Results 1 to 8 of 8

Thread: Create a Rule for that all mail contains my domain in sender or reciver

  1. #1
    afunez2009 is offline Intermediate Member
    Join Date
    Feb 2010
    Location
    La Ceiba, Honduras
    Posts
    23
    Rep Power
    5

    Lightbulb Create a Rule for that all mail contains my domain in sender or reciver

    Hello

    My server is used for some yahoo mails to send masive email, i been deleting all those emails

    But i want to make a rule for limite that all my emails contains my domain in sender or reciver, because i see that masive mails not contain my domain in sender or reciver.

    Thanks a lot

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    Quote Originally Posted by afunez2009 View Post
    My server is used for some yahoo mails to send masive email, i been deleting all those emails
    Are you saying that your server is being used to send spam?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    afunez2009 is offline Intermediate Member
    Join Date
    Feb 2010
    Location
    La Ceiba, Honduras
    Posts
    23
    Rep Power
    5

    Lightbulb

    Quote Originally Posted by phoenix View Post
    Are you saying that your server is being used to send spam?
    Yes i think this is true, my server is using for send spam

    I need some thing to solve this situation, the idea of the rule is for this.

    Thanks

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    Have you checked to see if your server is an open relay (it isn't by default), I'd suggest you try the test on this page: Open Relay Test There are dozens more if you want another test service. See what that shows and post back here if it's open or not. If it's not an open relay then it's possible that your server (or more specifically, an account) has been compromised, if that's the case you should make sure that you are using best practice for your user login passwords. There's also a couple of threads in the forums that cover how to check if you have a compromised account, have a search for those and check your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    afunez2009 is offline Intermediate Member
    Join Date
    Feb 2010
    Location
    La Ceiba, Honduras
    Posts
    23
    Rep Power
    5

    Lightbulb

    Quote Originally Posted by phoenix View Post
    Have you checked to see if your server is an open relay (it isn't by default), I'd suggest you try the test on this page: Open Relay Test There are dozens more if you want another test service. See what that shows and post back here if it's open or not. If it's not an open relay then it's possible that your server (or more specifically, an account) has been compromised, if that's the case you should make sure that you are using best practice for your user login passwords. There's also a couple of threads in the forums that cover how to check if you have a compromised account, have a search for those and check your server.
    Hello

    I make a relay test, with the following result:
    All tested completed! No relays accepted by remote host!

    Tell me what is the next step?

    Thanks for your help

  6. #6
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    How do you know that it is your server which is sending the email ? You mention you have deleted a lot of email; is that due to NDRs (Non Delivery Reports) ending up in your Inbox ? We need a little more detail about the emails to be able to help you.

  7. #7
    afunez2009 is offline Intermediate Member
    Join Date
    Feb 2010
    Location
    La Ceiba, Honduras
    Posts
    23
    Rep Power
    5

    Unhappy

    Quote Originally Posted by uxbod View Post
    How do you know that it is your server which is sending the email ? You mention you have deleted a lot of email; is that due to NDRs (Non Delivery Reports) ending up in your Inbox ? We need a little more detail about the emails to be able to help you.
    I check the Zimbra Administrator GUI Tool and check many emails that are sending to domains from domains that not my domains for example:
    From: xxx@yahoo.com to xxx@comcast.com, this is my point that my domain is not included in from or to, for that i want to create a rule.

    Thanks for your help

  8. #8
    afunez2009 is offline Intermediate Member
    Join Date
    Feb 2010
    Location
    La Ceiba, Honduras
    Posts
    23
    Rep Power
    5

    Unhappy

    Quote Originally Posted by vavai View Post
    I've also experience with this problem on one of my client Zimbra server. Zimbra is not an open relay by default, and it's true but it is not enough to protect Zimbra from sending massive fake email from client on the trusted network. I think the problem are on the workstation, that has infected by trojan or virus that sending massive mails to outside by relaying to Zimbra. Most of the email recipient are fake and Zimbra will deferred the mails but the proses taken too much resources.

    I suggest the following suggestion :

    1. Tracking the deferred mail source and find the IP who send the fake mail.

    ex :
    Code:
    su - zimbra
    mailq
    Check the queue ID and open the message source with postcat :
    Code:
    /opt/zimbra/postfix/sbin/postcat
    /opt/zimbra/postfix/spool/deferred/groupID/queueID
    Ex :

    Code:
    /opt/zimbra/postfix/sbin/postcat
    /opt/zimbra/postfix/spool/deferred/D/D125A828AF0
    If you find the original IP who send the massive email, scan it with your updated anti virus/trojan.

    Other solution are creating the SpamAssasin rule as you mentioned on the thread title, but it was not my knowledge :-(
    I check the codes that you say, and check de pc's for the antivirus / antispam / antispyware.
    The problem is that yahoo set all my emails to permenently deferred, i attach the error.

    Some body helpme to create the SpamAssasain rule, to prevent future problems


    This is the info after mailq command:
    2424D1C0416 1455038 Tue Apr 6 09:33:57 cenitf@caribe.hn
    (delivery temporarily suspended: connect to g.mx.mail.yahoo.com[98.137.54.238]: server refused to talk to me: 421 4.7.1 [TS03] All messages from 63.245.12.194 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html)
    gmolinap04@yahoo.com


    Thanks
    Attached Images Attached Images
    Last edited by afunez2009; 04-06-2010 at 10:55 AM. Reason: Include mailq results

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. [SOLVED] service zimbra starting slow
    By lufermalgo in forum Administrators
    Replies: 5
    Last Post: 02-05-2010, 03:06 PM
  3. [SOLVED] Fed 11 zcs install with existing apache
    By Lantzvillian in forum Installation
    Replies: 2
    Last Post: 10-05-2009, 11:11 AM
  4. Replies: 2
    Last Post: 02-12-2008, 11:55 AM
  5. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •