Posted by Today, I received a question about stuck after login on Zimbra webmail from my friend. Most of them are using Zimbra that affected by bug XXE/SSRF.
Zimbra Webmail stuck after login because there is a change of permission in the webapps folder. To solve the problem, you can try this workaround
Fix permissions
su - zimbra -c 'zmcontrol stop'
/opt/zimbra/libexec/zmfixperms -e -v
Then perform this command
cd /opt/zimbra/mailboxd
find webapps -type d -exec chmod 0755 {} \;
find webapps -type f -exec chmod 0644 {} \;
su - zimbra -c 'zmcontrol restart'
Please try again to log in to Zimbra webmail.
Update :
If you have a problem when uploading an attachment, please run this command
chown zimbra.zimbra /opt/zimbra/data/tmp
chown zimbra.zimbra /opt/zimbra/data/tmp/upload
chmod 777 /opt/zimbra/data/tmp
chmod 750 /opt/zimbra/data/tmp/upload
Permanent solution: Upgrade your Zimbra server to the latest version. If you need prof service from me, don’t hesitate to contact me from this form: https://imanudin.net/contact/ π
source: https://forums.zimbra.org/viewtopic.php?f=15&t=66213#p290497
om saya dari 8.5 masih problem juga , mau upgrade ke 8.8 muncul error
ZCS upgrade from 8.5.0 to 8.8.12 will be performed.
Checking for existing proxy service in your environment
Error connecting to LDAP server: ldap://xx.xx.xx:389 at bin/checkService.pl line 55.
Error: Unable to contact the LDAP server.
OKe saya skip dulu 8.8 nya
upgrade ke 8.6 sementara sudah normal webmail nya,
tapi user tidak bisa attachment
ketemu error di mailbox.log
FileUploadServlet – Unable to store upload. Deleting name=Contoh.pdf, StoreLocation=/opt/zimbra/data/tmp/upload/upload_4fc903c6_16af78af7d3__8000_00000447.tmp
saya update…
ternyata ini penyebabnya
/opt/zimbra/data/tmp/upload kurang permission execute jadi gak bisa masuk ke dir tstb
Sip mas. Mantaps
beberapa hari lalu saya mengalami kasus yang sama tidak bisa mengirim attachment, attribut folder upload awalnya 555 saya rubah menjadi 755 berhasil..tapi beberapa saat kemudian terjadi lagi, saya rubah lagi attribut foldernya bisa, saat ini saya coba rubah attribut folder upload tidak bisa selalu kembali ke attribut 555 (awalnya bisa tapi beberapa saat kemudian kembali menjadi 555), kira2 bisa bantu gak bagaimana caranya , soalnya masih tidak bisa kirim attachment.
terima kasih
sebagai informasi tambahan saya menggunakan zimbra versi :
Release 8.6.0.GA.1153.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.6.0_P14.
sudah saya patch ke patch terbaru versi 14.
dr-xr-x— 2 zimbra zimbra 4096 Jun 11 15:12 upload
Hi mas,
Coba dicek dulu dan dipatch Zimbranya. Silakan ikuti intruksi pada link berikut untuk mengecek kemungkinan malware yang ada : https://lorenzo.mile.si/zimbra-cve-2019-9670-being-actively-exploited-how-to-clean-the-zmcat-infection/961/
terima kasih p’iman atas responsenya,
saya sudah melakukan pengecekan berdasarkan referensi dari : https://saad.web.id/2019/04/cara-menangani-bugs-zimbra-xxe-atau-ssrf/
point 1-4 tidak saya temukan..untuk zmcat saya temukan di /var/tmp
attribut dan kepemilikan sementara saya set menjadi 644 root:root
penyebab folder upload tidak bisa dirubah attributnya adalah :
zmcheckexpiredcerts dan ditemukan di crontab zimbra,
setelah saya rubah attribut dan kepemilikan file, folder upload bisa dirubah dan bisa bertahan 1 hari, hanya yang menjadi masalah setiap di hapus di crontab zimbra, beberapa saat kemudian muncul kembali :
*/60 * * * * /opt/zimbra/lib/zmcheckexpiredcerts
biasanya muncul bersama : */30 * * * * /opt/zimbra/log/zmswatcher
saya masih mencoba mencari solusinya, karena saya masih awam di system linux.
Wah barusan tadi pagi saya ngalamin problem ini.
Problem solve, salam buat teman nya ya mas Iman π
I am also facing the same type of issue, (most probably after getting Windows 10 1809 update during this weekend).
My Zimbra version is 8.5.1_GA_3056.FOSS all of my users are facing the loading stuck issue when using Ajax.
I have tried all the solutions available on this forum (changing initial inbox to sent, changing alternative browsers, etc. but none of them is working and only Standard(HTML) version and Mobile versions are working)
Can anyone help or facing this issue during these days ? (around 25th May 2019)
Hello,
Have you tried the solution of this article?
hi om,
hari ini saya dapat problem ya sama,
sudah coba cara di atas tp masih belum bisa, need help mas π
hi,
Now we not able to upload attachment’s
Hello,
Please read the update
Hi,
Now i receiving below mentioned error.
Starting mailboxd…[] WARN: failed to read keystore file
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1433)
at com.zimbra.common.net.CustomTrustManager.loadKeyStore(CustomTrustManager.java:193)
at com.zimbra.common.net.CustomTrustManager.(CustomTrustManager.java:55)
at com.zimbra.common.net.CustomTrustManager.(CustomTrustManager.java:64)
at com.zimbra.common.net.TrustManagers.customTrustManager(TrustManagers.java:56)
at com.zimbra.cs.ldap.unboundid.LdapSSLUtil.getTrustManager(LdapSSLUtil.java:84)
at com.zimbra.cs.ldap.unboundid.LdapSSLUtil.createSSLContext(LdapSSLUtil.java:89)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:105)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:63)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:100)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:39)
at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:65)
at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:88)
at com.zimbra.cs.account.ldap.LdapProv.(LdapProv.java:48)
at com.zimbra.cs.account.ldap.LdapProvisioning.(LdapProvisioning.java:265)
at com.zimbra.cs.account.ldap.LdapProvisioning.(LdapProvisioning.java:262)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at java.lang.Class.newInstance(Class.java:433)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:286)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:243)
at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:820)
at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3793)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
… 26 more
[] WARN: backup keystore not found
.
Kindly help to solve
Thank Very Nice work
Hail Mas Iman……
Our Savior………
Terima kasih banyak sudah menjawab pertanyaan saya…..
Regards,
JM
Thank you very much for this. But after change the permission i have face 2 of our zimbra servers clamv services getting stopped after some time. Can you please help me on this ?
Hi
After applying your solution it was working fine but after a day there is the same issue.
Can’t understand what to do
if you’re on 8.5 i suggest you to upgrade your zcs immediately
is there any tutorial for up gradation
You may need to check the process on your server.
In my case, i have found there is a LSD malware running named .ntp, .kswapd and modified the zimbra crontab.
Thanks
Hello Asrar Abu Khair,
Thank you for your sharing. Noted
thank you.
om,
chmod 750 /opt/zimbra/data/tmp/upload
saya cek berubah lg ke 550.
biar ga balik lg gmn caranya om ?
Terimakasih