[Owasp-Malaysia] Spamming In Zimbra By Users Account With Weak Password

Ang Chin Han ang.chin.han at gmail.com
Mon Oct 18 08:30:42 EDT 2010


On Mon, Oct 18, 2010 at 6:48 PM, Harisfazillah Jamel
<linuxmalaysia at gmail.com> wrote:
> Assalamualaikum and salam sejahtera,
>
> I have this occurs problem to a Zimbra server. Spammer will used any
> account they can breach to spam. More than 6000 spam email will be
> send for every successfully try.

Note also that zimbra by default may do a spamassasin check on the
outgoing email, causes really, really heavy load on the server. It
maybe more prudent to quickly block off the offending IP (unless
DDOS'd).

For ongoing attacks, netstat -an | grep :25
iptables -A INPUT -s x.x.x.x -j DROP

It may help to turn on additional checks in zimbra's admin under
Global Settings, esp. RBLs and other DNS checks.


More information about the Owasp-Malaysia mailing list