Recently our Zimbra opensource mail server ground to a halt,The reason was straightforward and common enough. We had been targeted for delivering thousands of spam messages.
The Zimbra admin web ui became rather useless. First, it is slow at the best of times, and with the server struggling for life, the web ui just didn’t respond. Partially fixing things on the server using good old command line tools got zimbra responding. However, with 80000 messages on hold, the Zimbra admin web ui again could do nothing useful with them. Back to the command line.
Zimbra would be better off just having a fancy ajax shell console, perhaps with some nicely integrated instructions for the already existing command line tools, rather than their complex and ineffective ui
First thing that needed to be done was to stop Zimbra.
$su – zimbra
$zmcontrol stop
The zimbra documentation hinted that “zmcontrol stop mta” might just stop a particular service, but I found that not to be the case. Everything starts or stops.
With zimbra stopped, the server became nicely responsive and I proceeded (as root) to manage the postfix queued messages with the postfix tools.
#cd /opt/zimbra/postfix/sbin
#./postsuper -h ALL
This transferred all the messages out of “deferred”, “incoming” and “active” into “hold” queue. I was then able to start zimbra and it worked for a bit. Unbeknown to me, we had a big queue of messages on our web server, and after zimbra started, thousands more messages arrived and choked zimbra, so it had to be stopped again. I had wanted to stop just the zimbra mta and keep the imap daemon running, so I could study the nature of these mails easily, but zimbra doesn’t support that.
Now I repeated using postsuper on the zimbra server (with zimbra stopped) to clear the queues. Restarted zimbra, and all was well. Except for the thousands of emails now held. These I could not so easily delete, as some legitimate emails were in there.
The zimbra admin web ui was ineffective for dealing with the thousands of held mails, so it was back to the postfix command line tools.
#postqueue -p #prints message ids (all of them) with a little bit of envelope info
#postcat -q #prints the actual message
find out the mail user generating the spam.Ultimately I used the following.
#./postqueue -p | awk ‘/[email protected]/ {print $1}’ > /tmp/x
#./postsuper -d < /tmp/x
change the password of the mail user immediately.
$su – zimbra
$zmprov sp [email protected] password
Does zimbra work same as Gmail because in Gmail Its easy to divert the spam mail from inbox to spam.
thank’s for the comment
yes…Zimbra Web Client Mail Filters are an advanced user feature that allow users to perform actions on incoming email before it reaches their Inbox.Well constructed mail filters can be used to capture spam that has bypassed spam filters, presort mail into designated folders(spam folder), to apply tags to mail, to forward select messages.
hi sathish,
i have zimbra server about 150 mailboxes from last month i stared getting spam mails so i google for it and enable dspam service in MTA after that the user who should get that spam mail that user receive one notification mail but now the other mails from different ids receiving plz help
Thank you very much for your explanations! Very easy to understand, very helpful!
what is command to delete particular email account emails from mail queue
I used below
su – zimbra
postsuper: fatal: use of this command is reserved for the superuser
And got below error
mailq | grep [email protected] | cut -c1-12 | postsuper -d –
postsuper: fatal: use of this command is reserved for the superuser
Please let know the correct command that I can use