Explicacion

Network configuration:
ISP--->fotigate (public ip)---->[all ports are closed except the zimbra needs]---->zimbra server (internal ip)

MTA config GLOBAL and SERVER settings are: "127.0.0.1/32 internal.ip.adress.xxx/32"

REAL SPAM message from my server
Return-Path: a.dastan@localhost.???.org.mx
Received: from 192.168.254.1 (LHLO zmail.???.org.mx) (192.168.254.1)
by zmail.???.org.mx with LMTP; Mon, 28 May 2012 21:15:42 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by zmail.???.org.mx (Postfix) with ESMTP id 4625834A20C
for <foruiza@???.com.mx>; Mon, 28 May 2012 21:15:42 -0500
(CDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 6.098
X-Spam-Level: ******
X-Spam-Status: No, score=6.098 tagged_above=-10 required=6.6
tests=[BAYES_50=0.8, FH_FROMEML_NOTLD=1.082, NO_DNS_FOR_FROM=0.001,
RCVD_IN_BL_SPAMCOP_NET=1.347, T_SURBL_MULTI1=0.01,
URIBL_JP_SURBL=1.25, URIBL_WS_SURBL=1.608] autolearn=no
Received: from zmail.???.org.mx ([127.0.0.1])
by localhost (zmail.???.org.mx [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id hgdtuadNiEdC for <foruiza@???.com.mx>;
Mon, 28 May 2012 21:15:40 -0500 (CDT)
Received: from mail.ehsan-jv.com (mail.ehsan-jv.com [38.117.64.95])
by zmail.???.org.mx (Postfix) with ESMTP id 4321034A203
for <foruiza@???.com.mx>; Mon, 28 May 2012 21:15:40 -0500
(CDT)
Received: from localhost [37.59.210.46] by ehsan-jv.com with ESMTP
(SMTPD-9.10) id ABA402FC; Tue, 29 May 2012 06:29:48 +0330
From: a.dastan@zmail.???.org.mx
To: foruiza@???.com.mx
Subject: Make a good gift for your loved one
Message-Id: <201205290629828.SM01768@localhost>
Date: Tue, 29 May 2012 06:30:06 +0330




------ Mensaje reenviado
De: <a.dastan@zmail.???.org.mx>
Fecha: Tue, 29 May 2012 06:30:06 +0330
Para: <foruiza@???.com.mx>
Asunto: Make a good gift for your loved one

Simple steps to become ideal lover Redirecting
------------------------
------------------------

Is using a user that i dont have on my accounts.

a.dastan@zmail.???.org.mx <--- these user dont exist on my server

Open relay test
220 zmail.???.org.mx ESMTP Postfix
Status Result
OK - 187.157.140.149 resolves to 187.157.140.149.????.com.mx
Warning - Reverse DNS does not match SMTP Banner
OK - Supports TLS.
0 seconds - Good on Connection time
OK - Not an open relay.
0.998 seconds - Good on Transaction Time
Session Transcript:
EHLO please-read-policy.mxtoolbox.com
250-zmail.???.org.mx
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [109 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [109 ms]
RCPT TO: <test@example.com>
554 5.7.1 <test@example.com>: Relay access denied [109 ms]

Ports

todos los puertos estan bloqueados exeptuando loq ue dice el wiki que necesita el zimbra

a las 6 de la maniana tuve un pico de mas de 17000 corros enviados


gracias por adelantado