Solved : Zimbra Webmail stuck after Login

Posted by

Today, I received a question about stuck after login on Zimbra webmail from my friend. Most of them are using Zimbra that affected by bug XXE/SSRF.

Zimbra Webmail stuck after login because there is a change of permission in the webapps folder. To solve the problem, you can try this workaround

Fix permissions

su - zimbra -c 'zmcontrol stop'
/opt/zimbra/libexec/zmfixperms -e -v

Then perform this command

cd /opt/zimbra/mailboxd
find webapps -type d -exec chmod 0755 {} \;
find webapps -type f -exec chmod 0644 {} \;
su - zimbra -c 'zmcontrol restart'

Please try again to log in to Zimbra webmail.

Update :

If you have a problem when uploading an attachment, please run this command

chown zimbra.zimbra /opt/zimbra/data/tmp
chown zimbra.zimbra /opt/zimbra/data/tmp/upload
chmod 777 /opt/zimbra/data/tmp
chmod 750 /opt/zimbra/data/tmp/upload

Permanent solution: Upgrade your Zimbra server to the latest version. If you need prof service from me, don’t hesitate to contact me from this form: https://imanudin.net/contact/ πŸ™‚

source: https://forums.zimbra.org/viewtopic.php?f=15&t=66213#p290497

27 comments

  1. om saya dari 8.5 masih problem juga , mau upgrade ke 8.8 muncul error

    ZCS upgrade from 8.5.0 to 8.8.12 will be performed.
    Checking for existing proxy service in your environment
    Error connecting to LDAP server: ldap://xx.xx.xx:389 at bin/checkService.pl line 55.
    Error: Unable to contact the LDAP server.

    1. OKe saya skip dulu 8.8 nya
      upgrade ke 8.6 sementara sudah normal webmail nya,
      tapi user tidak bisa attachment
      ketemu error di mailbox.log
      FileUploadServlet – Unable to store upload. Deleting name=Contoh.pdf, StoreLocation=/opt/zimbra/data/tmp/upload/upload_4fc903c6_16af78af7d3__8000_00000447.tmp

      1. saya update…
        ternyata ini penyebabnya
        /opt/zimbra/data/tmp/upload kurang permission execute jadi gak bisa masuk ke dir tstb

        1. beberapa hari lalu saya mengalami kasus yang sama tidak bisa mengirim attachment, attribut folder upload awalnya 555 saya rubah menjadi 755 berhasil..tapi beberapa saat kemudian terjadi lagi, saya rubah lagi attribut foldernya bisa, saat ini saya coba rubah attribut folder upload tidak bisa selalu kembali ke attribut 555 (awalnya bisa tapi beberapa saat kemudian kembali menjadi 555), kira2 bisa bantu gak bagaimana caranya , soalnya masih tidak bisa kirim attachment.

          terima kasih

          1. sebagai informasi tambahan saya menggunakan zimbra versi :
            Release 8.6.0.GA.1153.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.6.0_P14.
            sudah saya patch ke patch terbaru versi 14.

          2. terima kasih p’iman atas responsenya,
            saya sudah melakukan pengecekan berdasarkan referensi dari : https://saad.web.id/2019/04/cara-menangani-bugs-zimbra-xxe-atau-ssrf/

            point 1-4 tidak saya temukan..untuk zmcat saya temukan di /var/tmp
            attribut dan kepemilikan sementara saya set menjadi 644 root:root

            penyebab folder upload tidak bisa dirubah attributnya adalah :
            zmcheckexpiredcerts dan ditemukan di crontab zimbra,

            setelah saya rubah attribut dan kepemilikan file, folder upload bisa dirubah dan bisa bertahan 1 hari, hanya yang menjadi masalah setiap di hapus di crontab zimbra, beberapa saat kemudian muncul kembali :

            */60 * * * * /opt/zimbra/lib/zmcheckexpiredcerts
            biasanya muncul bersama : */30 * * * * /opt/zimbra/log/zmswatcher

            saya masih mencoba mencari solusinya, karena saya masih awam di system linux.

  2. Wah barusan tadi pagi saya ngalamin problem ini.
    Problem solve, salam buat teman nya ya mas Iman πŸ™‚

  3. I am also facing the same type of issue, (most probably after getting Windows 10 1809 update during this weekend).
    My Zimbra version is 8.5.1_GA_3056.FOSS all of my users are facing the loading stuck issue when using Ajax.

    I have tried all the solutions available on this forum (changing initial inbox to sent, changing alternative browsers, etc. but none of them is working and only Standard(HTML) version and Mobile versions are working)

    Can anyone help or facing this issue during these days ? (around 25th May 2019)

    1. hi om,

      hari ini saya dapat problem ya sama,
      sudah coba cara di atas tp masih belum bisa, need help mas πŸ™

      1. Hi,

        Now i receiving below mentioned error.

        Starting mailboxd…[] WARN: failed to read keystore file
        java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
        at java.security.KeyStore.load(KeyStore.java:1433)
        at com.zimbra.common.net.CustomTrustManager.loadKeyStore(CustomTrustManager.java:193)
        at com.zimbra.common.net.CustomTrustManager.(CustomTrustManager.java:55)
        at com.zimbra.common.net.CustomTrustManager.(CustomTrustManager.java:64)
        at com.zimbra.common.net.TrustManagers.customTrustManager(TrustManagers.java:56)
        at com.zimbra.cs.ldap.unboundid.LdapSSLUtil.getTrustManager(LdapSSLUtil.java:84)
        at com.zimbra.cs.ldap.unboundid.LdapSSLUtil.createSSLContext(LdapSSLUtil.java:89)
        at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:105)
        at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:63)
        at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:100)
        at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:39)
        at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:65)
        at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:88)
        at com.zimbra.cs.account.ldap.LdapProv.(LdapProv.java:48)
        at com.zimbra.cs.account.ldap.LdapProvisioning.(LdapProvisioning.java:265)
        at com.zimbra.cs.account.ldap.LdapProvisioning.(LdapProvisioning.java:262)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
        at java.lang.Class.newInstance(Class.java:433)
        at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:286)
        at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:243)
        at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:820)
        at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3793)
        Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
        … 26 more
        [] WARN: backup keystore not found

        .

        Kindly help to solve

  4. Hail Mas Iman……

    Our Savior………

    Terima kasih banyak sudah menjawab pertanyaan saya…..

    Regards,
    JM

  5. Thank you very much for this. But after change the permission i have face 2 of our zimbra servers clamv services getting stopped after some time. Can you please help me on this ?

  6. Hi

    After applying your solution it was working fine but after a day there is the same issue.

    Can’t understand what to do

  7. You may need to check the process on your server.
    In my case, i have found there is a LSD malware running named .ntp, .kswapd and modified the zimbra crontab.

    Thanks

  8. om,
    chmod 750 /opt/zimbra/data/tmp/upload

    saya cek berubah lg ke 550.

    biar ga balik lg gmn caranya om ?

    Terimakasih

Leave a Reply to Pandiyan Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.