[sdnog] out going spam

Sahlih Shihab salih.shihab at sudren.edu.sd
Wed May 18 11:58:14 SAST 2016 

Hi Frank, All
Greetings

Thanks Frank for your quick response
I do some diagnoses into my mail server, I executed these commands "
1- sudo ~/libexec/zmqstat
hold=0
corrupt=0
deferred=390
active=0
incoming=0

2- /opt/zimbra/postfix/sbin/postqueue -p

the all output is just like

06ECE1382A8A 1524 Mon May 16 20:06:47 ahmed at xx.yy.ss
(connect to wyomingnews.com.bak-mx.smtprou...[208.43.37.100]:25: Connection timed out)
bmartin at wyomingnews.com
news at wyomingnews.com
szoellick at wyomingnews.com

3- /opt/zimbra/postfix/sbin/postcat -qv 06ECE1382A8A " which is "06ECE1382A8A " is the mesg id of "ahmed at xx.yy.ss" and I note that the x- originated-IP ip is out of my network, so it seem that some one try to send spam through this email "ahmed at xx.yy.xx".
After that I put the strange IP in our FW to block it, now how can I prevent this behavior to happen again?? And am I in the right way ??

I appreciate your help


----- Original Message -----
From: "Frank Habicht" <geier at geier.ne.tz>
To: sdnog at sdnog.sd
Sent: Wednesday, May 18, 2016 10:40:35 AM
Subject: Re: [sdnog] out going spam

Hi,

I believe you should try to find out how the spam got into your server.
Was someone logged in and generated it on the server?
Were the emails generated from a web-script that generates emails, and
was run by remote users?
Or were the emails submitted into your MTA through SMTP on ports 25 or
587 (or 465) ?
with authentication?
using compromised credentials of one of your users?

I think going through the zimbra logs is the best way forward.


Now:
At my work we have clients of internet connectivity and they run their
own Zimbra server, and some of them also have spamming problems.
Does anyone know the locations of all the relevant log files (MTA,
email) on Zimbra? Because our clients need our help directing them there...

Greetings,
Frank


On 5/18/2016 10:27 AM, Sahlih Shihab wrote:
> Dear All SDNOGER
> Greetings
> I have a big problem with my Zimbra mail server, my mail server send a
> lot spam to out side wold, i do not know how to solve this issue and
> prevent it from happening again, so I need your help
> pleeeeeeeeeeeeeeeeeeeease
> Thank
> 
> -- 
> Sudanese Research and Education Network <http://www.sudren.edu.sd/>
> 	
> 	
> *Salih S. M. Abdelhameed **| Head of Electronics Service Unit *
> Sudanese Research and Education Network *|* Address
> Nile St. *|* University of Khartoum  
> Tel: +2491556620 <callto:+249155662069>71 *|* Mob: +24912
> <callto:+249123788848>3788843
> WebsiteGB <http://www.sudren.edu.sd/>   email
> <mailto:salih.shihab at sudren.edu.sd> 
> <http://www.companysig.com/>
> 
> ------------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> sdnog mailing list
> sdnog at sdnog.sd
> http://lists.sdnog.sd/mailman/listinfo/sdnog
> 
_______________________________________________
sdnog mailing list
sdnog at sdnog.sd
http://lists.sdnog.sd/mailman/listinfo/sdnog

-- 

	
	
Salih S. M. Abdelhameed | Head of Electronics Service Unit 
Sudanese Research and Education Network | Address 
Nile St. | University of Khartoum 
Tel: +2491556620 71 | Mob: +24912 3788843

More information about the sdnog mailing list