Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Stopping continuous spam from spammer using Zimbra

  1. #1
    MacKindly is offline Junior Member
    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    2

    Default Stopping continuous spam from spammer using Zimbra

    I get 2 or 3 emails a day from someone using Zimbra.

    How do I get them stopped?

    This is one of the many names used:
    kenvalazquez@yahoo.com;

    How do I report this?

    Thanks
    Macy McFarland

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by MacKindly View Post
    I get 2 or 3 emails a day from someone using Zimbra.

    How do I get them stopped?

    This is one of the many names used:
    kenvalazquez@yahoo.com;

    How do I report this?
    Your question doesn't makes sense to me, you say they are using Zimbra yet the email address you show is a yahoo address - how do you know it's from a Zimbra server? In any case we can't do anything about, these are Community support forums for people using the Zimbra Collaboration Server and we have no control over who sends mail to you. You can try contacting the user and tell them they are sending mail to an incorrect address or report them to yahoo. If those don't work and you still think it's from a Zimbra server you'll need to contact the Administrator of the server and tell them. n
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    MacKindly is offline Junior Member
    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    2

    Default

    Quote Originally Posted by phoenix View Post
    Your question doesn't makes sense to me, you say they are using Zimbra yet the email address you show is a yahoo address - how do you know it's from a Zimbra server? In any case we can't do anything about, these are Community support forums for people using the Zimbra Collaboration Server and we have no control over who sends mail to you. You can try contacting the user and tell them they are sending mail to an incorrect address or report them to yahoo. If those don't work and you still think it's from a Zimbra server you'll need to contact the Administrator of the server and tell them. n
    I have definitely not made myself clear. I will paste below how I know it comes from Zimbra:

    <head> … </head><body style="margin: 0px; overflow: hidden;"><div id="xcnavbar" style="height: 44px; position: relative;"> … </div>
    <!--
    ***** BEGIN LICENSE BLOCK *****
    Zimbra Collaboration Suite Web Client
    Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010 Zimbra, Inc.

    The contents of this file are subject to the Zimbra Public License
    Version 1.3 ("License"); you may not use this file except in
    compliance with the License. You may obtain a copy of the License at
    Licensing for open source server & client technology: enterprise messaging and collaboration software by Zimbra.

    Software distributed under the License is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
    ***** END LICENSE BLOCK *****
    -->
    <script src="/zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz?v=201306050001&skin=velodrome2" type="text/javascript"></script>
    <!-- image overlays and masks -->
    <script> … </script><div style="display:none"> … </div>

    There is more but this identifies the zimbra connection. I get 2 or 3 emails a day with this type of content:


    Dear Macy

    I'm emailing this morning to make sure and make sure you got the earlier box

    Shipments fleetly transferred to ((((MY ADDRESS GOES HERE, I WON'T PUT IT ON THIS THREAD.)))))#
    https://docs.google.com/a/qjehf.org/...xndhI4XRzp0nfU

    I have never gone to or opened the link for obvious reasons.

    I would like very much to find out who is doing this and report them and since it is coming from your server I thought you could help me.

    Macy

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by MacKindly View Post
    I have definitely not made myself clear. I will paste below how I know it comes from Zimbra:
    I don't doubt that you're getting spam but that information doesn't actually prove it's coming from Zimbra, what you've posted could from a spoofed email. You need to post the headers from one of these emails so we can see where it's actually come from.

    Quote Originally Posted by MacKindly View Post
    I have never gone to or opened the link for obvious reasons.
    The link takes to a page that doesn't exist.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    MacKindly is offline Junior Member
    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    2

    Default

    Here is the header:

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <!--
    launchZCS.jsp
    * ***** BEGIN LICENSE BLOCK *****
    * Zimbra Collaboration Suite Web Client
    * Copyright (C) 2007, 2008, 2009, 2010 Zimbra, Inc.
    *
    * The contents of this file are subject to the Zimbra Public License
    * Version 1.3 ("License"); you may not use this file except in
    * compliance with the License. You may obtain a copy of the License at
    * Licensing for open source server & client technology: enterprise messaging and collaboration software by Zimbra.
    *
    * Software distributed under the License is distributed on an "AS IS"
    * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
    * ***** END LICENSE BLOCK *****
    -->

