Z-Push Zimbra DoSFilter Throttling Mechanism

pgodinic

Hy,

we have problem with Z-Push and Zimbra. Problem is that we can’t whitelist Z-Push server on Zimbra. We did every step on this link https://wiki.zimbra.com/wiki/DoSFilter and we are still getting errors.

Z-Push is correctly whitelisted:
2018-08-15 22:51:52,511 INFO [main] [] misc - DoSFilter: Configured whitelist IPs = 127.0.1.1,212.92.194.155/32,192.168.0.0/16,212.92.194.67/32,93.140.31.128/32,213.149.51.37/32,185.150.235.150/32,195.190.136.180/32,195.190.136.181/32,127.0.0.1,::1,0:0:0:0:0:0:0:1

Some logs:
Zimbra
zimbra:/opt/zimbra/log/nginx.access.log javlja
195.190.136.181:59193 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
195.190.136.181:59131 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
195.190.136.181:59197 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
195.190.136.181:59199 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
195.190.136.181:59203 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
195.190.136.181:59244 - - [13/Aug/2018:12:17:12 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
195.190.136.181:59206 - - [13/Aug/2018:12:17:12 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
195.190.136.181:59131 - - [13/Aug/2018:12:17:12 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”

2018-08-13 09:58:28,176 INFO [qtp66233253-409700:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
2018-08-13 09:58:28,240 INFO [qtp66233253-409728:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
2018-08-13 09:58:28,247 INFO [qtp66233253-409737:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
2018-08-13 09:58:28,676 INFO [qtp66233253-409700:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
2018-08-13 09:58:28,683 INFO [qtp66233253-409732:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
2018-08-13 09:58:28,700 INFO [qtp66233253-409739:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.

zmmailboxd.out:2018-08-21 01:53:49.295:INFO:oejs.DoSFilter:qtp66233253-70972:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181

Z-Push
a zpush-kontos:/var/log/z-push/z-push-error.log
13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): SOAP FAULT: HTML Error Returned - Error 503 Service Unavailable
13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): If using zimbra 8 or later please make sure to whitelist the z-push server IP address(es) in the DoSFilter
13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): See zimbra wiki for details - http://wiki.zimbra.com/wiki/DoSFilter
13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): DoSFilter trap - See z-push-error.log - Delaying one second before continuing …
13/08/2018 12:12:18 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): DoSFilter trap - Setting/Increasing session SOAP Request Delay to [560000] microseconds
13/08/2018 12:12:18 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): SOAP FAULT: HTML Error Returned - Error 503 Service Unavailable - Enable ZIMBRA_DEBUG for more details - returning { false }

Versions
Zimbra - Release 8.7.4.GA.1730.UBUNTU12.64 UBUNTU12_64 FOSS edition.
Z-Push - version: 2.4.4+0-0
Z-Push Zimbra Backend - RELEASE 67

milauria

Hello, same problem here … any ideas on how to resolve this ?

milauria

I answer myself about how I fixed this:
I whitelisted the Ip into Zimbra DOSFilter and noticed that in reality there were several authentication failures logged by z-push due to wrong user account password. Therefore I removed the IP from the whitelist and asked the user to revalidate his account password.