How To Find User Who Send a Bulk Emails Zimbra

In this article I will show how to find how To find user who send a bulk Emails in Zimbra.

If Zimbra server sends spam emails first you need find user or users who authenticated on the SMTP port and sending spam.

The following command will return list of authenticated users on the SMTP port to send an email:

# tail -n 200000 /var/log/maillog | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n

or

# cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n

Example output:

As we see on the pic. last user sending 1490 emails


How To Find User Who Send a Bulk Emails Zimbra

To get users list who authenticated on the SMTP port and sending spam execute next command from CLI:
$ tail -n 200000 /var/log/maillog | sed -n ‘s/.*sasl_username=//p’ | sort | uniq -c | sort -n

   

If you like what you are reading, please:

Buy me a coffeeBuy me a coffee

arstech

Leave a Reply