Since a few days I recognized something strange happening with the stats. They are showing that a huge amount of mail is sent via lmtp or smtp, e.g about 6000 mails in one hour.

Attachment 6346

I think thats quite a lot for 22 user accounts.

I don't have an open relay. Trusted MTA-Networks are 127.0.0.1/8 and 192.168.0.101/32 (zimbra host).

I checked the logs for a compromised account with this:
Code:
tail -n 100000 /var/log/mail.log | grep "sasl_username=" > /tmp/smtpauthlogins.txt
I found nothing strange. Only 2 logins by admin.

So this pointed nothing out I added the
Code:
always_bcc = name@tld.de
to /opt/zimbra/postfix-2.10.2.2z/conf/main.cf to see all traffic. But everything seems to be finde, I don't see any SPAM.

Also the daily mail reports show nothing uncommon.

Has anyone an idea where this huge amount of mails comes from?

Thanks for any suggestions.