Zimbra Mail Server is sending Spam

Zimbra Mail Server is sending Spam

How to find SMTP Auth usernames (users) who authenticated on the SMTP port to send a bulk emails.

The following command will return list of authenticated users on the SMTP port to send an email:

tail -n 200000 /var/log/maillog | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n

As we see on the pic. last user sending 1490 emails

arstech

Leave a Reply

Your email address will not be published. Required fields are marked *