date
    Oct 2006
    Location
    India
    Posts
    49
    Rep Power
    8

    Default

    Thanks for pointing out .. i will use below URL to block the user ..

    RestrictPostfixSenders - Zimbra :: Wiki

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 44
    Last Post: 04-08-2014, 08:37 AM
  2. from localhost (localhost.localdomain [127.0.0.1])
    By Shrewd in forum Installation
    Replies: 5
    Last Post: 02-03-2013, 09:02 AM
  3. Zimbra 7 OSE, originating IP from Web Mail
    By VS-Francesco in forum Administrators
    Replies: 3
    Last Post: 05-27-2011, 08:46 PM
  4. Replies: 4
    Last Post: 04-26-2011, 11:25 PM
  5. Spam being sent from localhost and strange domain
    By alapierre in forum Administrators
    Replies: 6
    Last Post: 02-01-2010, 12:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •