Zimbra: unable to get rid of DoSFilter trapping

I’m getting mad…

I’ve a new server using Zimbra and ZPush 2.4.4 with the latest available backend.

In Zimbra I’ve whitelisted the server public IP address, localhost addresses and the office IP.

Now a user changed his password in Zimbra and the mobile phones are not prompting for the new password and Z-Push keeps authenticating to Zimbra with wrong credentials. And despite of all the whitelist above (I’ve restarted all zimbra) I keep getting 503 Service unavailable from Zimbra!

Z-Push is configured directly in zimbra’s nginx.conf using this method.

The only strange thing I noticed in mailbox.log is that I get two IPs in the oip field. That is:

2018-09-12 14:22:29,398 INFO  [qtp127618319-823:http://127.0.0.1/service/soap/] [name=username;oip=OFFICE_IP, 127.0.0.1;port=49930;ua=Android/8.0.0-EAS-2.0(...717940) devip=OFFICE_IP ZPZB/68;] SoapEngine - handler exception: authentication failed for [username], invalid password

I cannot understand why in oip I see the remote IP and the z-push server IP. Now Z-Push is configured with https://127.0.0.1 as Zimbra server (and without url override), but even if I use the public hostname I will see Zimbra’s public IP instead of 127.0.0.1.

It’s driving me mad, I cannot see why Zimbra keeps throttling Z-Push connections!

Thanks

I tried changing USE_CUSTOM_REMOTE_IP_HEADER from HTTP_X_FORWARDED_FOR to HTTP_X_REAL_IP but everything seems the same.

Message spotted on mailboxd:

2018-09-12 14:43:30,984 INFO  [qtp127618319-1087:http://127.0.0.1/service/soap/] [] misc - Access from IP 1.2.9.21, 127.0.0.1 suspended, for repeated failed login.

It seems to me that Zimbra is threating the dual IP as a single IP address…

Do you have an instance of Apache you can use as a test z-push server to connect to the same zimbra host? It would allow you to determine if it is an nginx configuration that is causing the dual IP addresses.

@maxxer said in Zimbra: unable to get rid of DoSFilter trapping:

In Zimbra I’ve whitelisted the server public IP address, localhost addresses and the office IP.

Did you also whitelist the Z-Push server IP address? That is the most important one.

Yes, of course the zpush and zimbra itself public IPs are whitelisted, v4 and v6.

Unfortunately I currently don’t have an apache set up, I must install it. I checked another installation I have and it seems the IP is doubled every time.