Users get 'Network service error', and mailbox.log shows 'Access to IP x.x.x.x suspended, for repeated failed login'
Users get 'Network service error', and mailbox.log shows 'Access to IP x.x.x.x suspended, for repeated failed login'
Purpose
Users get 'Network service error', and mailbox.log shows 'Access to IP x.x.x.x suspended, for repeated failed login'
Resolution
Add the IP to the safe IP list:
zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.2.1 zmprov ms `zmhostname` +zimbraHttpThrottleSafeIPs 192.168.2.1 zmmailboxdctl restart
This is our feature in 8.5+ to prevent a malicious IP from trying brute force attacks.
But it can come up if all the users of a network access the mail server via a single gateway, and that gateway shows up as the originating IP for all the users. Thus even if a couple of users set incorrect passwords a few times, the IP gets blacklisted, blocking out all the users.
These values are also of interest, and can be changed:
zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating: 15 zimbraInvalidLoginFilterMaxFailedLogin: 10 zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin: 5
- zimbraInvalidLoginFilterDelayInMinBetwnRegBeforeReinstating sets how long an IP is blocked.
- zimbraInvalidLoginFilterMaxFailedLogin sets the number of failed logins before an IP is blocked.
- zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin sets how long between running the process to unblock IPs.
Additional Content
- Please see this for more information: https://wiki.zimbra.com/wiki/DoSFilter#Using_the_DoSFilter_To_Block_IPs_on_Repeated_Failed_Login_-_ZCS_8.5.2B_Only