DEVHIDE
Login Or Sign up

Zimbra - Server blocking new connections

2k Views Asked by At

I don't know if here is the correct place for this kind of issues...

We have a internal Zimbra Mail Server, and with one specific account/computer zimbra server just "block" the session and suspend new logins from this device. This computer has an account configured in Oulook 2010 and uses another account in zimbra webmail. When the Zimbra server block the session, oulook just pop up the authentication form again, and since zimbra server has been blocked new connections, it can't login again for at least 30 minutes (?). And in zimbra webmail it shows "An network service error occurred".

What i've did:

- Make a full scan with BitDefender Anti-virus (i've suspected that maybe a mail bot installed on user computer), but nothing was found
- Checked windows event logs, nothing related to outlook or massive errors/warnings was found
- Tried to check zimbra logs, and all logs are huge and have more than 800mb (compacted) and more than 4gb uncompressed. 

    below is the part of log with "Access from IP 10.10.10.54 suspended, for repeated failed login." The "10.10.10.54" IP address is the IP from that user which
    has the problems. But another interesting thing is that, has another lines in the log with an strange IP address, like an external IP address

I don't know what could causing this problem or if the client computer has something wrong.

Any ideas?

Part of mailbox.log:

2018-09-20 07:49:52,302 DEBUG [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:52,303 INFO  [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 74.208.160.99 suspended, for repeated failed login.
2018-09-20 07:49:53,479 DEBUG [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,479 INFO  [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:53,523 DEBUG [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,524 INFO  [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:53,572 DEBUG [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,572 INFO  [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:53,613 DEBUG [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,613 INFO  [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:53,675 DEBUG [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,675 INFO  [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:53,715 DEBUG [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,715 INFO  [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:53,759 DEBUG [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,759 INFO  [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:53,803 DEBUG [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token
2018-09-20 07:49:53,803 INFO  [qtp127618319-1101376:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] misc - Access from IP 10.10.10.54 suspended, for repeated failed login.
2018-09-20 07:49:54,018 DEBUG [qtp127618319-1101329:https:https://mail.MYDOMAIN.com.br:7073/service/admin/soap/] [] AuthProvider - zimbra:no auth token

Zimbra Log Files

Outlook login popup

zimbra webmaillogin

email authentication zimbra
Original Q&A
0

There are 0 best solutions below

Related Questions in EMAIL

Related Questions in AUTHENTICATION

Related Questions in ZIMBRA

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.