Results 1 to 3 of 3

Thread: Zimbra Security Issues

Hybrid View

  1. #1
    Join Date
    Oct 2006
    Rep Power

    Default Zimbra Security Issues

    I am using the Open Source version of Zimbra(4.0.1_GA_324_RHEL4) and it is running fine.
    However, I am concerned about the security of my Mail Server and hence decided to TCP Wrap my ssh service. On doing so, however, the Zimbra Admin Interface began to act up and displayed the following error when clicking on the 'Server Status' link:

    Message: system failure: exception during auth {RemoteManager: mail.domain->zimbra@mail.domain:22}
    com.zimbra.cs.service.ServiceException: system failure: exception during auth {RemoteManager: mail.domain->zimbra@mail.domain:22}
    at com.zimbra.cs.service.ServiceException.FAILURE(Ser
    at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot
    at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteMa
    at com.zimbra.cs.service.admin.GetMailQueueInfo.handl e(
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:162)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:84)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:223)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:709)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
    at ternalDoFilter(
    at Filter(
    at org.apache.catalina.core.StandardWrapperValve.invo ke(
    at org.apache.catalina.core.StandardContextValve.invo ke(
    at org.apache.catalina.core.StandardHostValve.invoke(
    at org.apache.catalina.valves.ErrorReportValve.invoke (
    at org.apache.catalina.core.StandardEngineValve.invok e(
    at org.apache.catalina.valves.AccessLogValve.invoke(A
    at org.apache.catalina.connector.CoyoteAdapter.servic e(
    at org.apache.coyote.http11.Http11Processor.process(H
    at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt
    at Socket(
    at ead.runIt(
    at org.apache.tomcat.util.threads.ThreadPool$ControlR
    Caused by: There was a problem while talking to mail.domain:22
    at ch.ethz.ssh2.Connection.connect( 2)
    at ch.ethz.ssh2.Connection.connect( 0)
    at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot
    ... 24 more
    Caused by: Connection reset
    at java:168)
    at java:182)
    at ch.ethz.ssh2.transport.ClientServerHello.<init>(Cl
    at ch.ethz.ssh2.transport.TransportManager.initialize (
    at ch.ethz.ssh2.Connection.connect( 1)
    ... 26 more

    Error code: service.FAILURE
    Method: ZmCsfeCommand.prototype.invoke

    Kindly note that for privacy concerns, i have obscured the domain in the message above.

    The problem is resolved when I stop using TCP Wrappers. But for security reasons, I do want to secure access to the SSH service on my Mail Server. Here is a copy of my /etc/hosts.allow file:

    sshd :,,

    To allow Zimbra access to the sshd, I have included But it seems not to be eneough.

    Does someone have any idea how to go about this? Any help will be appreciated.

  2. #2
    Join Date
    Oct 2006
    Rep Power


    Nobody to answer my question???

  3. #3
    Join Date
    Aug 2005
    San Mateo, CA
    Rep Power


    You need SSH access to local services since the MTA can be remote. This SSH access is fetching the Postfix queue information. If you don't want/need this abiltiy then you can continue to blcok ssh.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

Similar Threads

  1. Removing hostname from hosts file fixed prob.
    By lemur in forum Installation
    Replies: 10
    Last Post: 06-13-2007, 06:29 PM
  2. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 09:39 AM
  3. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  4. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 10:34 PM
  5. Zimbra MTA and CentOS VPS on OpenVZ
    By czaveri in forum Installation
    Replies: 2
    Last Post: 03-20-2006, 08:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts