Results 1 to 6 of 6

Thread: mailbox.log entries explanation

Hybrid View

  1. #1
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default mailbox.log entries explanation

    Please have a look at these entries in an old mailbox.log file,

    Code:
    2012-05-20 17:05:14,264 INFO  [btpool0-17://mail.example.com:7071/service/admin/soap/] [name=admin@example.com;ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for abuse, invalid password
    2012-05-20 23:17:34,802 INFO  [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for test, account not found
    2012-05-20 23:17:35,892 INFO  [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for info, account not found
    2012-05-20 23:17:36,987 INFO  [btpool0-20://mail.example.com:7071/service/admin/soap/] [name=admin@example.com;ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for admin, invalid password
    2012-05-20 23:17:41,052 INFO  [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for webmaster, account not found
    I don't understand where these failed login attempts originate, e.g. is it from the admin console because it says mail.example.com:7071 or is it from the LAN because the server's IP is shown?

    I have very strong passwords on all accounts and failed login policy enabled. The admin console is only accessible on the LAN and the server is behind a firewall with ports 443, 587, 993 and 25 open.

    How concerned should I be regarding the entries shown above?

  2. #2
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    476
    Rep Power
    4

    Default

    Yonatan, the logs indicates that your accounts were tested (admin, info, abuse) without success.

    You can also check audit.log.

    ccelis.

  3. #3
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default

    I've been searching the zimbra docs and I still can't understand the log entries.

    Specifically,

    Code:
    [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;]
    7071 is the admin console and 192.168.52.80 is the server LAN IP. So, where are the failed login attempts coming from?

  4. #4
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default

    Quote Originally Posted by ccelis5215 View Post
    Yonatan, the logs indicates that your accounts were tested (admin, info, abuse) without success.

    You can also check audit.log.

    ccelis.
    ccelis I understand that, but I still don't get from where

  5. #5
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    476
    Rep Power
    4

    Default

    Hi, take a look.. http://www.zimbra.com/forums/adminis...ding-spam.html

    As you see, shows entries in three logs.

    Hope helps understand.

    ccelis

  6. #6
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default

    Quote Originally Posted by ccelis5215 View Post
    Hi, take a look.. http://www.zimbra.com/forums/adminis...ding-spam.html

    As you see, shows entries in three logs.

    Hope helps understand.

    ccelis
    Thanks for the link ccelis. Unfortunately, it doesn't explain the parts of the log entries that I would like to know. Odd that Zimbra's documentation isn't clearer on these kinds of things.

Similar Threads

  1. Corrupted database cause mailbox to halt
    By simba5140 in forum Migration
    Replies: 3
    Last Post: 06-04-2012, 04:29 PM
  2. [SOLVED] Re-creating the spam training e-mail account
    By richard-hdd in forum Administrators
    Replies: 21
    Last Post: 03-20-2012, 08:34 AM
  3. Admin PowerTip: Mailbox.log
    By jholder in forum Administrators
    Replies: 1
    Last Post: 10-21-2009, 11:45 AM
  4. Calendar entries uneditable...
    By Guest6400 in forum Administrators
    Replies: 2
    Last Post: 03-30-2007, 04:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •