Code: Select all
Oct 26 13:25:01 mydomain saslauthd: zmauth: authenticating against elected url 'https://mydomain.com:7071/service/admin/soap/' ...
Oct 26 13:25:01 mydomain saslauthd: zmpost: url='https://mydomain.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"/></soap:Header><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value></soap:Code><soap:Reason><soap:Text>authentication failed for [firstname.lastname@example.org]</soap:Text></soap:Reason><soap:Detail><Error xmlns="urn:zimbra"><Code>account.AUTH_FAILED</Code><Trace>qtp821866309-20353:https://10.0.0.101:7071/service/admin/soap/:1477484701386:aae4520b8c7c5743</Trace></Error></soap:Detail></soap:Fault></soap:Body></soap:Envelope>', hti->error=''
Oct 26 13:25:01 mydomain saslauthd: auth_zimbra: email@example.com auth failed: authentication failed for [firstname.lastname@example.org]
Oct 26 13:25:01 mydomain saslauthd: do_auth : auth failure: [email@example.com] [service=smtp] [realm=mydomain.com] [mech=zimbra] [reason=Unknown]
Oct 26 13:25:01 mydomain postfix/smtps/smtpd: warning: SASL authentication failure: Password verification failed
Oct 26 13:25:01 mydomain postfix/smtps/smtpd: warning: unknown[188.8.131.52]: SASL PLAIN authentication failed: authentication failure
The main difference between them is the IP which is sometimes repeated a couple of time but is normally different.
This is causing problems because it's locking users out, which they find annoying. I could loosen the lockout requirements but I feel that would be a bad idea considering the large number of failed attempts each day.
Can anyone comment / help?