Jan 29 17:52:16 mail saslauthd[22509]: zmpost: url='https://mail.maydomain.com:7073/service/admin/soap/' returned buffer->data='<html>#012<head>#012<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>#012<title>Error 503 Service Unavailable</title>#012</head>#012<body><h2>HTTP ERROR 503</h2>#012<p>Problem accessing /service/admin/soap/. Reason:#012<pre> Service Unavailable</pre></p>#012</body>#012</html>#012', hti->error=''
Jan 29 17:52:16 mail saslauthd[22509]: auth_zimbra: myaccount@maydomain.com auth failed: no authtoken and no soap fault text in document
Jan 29 17:52:16 mail saslauthd[22509]: do_auth : auth failure: [user=myaccount@maydomain.com] [service=smtp] [realm=maydomain.com] [mech=zimbra] [reason=Unknown]
Jan 29 17:52:16 mail postfix/submission/smtpd[895]: warning: unknown[111.111.111.111]: SASL LOGIN authentication failed: authentication failure
Jan 29 17:52:16 mail postfix/submission/smtpd[895]: lost connection after AUTH from unknown[111.111.111.111]
Jan 29 17:52:16 mail postfix/submission/smtpd[895]: disconnect from unknown[111.111.111.111] ehlo=2 starttls=1 auth=0/1 commands=3/4
And after this even usage the correct password, the authentication does not work, it is needed restart the zmmailboxdctl to the service works as expected.
You'll see DoSFilter blocked ips with first command. You'll see accounts being locked by jetty with second command.
I'm not sure about the specific log entries you have as being 'caused by DoSfilter being trigger to block an IP address.
Also, did you tried throttling the filter? It works good when server is being overwhelmed by soap calls (typical during migrations). https://wiki.zimbra.com/wiki/DoSFilter
As zimbra user in your mailbox server:
$ zmprov gs `zmhostname` | grep -i httpdosfilter
$ zmprov gs `zmhostname` | grep -i safeips
--> You can change this values, i need to know the format, and who the ips belong, not the IPs itself.
$ zmprov gs `zmhostname` | grep -i invalidlogin
$ zmprov gas
$ zmprov gs `zmhostname` | grep -i serviceenabled
$ zmprov gs `zmhostname` | grep -i trustedip
--> Again, you may change this values, i only need to know the format and who the ips belong, not the IPs itself.
$ zmlocalconfig | grep -i originating
I would recommend:
- Your safe ip list looks not valid for your zimbra version. You need to add the netmask, like 200.XXX.XXX.YY/32
- Is your IP the one in the zimbraHttpThrottleSafeIPs? If so, then that's ok.
- If for your zimbraMailTrustedIP, one of those 2 IPs is the one of your host, then that's ok. If not, you need to add it.
Maybe you could try adding delay to your zimbraHttpDosFilterDelayMillis? To see if that helps in case of contention or some limit being reached?
Suffering with a similar issue. I'm facing timeouts in an application that connects to zimbra through imap. Added this application ip to the zimbraHttpThrottleSafeIPs, it shows the ip added but when I restart the mailbox service the IP is not being whitelisted.