Hi,
I have configured fail2ban for z-push to identify user authentification failure.
It's works well but I have a issue.
Every night, I stop the backend for backup purpose. (30min)
Then every device trying to sync during this time is banned because the authentification to the backend is unavailable.
Is there a way to distinguish wrong credentials and backend timeout to ban only for wrong credentials ?
Regards
Sylvain
Hi Sylvain,
what exactly do mean you stop the backend?
If the authentication is not available, then there's no way to tell if the credentials are right or wrong.
Manfred
Please do not PM me asking for support. Use the forum instead. Thank you.
I usually check the mobility thread at the end of the day, so please have some patience if there's no immediate response. Asking to look at certain thread per PM won't result in a faster answer.
z-push and the zimbra backend are on different servers (VM).
Every night I s"savestate" the Zimbra VM, clone it and then restart it.
During this process Z-push is still receiving sync request but Zimbra is unavailable.
So every sync request fall in timeout but z-push log it as wrong authentification.
I'm asking a RFC to log this case as timeout or unavailable backend instead of wrong authentification.
I hope it's more clear.
regards
Hi Sylvain,
is it the suggested way to backup Zimbra (I don't know much about Zimbra)?
You could also configure the Z-Push VM to respond with e.g. 503 (Service Temporarily Unavailable) or some other 500 code. However it might happen that the devices will do a complete resync when they connect again.
Manfred
Please do not PM me asking for support. Use the forum instead. Thank you.
I usually check the mobility thread at the end of the day, so please have some patience if there's no immediate response. Asking to look at certain thread per PM won't result in a faster answer.
Posting Permissions
Reply With Quote
Bookmarks