Results 1 to 3 of 3

Thread: Zimbra Security Issues

Hybrid View

  1. #1
    Join Date
    Oct 2006
    Posts
    16
    Rep Power
    9

    Default Zimbra Security Issues

    Hello,
    I am using the Open Source version of Zimbra(4.0.1_GA_324_RHEL4) and it is running fine.
    However, I am concerned about the security of my Mail Server and hence decided to TCP Wrap my ssh service. On doing so, however, the Zimbra Admin Interface began to act up and displayed the following error when clicking on the 'Server Status' link:

    Message: system failure: exception during auth {RemoteManager: mail.domain->zimbra@mail.domain:22}
    com.zimbra.cs.service.ServiceException: system failure: exception during auth {RemoteManager: mail.domain->zimbra@mail.domain:22}
    at com.zimbra.cs.service.ServiceException.FAILURE(Ser viceException.java:174)
    at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot eManager.java:193)
    at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteMa nager.java:130)
    at com.zimbra.cs.service.admin.GetMailQueueInfo.handl e(GetMailQueueInfo.java:56)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:261)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:162)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:84)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:223)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:709)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:173)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
    at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:541)
    at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
    at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:667)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:80)
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)
    Caused by: java.io.IOException: There was a problem while talking to mail.domain:22
    at ch.ethz.ssh2.Connection.connect(Connection.java:64 2)
    at ch.ethz.ssh2.Connection.connect(Connection.java:46 0)
    at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot eManager.java:184)
    ... 24 more
    Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream. java:168)
    at java.net.SocketInputStream.read(SocketInputStream. java:182)
    at ch.ethz.ssh2.transport.ClientServerHello.<init>(Cl ientServerHello.java:39)
    at ch.ethz.ssh2.transport.TransportManager.initialize (TransportManager.java:304)
    at ch.ethz.ssh2.Connection.connect(Connection.java:59 1)
    ... 26 more

    Error code: service.FAILURE
    Method: ZmCsfeCommand.prototype.invoke
    Details:soap:Receiver


    Kindly note that for privacy concerns, i have obscured the domain in the message above.

    The problem is resolved when I stop using TCP Wrappers. But for security reasons, I do want to secure access to the SSH service on my Mail Server. Here is a copy of my /etc/hosts.allow file:

    sshd : 172.27.3.1, 172.27.4.14, 127.0.0.1

    To allow Zimbra access to the sshd, I have included 127.0.0.1. But it seems not to be eneough.

    Does someone have any idea how to go about this? Any help will be appreciated.

  2. #2
    Join Date
    Oct 2006
    Posts
    16
    Rep Power
    9

    Unhappy

    Nobody to answer my question???

  3. #3
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    You need SSH access to local services since the MTA can be remote. This SSH access is fetching the Postfix queue information. If you don't want/need this abiltiy then you can continue to blcok ssh.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

Similar Threads

  1. Removing hostname from hosts file fixed prob.
    By lemur in forum Installation
    Replies: 10
    Last Post: 06-13-2007, 07:29 PM
  2. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  3. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 07:47 AM
  4. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 11:34 PM
  5. Zimbra MTA and CentOS VPS on OpenVZ
    By czaveri in forum Installation
    Replies: 2
    Last Post: 03-20-2006, 09:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •