I've tried to secure my Zimbra/Memcached with the instructions at https://wiki.zimbra.com/wiki/Blocking_Memcached_Attack. However, being modern and all, I've substituted the v4 localhost (127.0.0.1) with the v6 localhost (::1) which was a bad idea
Code: Select all
/opt/zimbra/bin/zmprov ms myzimbraserver zimbraMemcachedBindAddress ::1
/opt/zimbra/bin/zmprov ms myzimbraserver zimbraMemcachedClientServerList ::1
Code: Select all
zimbra@myzimbraserver:~$ zmcontrol status
Host myzimbraserver
amavis Running
antispam Running
antivirus Running
dnscache Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
Code: Select all
2018-03-05 00:08:59,012 INFO [main] [] FileDescriptorCache - Loading settings: zimbraMailFileDescriptorCacheSize=1000.
2018-03-05 00:08:59,079 WARN [main] [] misc - Invalid server ::1
2018-03-05 00:08:59,107 FATAL [main] [] soap - Unable to start servlet
java.lang.IllegalArgumentException: You must have at least one server to connect to
at net.spy.memcached.MemcachedClient.<init>(MemcachedClient.java:159)
at com.zimbra.common.util.memcached.ZimbraMemcachedClient.connect(ZimbraMemcachedClient.java:153)
at com.zimbra.cs.memcached.MemcachedConnector.reloadConfig(MemcachedConnector.java:67)
at com.zimbra.cs.memcached.MemcachedConnector.startup(MemcachedConnector.java:44)
at com.zimbra.cs.util.Zimbra.startup(Zimbra.java:276)
Code: Select all
zimbra@myzimbraserver:~$ /opt/zimbra/bin/zmprov ms myzimbraserver zimbraMemcachedBindAddress 127.0.0.1
ERROR: service.PROXY_ERROR (error while proxying request to target server: HTTP/1.1 503 Service Unavailable)
Code: Select all
zimbra@myzimbraserver:~$ zmprov -v
ERROR: service.PROXY_ERROR (error while proxying request to target server: HTTP/1.1 503 Service Unavailable)
com.zimbra.common.service.ServiceException: error while proxying request to target server: HTTP/1.1 503 Service Unavailable
ExceptionId:main:1520269453927:18086317d59c89ab
Code:service.PROXY_ERROR Arg:(url, STR, "https://localhost:7071/service/admin/soap/AuthRequest")
Does somebody know in what config files the ::1 gets written to so I can revert this manually?