Getting SOAP errors in log

[SkyHiRider]

Just set up Zimbra and it works fine so far, but inspecting mailbox.log shows that a few Java SOAP errors occurred. Sadly, I do not have the knowledge nor experience to understand what is wrong.

Here is a part of my mailbox.log file:

Code:

2011-09-03 14:36:40,489 INFO  [btpool0-31://192.168.77.87:7071/service/admin/soap/BatchRequest] [name=admin@andreansky.eu;mid=1;ip=192.168.77.28;ua=ZimbraWebClient - SAF3 (Linux);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: ns.andreansky.eu->zimbra@ns.andreansky.eu:22}
ExceptionId:btpool0-31://192.168.77.87:7071/service/admin/soap/BatchRequest:1315053400489:093f3f7492a042ac
Code:service.FAILURE
	at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:248)
	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:193)
	at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:127)
	at com.zimbra.cs.service.admin.GetServerNIFs.handle(GetServerNIFs.java:65)
	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:412)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:273)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158)
	at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:294)
	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:215)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:208)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:814)
	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
	at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:79)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
	at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
	at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218)
	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422)
	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
	at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.handler.DebugHandler.handle(DebugHandler.java:77)
	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.Server.handle(Server.java:326)
	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543)
	at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:946)
	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
	at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Caused by: java.io.IOException: There was a problem while connecting to ns.andreansky.eu:22
	at ch.ethz.ssh2.Connection.connect(Connection.java:699)
	at ch.ethz.ssh2.Connection.connect(Connection.java:490)
	at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:184)
	... 37 more
Caused by: java.net.ConnectException: Connection refused
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
	at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
	at java.net.Socket.connect(Socket.java:529)
	at ch.ethz.ssh2.transport.TransportManager.establishConnection(TransportManager.java:340)
	at ch.ethz.ssh2.transport.TransportManager.initialize(TransportManager.java:448)
	at ch.ethz.ssh2.Connection.connect(Connection.java:643)
	... 39 more
s

[soba@ukw.edu.pl]

system failure: exception during auth ;-)

Wrong auth source (problem with external ldap auth?) or bad password?

Please check user without the domain line only just 'admin' not admin@domain


Caused by: java.io.IOException: There was a problem while connecting to ns.andreansky.eu:22
Caused by: java.net.ConnectException: Connection refused



Please open ssh (22) port in your zimbra domain for zimbra software.

[SkyHiRider]

Hmm, I've changed the default ssh port (for obvious reasons . I'll have a look into that, thanks Soba!

Why does Zimbra need to ssh to the localhost?

[phoenix]

Hmm, I've changed the default ssh port (for obvious reasons .

Which 'obvious reasons'? You surely don't have port 22 visible to the internet, do you? You're behind a NAT router and that port is not accessible to anyone except users on the LAN, if you need access to the server from 'outside' then use a VPN.

[SkyHiRider]

The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine. I don't have remote root login enabled but it sill helps keeping the log files clean.

But you're right with the VPN, may get to setting that up later.

[soba@ukw.edu.pl]

The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine. I don't have remote root login enabled but it sill helps keeping the log files clean.

But you're right with the VPN, may get to setting that up later.

Use your global or local firrewall for block all connection to tcp 22 port.

you can use a VPN soolutions (openvpn, Juniper, Cisco) to menage your Zimbra server (SSH / WEB ADMIN GUI). - That is better way

Redirect 22 port to other (like 2222 or 5533) open ssh port is also not a safe solution.

[soba@ukw.edu.pl]

Not very secure solution:

If you still have an open port of the sshd (eg 5534) you can do to try to redirect the local iptables with the 127.0.0.1:5534 127.0.0.1:22 and publicIP:22 to publicIP:5534.


You can also configured your sshd for multpile address and ports (man sshd.config) and determine allow or deny hosts / port.

[phoenix]

The port is visible from the outside as the server has a public ip address and changing the default port greatly reduces the log spam of many simple bots trying to ssh to my machine.

I hate to contradict you but your mail server does not have a public IP address, your NAT router has a public IP address and you should forward only the ports that your Zimbra server requires and port 22 is not one of them. BTW, you can also use something like fail2ban to protect system.

I don't have remote root login enabled but it sill helps keeping the log files clean.

Your log files stay clean if you don't forward that port to your server.

[SkyHiRider]

Thanks for contradicting me, you're right of course

And you're right that I shouldn't forward the port, but the NAT router isn't mine so I can't change that configuration, and my ISP is sometimes hard to persuade.

[phoenix]

And you're right that I shouldn't forward the port, but the NAT router isn't mine so I can't change that configuration, and my ISP is sometimes hard to persuade.

Surely they'd be receptive to a security 'problem' that's open to your server? As I mentioned above, you might like to look at implementing fail2ban (I believe there's a couple of threads in the forums on the subject).