since this morning, I am getting swamped by the following log entries:
These messages repeat without end. The IP stated in the last line resolves to a brazilian dialup host name, so this is very likey a spamming host. But I wonder what is happening there... Our Zimbra host is behind a NAT, only the SMTP(S), IMAP(S) and HTTPS ports are forwarded. I don't know how this can have something to do with the port at which the admin interface is running...
Mar 30 08:57:28 zimbra saslauthd: zmauth: authenticating against elected url 'https://zimbra.fteu.lan:7071/service/admin/soap/' ...
Mar 30 08:57:28 zimbra saslauthd: zmpost: url='https://zimbra.fteu.lan:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"/></soap:Header><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value></soap:Code><soap:Reason><soap:Text>authentication failed for honey</soap:Text></soap:Reason><soap:Detail><Error xmlns="urn:zimbra"><Code>account.AUTH_FAILED</Code><Trace>com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for honey ExceptionId:btpool0-118://zimbra.fteu.lan:7071/service/admin/soap/:1301468248318:c8e22a553fa44c2f Code:account.AUTH_FAILED ^Iat com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:131) ^Iat com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:127) ^Iat com.zimbra.cs.service.account.Auth.handle(Auth.java:10
Mar 30 08:57:28 zimbra saslauthd: auth_zimbra: honey auth failed: authentication failed for honey
Mar 30 08:57:28 zimbra saslauthd: do_auth : auth failure: [user=honey] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
Mar 30 08:57:28 zimbra postfix/smtpd: warning: unknown[18.104.22.168]: SASL LOGIN authentication failed: authentication failure
Maybe someone else has an idea