Results 1 to 6 of 6

Thread: mailbox.log entries explanation

  1. #1
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    4

    Default mailbox.log entries explanation

    Please have a look at these entries in an old mailbox.log file,

    Code:
    2012-05-20 17:05:14,264 INFO  [btpool0-17://mail.example.com:7071/service/admin/soap/] [name=admin@example.com;ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for abuse, invalid password
    2012-05-20 23:17:34,802 INFO  [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for test, account not found
    2012-05-20 23:17:35,892 INFO  [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for info, account not found
    2012-05-20 23:17:36,987 INFO  [btpool0-20://mail.example.com:7071/service/admin/soap/] [name=admin@example.com;ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for admin, invalid password
    2012-05-20 23:17:41,052 INFO  [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;] SoapEngine - handler exception: authentication failed for webmaster, account not found
    I don't understand where these failed login attempts originate, e.g. is it from the admin console because it says mail.example.com:7071 or is it from the LAN because the server's IP is shown?

    I have very strong passwords on all accounts and failed login policy enabled. The admin console is only accessible on the LAN and the server is behind a firewall with ports 443, 587, 993 and 25 open.

    How concerned should I be regarding the entries shown above?

  2. #2
    ccelis5215 is offline Elite Member
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    442
    Rep Power
    3

    Default

    Yonatan, the logs indicates that your accounts were tested (admin, info, abuse) without success.

    You can also check audit.log.

    ccelis.

  3. #3
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    4

    Default

    I've been searching the zimbra docs and I still can't understand the log entries.

    Specifically,

    Code:
    [btpool0-18://mail.example.com:7071/service/admin/soap/] [ip=192.168.52.80;]
    7071 is the admin console and 192.168.52.80 is the server LAN IP. So, where are the failed login attempts coming from?

  4. #4
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    4

    Default

    Quote Originally Posted by ccelis5215 View Post
    Yonatan, the logs indicates that your accounts were tested (admin, info, abuse) without success.

    You can also check audit.log.

    ccelis.
    ccelis I understand that, but I still don't get from where

  5. #5
    ccelis5215 is offline Elite Member
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    442
    Rep Power
    3

    Default

    Hi, take a look.. Hacked account sending spam

    As you see, shows entries in three logs.

    Hope helps understand.

    ccelis

  6. #6
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    4

    Default

    Quote Originally Posted by ccelis5215 View Post
    Hi, take a look.. Hacked account sending spam

    As you see, shows entries in three logs.

    Hope helps understand.

    ccelis
    Thanks for the link ccelis. Unfortunately, it doesn't explain the parts of the log entries that I would like to know. Odd that Zimbra's documentation isn't clearer on these kinds of things.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Corrupted database cause mailbox to halt
    By simba5140 in forum Migration
    Replies: 3
    Last Post: 06-04-2012, 03:29 PM
  2. [SOLVED] Re-creating the spam training e-mail account
    By richard-hdd in forum Administrators
    Replies: 21
    Last Post: 03-20-2012, 07:34 AM
  3. Admin PowerTip: Mailbox.log
    By jholder in forum Administrators
    Replies: 1
    Last Post: 10-21-2009, 10:45 AM
  4. Calendar entries uneditable...
    By Guest6400 in forum Administrators
    Replies: 2
    Last Post: 03-30-2007, 03:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •