Release 8.6.0.GA.1153.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.6.0_P4.
What I try to do:
I want to autoban with fail2ban all the brute force attackers.
The Problem behind that is the following:
In "/opt/zimbra/log/mailbox.log" I see the following if someone tries to login on the website with invalid credentials:
2016-02-26 10:33:50,323 INFO [qtp509886383-171:http://127.0.0.1:8080/service/soap/AuthRequest] [oip=192.168.5.3;ua=zclient/8.6.0_GA_1182;] SoapEngine - handler exception: authentication failed for [mytest], account not found
2016-02-26 10:33:50,323 INFO [qtp509886383-171:http://127.0.0.1:8080/service/soap/AuthRequest] [oip=192.168.5.3;ua=zclient/8.6.0_GA_1182;] soap - AuthRequest elapsed=1
2016-02-26 10:33:50,339 INFO [qtp509886383-167:https://127.0.0.1:7071/service/admin/soap/GetDomainInfoRequest] [ip=127.0.0.1;ua=ZCS/8.6.0_GA_1182;] soap - GetDomainInfoRequest elapsed=0
The "oip" is the internal IP of the server but should be the IP of the client.
I have another zimbra (also 8.6 with zimbra proxy) there "oip" has the right IP in it.
I think the zimbra proxy is the problem here but I can't find out why on this machine the proxy does not ship the right IP to the login service.
Has someone an idea what is going wrong here?