Seguridad en el smtp

[andresmq]

Good afternoon,

I have been using zimbra CE since version 6 and now 7, unfortunately my server is used to send spam with valid user accounts.

When we checked the user account involved in the zimbra web client, we find that they have changed the firm, the forwarding address, I guess Trojan virus is on the user's computer, but still do not understand how it works, because at times when your computer is off there to send spam.

Therefore do not understand how is that spam can be sent and if there is how to configure zimbra to stop this from happening.
Try changing the configuration of postfix with no results.
Configuring postfix:

smtpd_sender_restrictions =
check_client_access hash:/opt/zimbra/postfix/conf/misclientes, permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain, pcre:/opt/zimbra/postfix/conf/sender_access,
permit



smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
permit

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unlisted_recipient,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_hostname,
reject_unknown_sender_domain,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client list.dsbl.org, permit

contenido de /opt/zimbra/postfix/conf/sender_access
/@mi\.dominio\.edu$/ 554 No uses mi dominio para enviar correo

contenido de /opt/zimbra/postfix/conf/misclientes
mi.dominio.edu misremitentes

contenido de /opt/zimbra/postfix/conf/misremitentes
/@(.*\.)?mi\.dominio\.edu$/ OK
/.*/ 554 La direccion remitente debe ser local

Already saw that my server is not Open Relay,
Any suggestions?
The SPF settings help? as I can do this in zimbra?

Thank you very much.

[phoenix]

Quote:

Originally Posted by andresmq

I have been using zimbra CE since version 6 and now 7, unfortunately my server is used to send spam with valid user accounts.

When we checked the user account involved in the zimbra web client, we find that they have changed the firm, the forwarding address, I guess Trojan virus is on the user's computer, but still do not understand how it works, because at times when your computer is off there to send spam.

Therefore do not understand how is that spam can be sent and if there is how to configure zimbra to stop this from happening.

You most likely have a compromised account, start by taking a look at some of the threads on the subject: site:zimbra.com +"compromised account" - Yahoo! Search Results

[jgamigo]

Especulo que todo el problema se debe a que esos mails provienen de alguna dirección dentro de la red de confianza (fijate en la configuración del servidor o general). En ese caso obviamente el mail va a ser enviado.
Slds

[jgamigo]

Igualmente, dale un vistazo a este post [SOLVED] How force user auth to sending mail
Slds