Spamming troubleshooting
Spamming Issue
Outgoing spamming issue
Problem
1: IP blacklisted 2: Not able to send email because of accumulated deferred queue.
Solution
Identify the compromised accounts. Following command will help to give the probable account whose password might compromised if the count was unexpectedly high.
cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -nr
You need to reset the password of the probable users (top 4 having most counts) and restart the MTA service with the following command.
su - zimbra zmmtactl restart
To minimize the situation of sending email from non authenticated users you can enforce the user to have the auth with the from address and following wiki would help you for this.
https://wiki.zimbra.com/wiki/Enforcing_a_match_between_FROM_address_and_sasl_username_8.5
And restart the mailbox service on the mailbox server.
su - zimbra zmmailboxdctl restart
Please also make sure that the zimbraMtaMyNetworks would have the Ip's of the server only not network which you are not sure wanted to allow or not because no policy would work for the ip listed in my network, you can get the detail by the following command.
su - zimbra zmprov gs serverName zimbraMtaMyNetworks