[sdnog] out going spam

Sahlih Shihab salih.shihab at sudren.edu.sd
Wed May 18 13:19:43 SAST 2016 

Thanks Samir or your help
yes I agree with you

----- Original Message -----
From: "Samir S. Omer" <samir.saif at sudren.edu.sd>
To: "Sahlih Shihab" <salih.shihab at sudren.edu.sd>
Cc: "Frank Habicht" <geier at geier.ne.tz>, sdnog at sdnog.sd
Sent: Wednesday, May 18, 2016 1:38:53 PM
Subject: Re: [sdnog] out going spam

Hi Saleh 

sometimes all the mail configuration can be secure enough, but the problem can be a compromised account that is using a poor password
I it's also worth checking that out and enforce a strong password policy.

also maybe configure AWstats or any similar tools that can can sometimes point you to the right direction.

hope your issue is solved

Samir


----- Original Message -----
> From: "Sahlih Shihab" <salih.shihab at sudren.edu.sd>
> To: "Frank Habicht" <geier at geier.ne.tz>
> Cc: sdnog at sdnog.sd
> Sent: Wednesday, May 18, 2016 1:58:14 PM
> Subject: Re: [sdnog] out going spam
> 
> Hi Frank, All
> Greetings
> 
> Thanks Frank for your quick response
> I do some diagnoses into my mail server, I executed these commands "
> 1- sudo ~/libexec/zmqstat
> hold=0
> corrupt=0
> deferred=390
> active=0
> incoming=0
> 
> 2- /opt/zimbra/postfix/sbin/postqueue -p
> 
> the all output is just like
> 
> 06ECE1382A8A 1524 Mon May 16 20:06:47 ahmed at xx.yy.ss
> (connect to wyomingnews.com.bak-mx.smtprou...[208.43.37.100]:25: Connection
> timed out)
> bmartin at wyomingnews.com
> news at wyomingnews.com
> szoellick at wyomingnews.com
> 
> 3- /opt/zimbra/postfix/sbin/postcat -qv 06ECE1382A8A " which is "06ECE1382A8A
> " is the mesg id of "ahmed at xx.yy.ss" and I note that the x- originated-IP ip
> is out of my network, so it seem that some one try to send spam through this
> email "ahmed at xx.yy.xx".
> After that I put the strange IP in our FW to block it, now how can I prevent
> this behavior to happen again?? And am I in the right way ??
> 
> I appreciate your help
> 
> 
> ----- Original Message -----
> From: "Frank Habicht" <geier at geier.ne.tz>
> To: sdnog at sdnog.sd
> Sent: Wednesday, May 18, 2016 10:40:35 AM
> Subject: Re: [sdnog] out going spam
> 
> Hi,
> 
> I believe you should try to find out how the spam got into your server.
> Was someone logged in and generated it on the server?
> Were the emails generated from a web-script that generates emails, and
> was run by remote users?
> Or were the emails submitted into your MTA through SMTP on ports 25 or
> 587 (or 465) ?
> with authentication?
> using compromised credentials of one of your users?
> 
> I think going through the zimbra logs is the best way forward.
> 
> 
> Now:
> At my work we have clients of internet connectivity and they run their
> own Zimbra server, and some of them also have spamming problems.
> Does anyone know the locations of all the relevant log files (MTA,
> email) on Zimbra? Because our clients need our help directing them there...
> 
> Greetings,
> Frank
> 
> 
> On 5/18/2016 10:27 AM, Sahlih Shihab wrote:
> > Dear All SDNOGER
> > Greetings
> > I have a big problem with my Zimbra mail server, my mail server send a
> > lot spam to out side wold, i do not know how to solve this issue and
> > prevent it from happening again, so I need your help
> > pleeeeeeeeeeeeeeeeeeeease
> > Thank
> > 
> > --
> > Sudanese Research and Education Network <http://www.sudren.edu.sd/>
> > 	
> > 	
> > *Salih S. M. Abdelhameed **| Head of Electronics Service Unit *
> > Sudanese Research and Education Network *|* Address
> > Nile St. *|* University of Khartoum
> > Tel: +2491556620 <callto:+249155662069>71 *|* Mob: +24912
> > <callto:+249123788848>3788843
> > WebsiteGB <http://www.sudren.edu.sd/>   email
> > <mailto:salih.shihab at sudren.edu.sd>
> > <http://www.companysig.com/>
> > 
> > ------------------------------------------------------------------------
> > 
> > 
> > 
> > _______________________________________________
> > sdnog mailing list
> > sdnog at sdnog.sd
> > http://lists.sdnog.sd/mailman/listinfo/sdnog
> > 
> _______________________________________________
> sdnog mailing list
> sdnog at sdnog.sd
> http://lists.sdnog.sd/mailman/listinfo/sdnog
> 
> --
> 
> 	
> 	
> Salih S. M. Abdelhameed | Head of Electronics Service Unit
> Sudanese Research and Education Network | Address
> Nile St. | University of Khartoum
> Tel: +2491556620 71 | Mob: +24912 3788843
> 
> 
> 
> _______________________________________________
> sdnog mailing list
> sdnog at sdnog.sd
> http://lists.sdnog.sd/mailman/listinfo/sdnog
> 

-- 

	
	
Salih S. M. Abdelhameed | Head of Electronics Service Unit 
Sudanese Research and Education Network | Address 
Nile St. | University of Khartoum 
Tel: +2491556620 71 | Mob: +24912 3788843

More information about the sdnog mailing list