7073 port should be closed for internet?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
BharathS
Posts: 46
Joined: Wed Nov 26, 2014 12:42 am

7073 port should be closed for internet?

Postby BharathS » Sat Jan 19, 2019 4:34 am

Hi Team,

I see some brute force attempts being made to my server through the zimbra soap port 7073, this port is open for internet from my zimbra server, I read wiki article here "https://wiki.zimbra.com/wiki/Security/Collab/87" says saslauthd now listens on 7073 and this port should firewalld blocked from internet, should I close this port from internet?

brute force log:
Jan 18 22:26:43 zimbra saslauthd[22999]: zmauth: authenticating against elected url 'https://myzimbra.server.com:7073/service/admin/soap/' ...
Jan 18 22:26:43 zimbra saslauthd[22999]: zmpost: url='https://myzimbra.server.com:7073/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"/></soap:Header><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value></soap:Code><soap:Reason><soap:Text>authentication failed for [admin]</soap:Text></soap:Reason><soap:Detail><Error xmlns="urn:zimbra"><Code>account.AUTH_FAILED</Code><Trace>qtp1595953398-23308:1547850403794:c49f5585b5ad6cfd</Trace></Error></soap:Detail></soap:Fault></soap:Body></soap:Envelope>', hti->error=''
Jan 18 22:26:43 zimbra saslauthd[22999]: auth_zimbra: admin auth failed: authentication failed for [admin]
Jan 18 22:26:43 zimbra saslauthd[22999]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
Jan 18 22:26:43 zimbra postfix/smtpd[27976]: warning: merenipc1.chamelon.p2.tiktalik.io[x.x.x.x]: SASL LOGIN authentication failed: authentication failure


lytledd
Outstanding Member
Outstanding Member
Posts: 507
Joined: Sat Sep 13, 2014 12:54 am
ZCS/ZD Version: Ubuntu Release 8.8.15.GA.P10 FOSS

Re: 7073 port should be closed for internet?

Postby lytledd » Sat Jan 19, 2019 2:29 pm

In my opinion, the only ports that should be open to the internet are those that are servicing your users. Email ports and the User's web interface on HTTPS. All other ports should be closed.

Doug

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 13 guests