    <meta http-equiv="Content-Type" content="text/html;charset=utf-8">

    <title>XFINITY Connect</title>
    <link href="/zimbra/css/images,common,dwt,msgview,login,zm,spellcheck,wiki ,skin.css?v=201306050001&debug=&skin=velodrome2&lo cale=en_US" rel="stylesheet" type="text/css" />

    <link rel="SHORTCUT ICON" href="/zimbra/img/logo/favicon.ico">
    <script>
    appContextPath = "/zimbra";
    appCurrentSkin = "velodrome2";
    appExtension = ".zgz";
    appDevMode = false;

    function purl(name, temp_string ) {
    name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
    var regexS = "[\\?&]"+name+"=([^&#]*)";
    var regex = new RegExp( regexS );
    var results = regex.exec( temp_string );
    if( results == null )
    return "";
    else

    At least I think that's the header. It's what I seen when I select inspect elements.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by MacKindly View Post
    At least I think that's the header. It's what I seen when I select inspect elements.
    No, they aren't the headers - the headers will have the servers & IP addresses that the message has travelled through to get to your Inbox. Which mail client are you using?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    MacKindly is offline Junior Member
    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    2

    Default

    Comcast.net

  8. #8
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by MacKindly View Post
    Comcast.net
    That's an ISP not a mail client. So you're using the Zimbra web client at comcast? If that's the case, right-click on the offending message and the show original. That should open a new windows with all the header details, post the output here or as an attachment.

    BTW, you can actually mark the offending messag as spam in your account. Have you also seen the comcast help pages for information and their help contact details? You might want to consider raising a support case about this problem with them.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    MacKindly is offline Junior Member
    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    2

    Default

    I'm having trouble using this site. I can't attach so I am pasting in 2 of the "original" info on 2 of the latest offending emails.
    #1
    Return-Path: dzuro_acycul@outlook.com
    Received: from imta15.emeryville.ca.mail.comcast.net (LHLO
    imta15.emeryville.ca.mail.comcast.net) (76.96.30.54) by
    sz0094.ev.mail.comcast.net with LMTP; Tue, 23 Jul 2013 16:05:35 +0000 (UTC)
    Received: from bay0-omc3-s12.bay0.hotmail.com ([65.54.190.150])
    by imta15.emeryville.ca.mail.comcast.net with comcast
    id 3s581m01k3F8ZN90Fs5ArM; Tue, 23 Jul 2013 16:05:11 +0000
    X-CAA-SPAM: F00000
    X-Authority-Analysis: v=2.1 cv=Z5nVQhhA c=1 sm=1 tr=0
    a=JV4g2NKsuDA6iz2aghzVEQ==:117 a=69EAbJreAAAA:8 a=C_IRinGWAAAA:8
    a=lS0MHldHvS4A:10 a=NjhsZR-YDaAA:10 a=8bfIwU_fodYA:10 a=UqCG9HQmAAAA:8
    a=PANiQGwSDJYA:10 a=2Lp1bJXXAAAA:20 a=TQlhhMDmAAAA:8 a=TrrEpgCsuN2aqTlwFX0A:9
    a=wPNLvfGTeEIA:10 a=MKvGKtbK8rwA:10 a=3SqkVup8G8YA:10 a=aoVNXPjDAAAA:8
    a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10
    Received: from BAY175-W18 ([65.54.190.187]) by bay0-omc3-s12.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Tue, 23 Jul 2013 09:05:08 -0700
    X-TMN: [S69gZGNvumK9dg/0RBiM+Xz9hcQBhCVE]
    X-Originating-Email: [dzuro_acycul@outlook.com]
    Message-ID: <BAY175-W18DFF039A4F43A748F9B37F46F0@phx.gbl>
    Return-Path: dzuro_acycul@outlook.com
    Content-Type: multipart/alternative;
    boundary="_28d469d1-2bbe-4598-9a3b-e91991c925e6_"
    From: Mariquilla Dzuro <dzuro_acycul@outlook.com>
    To: <macymcfarland@comcast.net>
    Subject: Re-ship paid system
    Date: Tue, 23 Jul 2013 16:05:08 +0000
    Importance: Normal
    MIME-Version: 1.0
    X-OriginalArrivalTime: 23 Jul 2013 16:05:08.0799 (UTC) FILETIME=[675CBCF0:01CE87BE]

    --_28d469d1-2bbe-4598-9a3b-e91991c925e6_
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    Dear Macy


    I'm emailing this morning to make sure and make sure you got the earlier b=
    ox=20


