Useful cmd for quick checking compromised account in case of internal spam:
cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
Accont with much difference in sent mails is the one to inspect...
Useful cmd for quick checking compromised account in case of internal spam:
cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
Accont with much difference in sent mails is the one to inspect...