Results 1 to 3 of 3

Thread: DOS Attack from my local ip? Some BUG?

  1. #1
    Join Date
    Nov 2010
    Posts
    2
    Rep Power
    4

    Unhappy DOS Attack from my local ip? Some BUG?

    Hello,

    I'm struggling for weeks trying to find out where those messages comes from.

    looking at /opt/zimbra/log/mailbox.log i have this (repeating forever):

    *.*.*.* is always the IP address from my local network interface (eth0)
    and ##### is always the same zimbra account witch i had to rename because that problem is blocking that account. After renaming i have "account not found" instead of "wrong password" message.

    What makes me crazy is the fact that in log file the local ip is originating connections, so i can't block it at firewall. Now i don't know how to trace the "real" origin. Until now i believe there is something tryng to connect from outside in that account (maybe wrong password saved in outlook) but for some reason its showing my local ip on log files.

    Is there anyway to trace the origin of that log message? Can someone help me?

    Code:
    2010-11-19 11:51:03,234 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
    2010-11-19 11:51:03,932 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
    2010-11-19 11:51:04,689 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
    2010-11-19 11:51:05,609 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
    2010-11-19 11:51:06,309 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
    2010-11-19 11:51:07,172 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
    2010-11-19 11:51:07,879 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
    2010-11-19 11:51:08,521 INFO  [btpool0-116] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found

  2. #2
    Join Date
    Jan 2008
    Location
    Berlin, Germany
    Posts
    203
    Rep Power
    7

    Default

    ... just have a look at /var/log/zimbra.log too.

    Most likely this is being caused by failed SMTP- Auth requests coming from saslauthd and routed trough zmpost / zmauth.
    Best regards

    Andreas Wolske

    managedhosting.de GmbH

    Zimbra Cloud Hosting, Consulting & Support
    VMware vCloud Powered Serviceprovider

  3. #3
    Join Date
    Nov 2010
    Posts
    2
    Rep Power
    4

    Default

    Quote Originally Posted by FritzBrause View Post
    ... just have a look at /var/log/zimbra.log too.

    Most likely this is being caused by failed SMTP- Auth requests coming from saslauthd and routed trough zmpost / zmauth.
    Thank you!

    I changed the account name, then created a new account with the old name. Now the new account (with the old name) is redirecting all received mails to the old account (with a new name) and the problem is not happening anymore. I will try to unblock the new account (witch has the old problematic name) and test it to see if it will go back to normal behavior.

    I will give you feedback, until now everything looks normal. I'm gona let it work for a day or two to make sure its ok.
    Last edited by RDMT; 01-03-2011 at 10:33 AM.

Similar Threads

  1. Replies: 32
    Last Post: 03-18-2011, 11:03 AM
  2. postfix transport maps
    By pheonix1t in forum Administrators
    Replies: 12
    Last Post: 01-17-2009, 10:42 PM
  3. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 09:10 AM
  4. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  5. Replies: 12
    Last Post: 03-14-2006, 11:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •