| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|  | | 
09-03-2011, 06:14 AM
| | | Getting SOAP errors in log Just set up Zimbra and it works fine so far, but inspecting mailbox.log shows that a few Java SOAP errors occurred. Sadly, I do not have the knowledge nor experience to understand what is wrong.
Here is a part of my mailbox.log file: Code: 2011-09-03 14:36:40,489 INFO [btpool0-31://192.168.77.87:7071/service/admin/soap/BatchRequest] [name=admin@andreansky.eu;mid=1;ip=192.168.77.28;ua=ZimbraWebClient - SAF3 (Linux);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: ns.andreansky.eu->zimbra@ns.andreansky.eu:22}
ExceptionId:btpool0-31://192.168.77.87:7071/service/admin/soap/BatchRequest:1315053400489:093f3f7492a042ac
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:248)
at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:193)
at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:127)
at com.zimbra.cs.service.admin.GetServerNIFs.handle(GetServerNIFs.java:65)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:412)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:273)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158)
at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:294)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:215)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:208)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:814)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.handler.DebugHandler.handle(DebugHandler.java:77)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:946)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Caused by: java.io.IOException: There was a problem while connecting to ns.andreansky.eu:22
at ch.ethz.ssh2.Connection.connect(Connection.java:699)
at ch.ethz.ssh2.Connection.connect(Connection.java:490)
at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:184)
... 37 more
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at ch.ethz.ssh2.transport.TransportManager.establishConnection(TransportManager.java:340)
at ch.ethz.ssh2.transport.TransportManager.initialize(TransportManager.java:448)
at ch.ethz.ssh2.Connection.connect(Connection.java:643)
... 39 more
s | 
09-03-2011, 02:38 PM
| | Special Member | |
Posts: 146
| | system failure: exception during auth ;-)
Wrong auth source (problem with external ldap auth?) or bad password?
Please check user without the domain line only just 'admin' not admin@domain
Caused by: java.io.IOException: There was a problem while connecting to ns.andreansky.eu:22
Caused by: java.net.ConnectException: Connection refused
Please open ssh (22) port in your zimbra domain for zimbra software.
__________________
# ZCS 7.1.3 SLES11 SP1
| 
09-04-2011, 12:16 AM
| | | Hmm, I've changed the default ssh port (for obvious reasons  . I'll have a look into that, thanks Soba!
Why does Zimbra need to ssh to the localhost? | 
09-04-2011, 12:43 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,315
| | Quote:
Originally Posted by SkyHiRider Hmm, I've changed the default ssh port (for obvious reasons  . | Which 'obvious reasons'? You surely don't have port 22 visible to the internet, do you? You're behind a NAT router and that port is not accessible to anyone except users on the LAN, if you need access to the server from 'outside' then use a VPN.
__________________
Regards
Bill
| 
09-04-2011, 02:19 AM
| | | The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine. I don't have remote root login enabled but it sill helps keeping the log files clean.
But you're right with the VPN, may get to setting that up later. | 
09-04-2011, 03:04 AM
| | Special Member | |
Posts: 146
| | Quote:
Originally Posted by SkyHiRider The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine. I don't have remote root login enabled but it sill helps keeping the log files clean.
But you're right with the VPN, may get to setting that up later. | Use your global or local firrewall for block all connection to tcp 22 port.
you can use a VPN soolutions (openvpn, Juniper, Cisco) to menage your Zimbra server (SSH / WEB ADMIN GUI). - That is better way
Redirect 22 port to other (like 2222 or 5533) open ssh port is also not a safe solution.
__________________
# ZCS 7.1.3 SLES11 SP1
| 
09-04-2011, 03:11 AM
| | Special Member | |
Posts: 146
| | Not very secure solution:
If you still have an open port of the sshd (eg 5534) you can do to try to redirect the local iptables with the 127.0.0.1:5534 127.0.0.1:22 and publicIP:22 to publicIP:5534.
You can also configured your sshd for multpile address and ports (man sshd.config) and determine allow or deny hosts / port.
__________________
# ZCS 7.1.3 SLES11 SP1
| 
09-04-2011, 04:41 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,315
| | Quote:
Originally Posted by SkyHiRider The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine. | I hate to contradict you but your mail server does not have a public IP address, your NAT router has a public IP address and you should forward only the ports that your Zimbra server requires and port 22 is not one of them. BTW, you can also use something like fail2ban to protect system. Quote:
Originally Posted by SkyHiRider I don't have remote root login enabled but it sill helps keeping the log files clean. | Your log files stay clean if you don't forward that port to your server. 
__________________
Regards
Bill
| 
09-04-2011, 05:48 AM
| | | Thanks for contradicting me, you're right of course
And you're right that I shouldn't forward the port, but the NAT router isn't mine so I can't change that configuration, and my ISP is sometimes hard to persuade. | 
09-04-2011, 06:14 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,315
| | Quote:
Originally Posted by SkyHiRider And you're right that I shouldn't forward the port, but the NAT router isn't mine so I can't change that configuration, and my ISP is sometimes hard to persuade. | Surely they'd be receptive to a security 'problem' that's open to your server? As I mentioned above, you might like to look at implementing fail2ban (I believe there's a couple of threads in the forums on the subject).
__________________
Regards
Bill
| | Thread Tools | Search this Thread | | | | | Display Modes | Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.  |