    Shipments fleetly transferred to 525 Brown St. Healdsburg.)#

    https://docs.google.com/a/qjehf.org/...HiHNhpM920oBo=
    VED3PXfqpxndhI4XRzp0nfU
    =

    --_28d469d1-2bbe-4598-9a3b-e91991c925e6_
    Content-Type: text/html; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    <html>
    <head>
    <style><!--
    .hmmessage P
    {
    margin:0px=3B
    padding:0px
    }
    body.hmmessage
    {
    font-size: 12pt=3B
    font-family:Calibri
    }
    --></style></head>
    <body class=3D'hmmessage'><div dir=3D'ltr'>Dear Macy<br><br>
    I'm emailing this morning to make sure and make sure you got the earlier b=
    ox <br><br>
    Shipments fleetly transferred to 525 Brown St. Healdsburg.)#<br>
    <a href=3D"https://docs.google.com/a/kthvcy.org/document/pub?id=3D1x9Cuzz7H=
    iHNhpM920oBoVED3PXfqpxndhI4XRzp0nfU&ndplr=3D1&sdhw =3D4peocuxa">https://docs=
    .google.com/a/qjehf.org/document/pub?id=3D1x9Cuzz7HiHNhpM920oBoVED3PXfqpxnd=
    hI4XRzp0nfU</a>
    </div></body>
    </html>=

    --_28d469d1-2bbe-4598-9a3b-e91991c925e6_--

    #2
    Return-Path: asa.roth@yahoo.com
    Received: from imta01.emeryville.ca.mail.comcast.net (LHLO
    imta01.emeryville.ca.mail.comcast.net) (76.96.30.13) by
    sz0094.ev.mail.comcast.net with LMTP; Tue, 23 Jul 2013 13:39:17 +0000 (UTC)
    Received: from nm44-vm5.bullet.mail.bf1.yahoo.com ([216.109.115.29])
    by imta01.emeryville.ca.mail.comcast.net with comcast
    id 3paL1m0150e7X7401paRja; Tue, 23 Jul 2013 13:34:29 +0000
    X-CAA-SPAM: F00000
    X-Authority-Analysis: v=2.1 cv=UNvkQkvy c=1 sm=1 tr=0
    a=VQ5Zfq02FJj7sTRxT7GZRg==:117 a=NViT9iwxziP3GH+QfqynnA==:17 a=CjxXgO3LAAAA:8
    a=C_IRinGWAAAA:8 a=lS0MHldHvS4A:10 a=1AVv87_t4DYA:10 a=f8_S3n9t2uQA:10
    a=WNHz-16fleoA:10 a=oJL9TIRMo0YA:10 a=ERtc2hz6xwIA:10 a=RjM83DLrjV0A:10
    a=nHhYsEXA5NsA:10 a=41a90h5TAAAA:8 a=2LPjpmnrAAAA:8 a=5aE4IZ5wdPG9luSCcTAA:9
    a=QEXdDO2ut3YA:10 a=EZJ5i96P_JN-COrmB0YA:9 a=7jBDequ9VQUBczns:21
    a=_W_S_7VecoQA:10
    Authentication-Results: imta01.emeryville.ca.mail.comcast.net;
    dkim=pass header.d=yahoo.com header.b=3tf4m1o0
    Received: from [98.139.212.149] by nm44.bullet.mail.bf1.yahoo.com with NNFMP; 23 Jul 2013 13:34:19 -0000
    Received: from [98.139.212.220] by tm6.bullet.mail.bf1.yahoo.com with NNFMP; 23 Jul 2013 13:34:19 -0000
    Received: from [127.0.0.1] by omp1029.mail.bf1.yahoo.com with NNFMP; 23 Jul 2013 13:34:19 -0000
    X-Yahoo-Newman-Property: ymail-3
    X-Yahoo-Newman-Id: 874168.10155.bm@omp1029.mail.bf1.yahoo.com
    Received: (qmail 41200 invoked by uid 60001); 23 Jul 2013 13:34:19 -0000
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1374586459; bh=5QqM5U/G1ghXvb8EpvAWV3GhiMhwAInMcgCENILZSDI=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-IDate:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=3tf4m1o0oXEupDcY85zMtVh095tLYST5p8kvJ4zB9ZxKZeuV bqAgIbo8fjYGiyPpatT+PaXBEqmFsPbJ2sFZASxD3ckBhHcM6t 0Z0zVvNqVbgN9hA8c6/lirv5nyiDPsDh0tJmwbThIp5Lkssj6Fegi7mORy4NEauGd2gUO oZoo=
    DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=yahoo.com;
    h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-IDate:From:Reply-To:Subject:To:MIME-Version:Content-Type;
    b=6nySk2E32Mq7Y0ghLDO3qRoDca/bn4h2JrMS3RgXqJApmPP9cVZk1EXZTpg7sIUhHazJ4doPStc5S Rw0LJP99ptuX7m18G1FBb9NnJsy0FenC/6tWTCA6fvzw1sELHUUGO9II+mq2OnoxxmwubObb5H2xvY0jbR4 cWCfpvYHPXM=;
    X-YMail-OSG: 2wePSIAVM1kkGhIYEl4TMsbsTWBGuyPQ0gc4Q4w1nE2SEOy
    qEJ1RiyGm6sL20djx3sYV
    Received: from [196.206.139.4] by web160106.mail.bf1.yahoo.com via HTTP; Tue, 23 Jul 2013 06:34:19 PDT
    X-Rocket-MIMEInfo: 002.001,YWN1dGUgYXMgd29yZnMgb3IgbGV3aXNzIGJ1dHRhbn RhbGl6ZWQgd2l0aCBib3RoIGhlYXQgYW5kIGFyb21hdGhhdCBo ZSBmYWNlZCB0aGUgdGhyZWF0IGFzLCBzaGUgamliZWQgbGVhbm luZyBhZ2FpbnN0IHRoZSByYWlsaQrnrZbimIPolJRU6JSUaOiU lGXolJRz6JSUZeiUlOiUlOiUlGTolJRy6JSUdeiUlGfolJTolJ TolJRw6JSUcuiUlGnolJRj6JSUZeiUlHPolJTolJTolJRh6JSU cuiUlGXolJTolJTolJRz6JSUb.iUlOiUlOiUlGzolJRv6JSUdw podHRwOi8vZ29vZ2xlLmNvbS5xYS8lNzQlNzIlNjFuJTcBMAEB AQE-
    X-Mailer: YahooMailWebService/0.8.150.561
    Message-ID: <1374586459.41030.YahooMailNeo@web160106.mail.bf1. yahoo.com>
    Date: Tue, 23 Jul 2013 06:34:19 -0700 (PDT)
    From: Asa Roth <asa.roth@yahoo.com>
    Reply-To: Asa Roth <asa.roth@yahoo.com>
    Subject: RE: The medicines to restore your *** life are exceptionally cheap
    To: Kent <kent07170@charter.net>, Macymcfarland <macymcfarland@comcast.net>
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="-827237569-192524219-1374586459=:41030"

