Hello,
I am using the Open Source version of Zimbra(4.0.1_GA_324_RHEL4) and it is running fine.
However, I am concerned about the security of my Mail Server and hence decided to TCP Wrap my ssh service. On doing so, however, the Zimbra Admin Interface began to act up and displayed the following error when clicking on the 'Server Status' link:

Message: system failure: exception during auth {RemoteManager: mail.domain->zimbra@mail.domain:22}
com.zimbra.cs.service.ServiceException: system failure: exception during auth {RemoteManager: mail.domain->zimbra@mail.domain:22}
at com.zimbra.cs.service.ServiceException.FAILURE(Ser viceException.java:174)
at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot eManager.java:193)
at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteMa nager.java:130)
at com.zimbra.cs.service.admin.GetMailQueueInfo.handl e(GetMailQueueInfo.java:56)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:261)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:162)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:84)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:223)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:709)
at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:173)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:541)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:667)
at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.io.IOException: There was a problem while talking to mail.domain:22
at ch.ethz.ssh2.Connection.connect(Connection.java:64 2)
at ch.ethz.ssh2.Connection.connect(Connection.java:46 0)
at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot eManager.java:184)
... 24 more
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream. java:168)
at java.net.SocketInputStream.read(SocketInputStream. java:182)
at ch.ethz.ssh2.transport.ClientServerHello.<init>(Cl ientServerHello.java:39)
at ch.ethz.ssh2.transport.TransportManager.initialize (TransportManager.java:304)
at ch.ethz.ssh2.Connection.connect(Connection.java:59 1)
... 26 more

Error code: service.FAILURE
Method: ZmCsfeCommand.prototype.invoke
Details:soap:Receiver


Kindly note that for privacy concerns, i have obscured the domain in the message above.

The problem is resolved when I stop using TCP Wrappers. But for security reasons, I do want to secure access to the SSH service on my Mail Server. Here is a copy of my /etc/hosts.allow file:

sshd : 172.27.3.1, 172.27.4.14, 127.0.0.1

To allow Zimbra access to the sshd, I have included 127.0.0.1. But it seems not to be eneough.

Does someone have any idea how to go about this? Any help will be appreciated.