DOS Attack from my local ip? Some BUG?

[RDMT]

Hello,

I'm struggling for weeks trying to find out where those messages comes from.

looking at /opt/zimbra/log/mailbox.log i have this (repeating forever):

*.*.*.* is always the IP address from my local network interface (eth0)
and ##### is always the same zimbra account witch i had to rename because that problem is blocking that account. After renaming i have "account not found" instead of "wrong password" message.

What makes me crazy is the fact that in log file the local ip is originating connections, so i can't block it at firewall. Now i don't know how to trace the "real" origin. Until now i believe there is something tryng to connect from outside in that account (maybe wrong password saved in outlook) but for some reason its showing my local ip on log files.

Is there anyway to trace the origin of that log message? Can someone help me?

Code:

2010-11-19 11:51:03,234 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
2010-11-19 11:51:03,932 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
2010-11-19 11:51:04,689 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
2010-11-19 11:51:05,609 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
2010-11-19 11:51:06,309 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
2010-11-19 11:51:07,172 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
2010-11-19 11:51:07,879 INFO  [btpool0-131] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found
2010-11-19 11:51:08,521 INFO  [btpool0-116] [ip=*.*.*.*;] SoapEngine - handler exception: authentication failed for #####, account not found

[FritzBrause]

... just have a look at /var/log/zimbra.log too.

Most likely this is being caused by failed SMTP- Auth requests coming from saslauthd and routed trough zmpost / zmauth.

[RDMT]

... just have a look at /var/log/zimbra.log too.

Most likely this is being caused by failed SMTP- Auth requests coming from saslauthd and routed trough zmpost / zmauth.

Thank you!

I changed the account name, then created a new account with the old name. Now the new account (with the old name) is redirecting all received mails to the old account (with a new name) and the problem is not happening anymore. I will try to unblock the new account (witch has the old problematic name) and test it to see if it will go back to normal behavior.

I will give you feedback, until now everything looks normal. I'm gona let it work for a day or two to make sure its ok.