Zimbra: unable to get rid of DoSFilter trapping



  • I’m getting mad…

    I’ve a new server using Zimbra and ZPush 2.4.4 with the latest available backend.

    In Zimbra I’ve whitelisted the server public IP address, localhost addresses and the office IP.

    Now a user changed his password in Zimbra and the mobile phones are not prompting for the new password and Z-Push keeps authenticating to Zimbra with wrong credentials. And despite of all the whitelist above (I’ve restarted all zimbra) I keep getting 503 Service unavailable from Zimbra!

    Z-Push is configured directly in zimbra’s nginx.conf using this method.

    The only strange thing I noticed in mailbox.log is that I get two IPs in the oip field. That is:

    2018-09-12 14:22:29,398 INFO  [qtp127618319-823:http://127.0.0.1/service/soap/] [name=username;oip=OFFICE_IP, 127.0.0.1;port=49930;ua=Android/8.0.0-EAS-2.0(...717940) devip=OFFICE_IP ZPZB/68;] SoapEngine - handler exception: authentication failed for [username], invalid password
    

    I cannot understand why in oip I see the remote IP and the z-push server IP. Now Z-Push is configured with https://127.0.0.1 as Zimbra server (and without url override), but even if I use the public hostname I will see Zimbra’s public IP instead of 127.0.0.1.

    It’s driving me mad, I cannot see why Zimbra keeps throttling Z-Push connections!

    Thanks



  • I tried changing USE_CUSTOM_REMOTE_IP_HEADER from HTTP_X_FORWARDED_FOR to HTTP_X_REAL_IP but everything seems the same.

    Message spotted on mailboxd:

    2018-09-12 14:43:30,984 INFO  [qtp127618319-1087:http://127.0.0.1/service/soap/] [] misc - Access from IP 1.2.9.21, 127.0.0.1 suspended, for repeated failed login.
    

    It seems to me that Zimbra is threating the dual IP as a single IP address…



  • Do you have an instance of Apache you can use as a test z-push server to connect to the same zimbra host? It would allow you to determine if it is an nginx configuration that is causing the dual IP addresses.



  • @maxxer said in Zimbra: unable to get rid of DoSFilter trapping:

    In Zimbra I’ve whitelisted the server public IP address, localhost addresses and the office IP.

    Did you also whitelist the Z-Push server IP address? That is the most important one.



  • Yes, of course the zpush and zimbra itself public IPs are whitelisted, v4 and v6.

    Unfortunately I currently don’t have an apache set up, I must install it. I checked another installation I have and it seems the IP is doubled every time.



  • I managed to work around the issue by setting ZIMBRA_URL directly to Jetty on port 8443, instead of passing through nginx. Now the logged oip is the correct one and it’s not joined with nginx’s IP.

    I still have to figure out why zimbra is logging the two IP addresses together, but in the meantime I’m not trapped by DoSFilter