    Thank you Bill
    Macy

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Those headers don't show either of those messages passing through a ZImbra server (other than the Comcast servers), the first one comes directly from a hotmail server and the second from a yahoo server. One technique for spammers is to 'bounce' an email through another server and neither of them show that behaviour - they both appear to have been sent directly to you. If you wish to check the headers of an email you can paste them into either of these sites:

    Email Header Analyzer, RFC822 Parser - MxToolbox
    Complete email header analysis. Analyse, track ip here

    They will tell you where the mail went through the SMTP system to get to you. As I mentioned earlier, you can mark these messages as Spam in your Comcast interface, have you tried that? If that doesn't work for you then the only thing I can suggest is to open a support case with Comcast about this problem - they use Zimbra as a product to provide your mail on their networks and we have no access to the systems nor can we actually provide support for you, you must go directly to their support service.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Continuous Outlook '10 crashing with Zimbra installed
    By rjp-nolaf in forum Zimbra Connector for Outlook
    Replies: 7
    Last Post: 01-24-2012, 03:06 PM
  2. Continuous Outlook '10 crashing with Zimbra installed
    By rjp-nolaf in forum Error Reports
    Replies: 3
    Last Post: 01-20-2012, 02:48 PM
  3. Zimbra is a SPAMMER again
    By warcries in forum Administrators
    Replies: 1
    Last Post: 09-06-2011, 02:43 AM
  4. Zimbra is a SPAMMER
    By warcries in forum Administrators
    Replies: 2
    Last Post: 07-19-2011, 12:03 AM
  5. stopping spam senders
    By ddjs in forum Administrators
    Replies: 6
    Last Post: 10-10-2007, 06:54 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •