Zimbra Forums

I managed to print real IP disabling Outbound NAT rule generation in pfsense.

Thank you guys!

Yes I need it , because all machines are virtualized. I have two public IPs one for the web server and one for the mail server. the third public IP is for the firewall... resuming the NAT configuration: I access to the firewall with a public IP, then there are 2 rules (NAT 1:1) External IP Internal ...

Hey Lance, I did what you suggested.. rebooted both machines but nothing changed, i have always the firewall IP in the logs... I can see in pfsense this weird stuff in logs. Time IF Source Destination Oct 15 21:18 WAN [fe80::6eb2:aeff:fe01:8841] [ff02::66]:2029

Hi Lance,

ehm... it' empty, no rules in Port Fowarding.

The firewall rules are the following:
Reject everything execpt
80 (HTTP)
443 (HTTPS)
143 (IMAP)
993 (IMAP/S)
110 (POP3)
995 (POP3/S)
25 (SMTP)
465 (SMTP/S)
587 (SUBMISSION)

I know that fail2ban should fix this issue. In fact I need to reveal which IP is doing the bruteforce and ban it. Unfortunately the Zimbra log and mail log doesn't give me this information, and fail2ban rely on it. Maybe could be a DNS configuration. But in order to work behind a firewall Zimbra mus...

Hi Mark, thank you for your reply. The zimbra version is 8.6. I am not running on proxy. The mail server is behind a firewall The firewall is a PFsense machine x.x.x.1 Zimbra is on another machine x.x.x.12 On PFsense there is a NAT 1:1 to translate te public IP to the zimbra server. I added the loca...

Hello I have Zimbra behind pfsense and the public IP is Natted to the the internal IP. SplitDNS is set as well. So the firewall is on 172.0.1.1 and the mail server on the same LAN. I see a lot of authentication failure in the zimbra log and it says that the connection comes from ... the firewall... ...

Hello there, on my zimbra log I see every 5 second an intrusion attempt Oct 2 21:18:07 mail saslauthd[3839]: zmauth: authenticating against elected url 'https://mail.mydomain.xxx:7071/service/admin/soap/' ... Oct 2 21:18:07 mail saslauthd[3839]: zmpost: url='https://mail.mydomain.xxx:7071/service/ad...

Thank for the reply.

i don't think is a phishing because no one got email, in fact the first thing i did was change the password of all account.

Now i create a policy to restrict only domain of the server to send email, but i am going to delete the account info

Hello there, i Have a zimbra server 8.0.6. The info@ accout is receiving continuos email like this: Undelivered Mail Returned to Sender This is the mail system at host mail.mydomain.xxx I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached ...