Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Z-Push Zimbra DoSFilter Throttling Mechanism

    Synchronising (mobile) devices via Z-Push
    2
    3
    2701
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • pgodinic
      pgodinic last edited by

      Hy,

      we have problem with Z-Push and Zimbra. Problem is that we can’t whitelist Z-Push server on Zimbra. We did every step on this link https://wiki.zimbra.com/wiki/DoSFilter and we are still getting errors.

      Z-Push is correctly whitelisted:
      2018-08-15 22:51:52,511 INFO [main] [] misc - DoSFilter: Configured whitelist IPs = 127.0.1.1,212.92.194.155/32,192.168.0.0/16,212.92.194.67/32,93.140.31.128/32,213.149.51.37/32,185.150.235.150/32,195.190.136.180/32,195.190.136.181/32,127.0.0.1,::1,0:0:0:0:0:0:0:1

      Some logs:
      Zimbra
      zimbra:/opt/zimbra/log/nginx.access.log javlja
      195.190.136.181:59193 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
      195.190.136.181:59131 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
      195.190.136.181:59197 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
      195.190.136.181:59199 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
      195.190.136.181:59203 - - [13/Aug/2018:12:17:11 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
      195.190.136.181:59244 - - [13/Aug/2018:12:17:12 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
      195.190.136.181:59206 - - [13/Aug/2018:12:17:12 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”
      195.190.136.181:59131 - - [13/Aug/2018:12:17:12 +0200] “POST /service/soap/ HTTP/1.1” 503 492 “-” “-” “127.0.1.1:8443”

      2018-08-13 09:58:28,176 INFO [qtp66233253-409700:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
      2018-08-13 09:58:28,240 INFO [qtp66233253-409728:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
      2018-08-13 09:58:28,247 INFO [qtp66233253-409737:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
      2018-08-13 09:58:28,676 INFO [qtp66233253-409700:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
      2018-08-13 09:58:28,683 INFO [qtp66233253-409732:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.
      2018-08-13 09:58:28,700 INFO [qtp66233253-409739:https:https://webmail.luceed.hr/service/soap/] [] misc - Access from IP 195.190.136.180, 195.190.136.181 suspended, for repeated failed login.

      zmmailboxd.out:2018-08-21 01:53:49.295:INFO:oejs.DoSFilter:qtp66233253-70972:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
      zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
      zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
      zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
      zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181
      zmmailboxd.out:2018-08-21 01:53:49.347:INFO:oejs.DoSFilter:qtp66233253-70959:https:https://webmail.luceed.hr/service/soap/: Ignoring malformed remote address 195.190.136.180, 195.190.136.181

      Z-Push
      a zpush-kontos:/var/log/z-push/z-push-error.log
      13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): SOAP FAULT: HTML Error Returned - Error 503 Service Unavailable
      13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): If using zimbra 8 or later please make sure to whitelist the z-push server IP address(es) in the DoSFilter
      13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): See zimbra wiki for details - http://wiki.zimbra.com/wiki/DoSFilter
      13/08/2018 12:12:17 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): DoSFilter trap - See z-push-error.log - Delaying one second before continuing …
      13/08/2018 12:12:18 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): DoSFilter trap - Setting/Increasing session SOAP Request Delay to [560000] microseconds
      13/08/2018 12:12:18 [16603] [ERROR] [marko.@.eu] Zimbra->SoapRequest(): SOAP FAULT: HTML Error Returned - Error 503 Service Unavailable - Enable ZIMBRA_DEBUG for more details - returning { false }

      Versions
      Zimbra - Release 8.7.4.GA.1730.UBUNTU12.64 UBUNTU12_64 FOSS edition.
      Z-Push - version: 2.4.4+0-0
      Z-Push Zimbra Backend - RELEASE 67

      1 Reply Last reply Reply Quote 0
      • milauria
        milauria last edited by

        Hello, same problem here … any ideas on how to resolve this ?

        1 Reply Last reply Reply Quote 0
        • milauria
          milauria last edited by

          I answer myself about how I fixed this:
          I whitelisted the Ip into Zimbra DOSFilter and noticed that in reality there were several authentication failures logged by z-push due to wrong user account password. Therefore I removed the IP from the whitelist and asked the user to revalidate his account password.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post