Spamming troubleshooting

Revision as of 08:50, 31 May 2018 by Shanxt (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Spamming Issue

Outgoing spamming issue


1: IP blacklisted
2: Not able to send email because of accumulated deferred queue. 


Identify the compromised accounts. Following command will help to give the probable account whose password might compromised if the count was unexpectedly high.

cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -nr

You need to reset the password of the probable users (top 4 having most counts) and restart the MTA service with the following command.

su - zimbra
zmmtactl restart

To minimize the situation of sending email from non authenticated users you can enforce the user to have the auth with the from address and following wiki would help you for this.

And restart the mailbox service on the mailbox server.

su  - zimbra
zmmailboxdctl restart

Please also make sure that the zimbraMtaMyNetworks would have the Ip's of the server only not network which you are not sure wanted to allow or not because no policy would work for the ip listed in my network, you can get the detail by the following command.

su - zimbra
zmprov gs serverName  zimbraMtaMyNetworks

Incoming spamming


Not able to send or receive email 
Having deferred email in the queue


Check the queue if it was flooded with the email


With the following command you can checked what all IP's were making how many connections

cat /var/log/zimbra.log | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'| sort | uniq -c | sort -nr

  19884   11587    2723

Mark the REJECT of the email from that IP, For that following configuration can help.

su - zimbra
zmprov gacf zimbraMtaRestriction
zimbraMtaRestriction: check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist
zimbraMtaRestriction: check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override
strings /opt/zimbra/conf/postfix_blacklist.lmdb

Reviewing the configuration for the RBL configuration if it is in place or not. If not immediately added the following RBL

zmprov mcf +zimbraMtaRestriction "reject_rbl_client"
zmprov mcf +zimbraMtaRestriction "reject_rbl_client"
zmprov mcf +zimbraMtaRestriction "reject_rbl_client"

Check the queue so that for all MAILER-DAEMON email you can put them onto hold queue later can review and delete.

/opt/zimbra/postfix/sbin/postqueue -p | head
74A443D43D43*   21733 Wed Month 30 12:29:15  MAILER-DAEMON
A614D3D43CCF*   21745 Wed Month 30 12:29:43  MAILER-DAEMON
781443D4364F*   21751 Wed Month 30 12:25:16  MAILER-DAEMON
5C72C3D44438*   21721 Wed Month 30 12:36:53  MAILER-DAEMON

With the following command you can put all the MAILER-DAEMON email on hold. Check them or simply you can delete them.

/opt/zimbra/postfix/sbin/postqueue -p | awk 'BEGIN { RS = "" } { if ($7 == "MAILER-DAEMON" ) print $1 }' | tr -d '!*' | /opt/zimbra/postfix/sbin/postsuper -h -

As soon you put those email on hold your queue look like the following and now emails are getting delivered properly.

# /opt/zimbra/libexec/zmqstat

To improve your Anti-spam-system you can refer the following wiki and implement the things according to your need.
Verified Against: Zimbra Collaboration Suite 8.5+ Date Created: 05/29/2018
Article ID: Date Modified: 2018-05-31

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search