From time to time we have "runaway threads" that consume 100% CPU, a zmmailboxdctl restart "fixes" that (until it comes back).
Over the years we have had several exchanges with support about this, but so far no root cause has been identified.
Search found 259 matches
- Tue Apr 16, 2024 5:21 pm
- Forum: Administrators
- Topic: Zimbra suddently extremely slow, multiples java process eat more than 100% Cpu, bug or compromized server?
- Replies: 10
- Views: 402
- Wed Feb 28, 2024 2:42 pm
- Forum: Administrators
- Topic: LDAP do not start as zimbra but start as root.
- Replies: 3
- Views: 432
Re: LDAP do not start as zimbra but start as root.
Do you have zimbra-ldap-patch installed on your LDAP server(s)? Traditionally slapd was started as root (via sudo) to bind on port 389, and then dropped privileges to the zimbra user. This was changed some time ago to be started as zimbra, but with "cap_net_bind" capability to allow to bin...
- Thu Feb 15, 2024 8:12 pm
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1069
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
No need for all this trickery, merely having cpio installed on your system doesn't make it vulnerable, only amavisd using it to extract untrusted input.
If you're on Zimbra 8.8.15 P40 / 9.0.0 P33 / 10.0.1 or newer, amavisd no longer uses cpio, even if pax is missing.
If you're on Zimbra 8.8.15 P40 / 9.0.0 P33 / 10.0.1 or newer, amavisd no longer uses cpio, even if pax is missing.
- Wed Feb 14, 2024 11:36 am
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1069
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
Removing cpio will break generation of initramfs on Red Hat based Linux distributions. This has been warned for on this forum before.
amavisd not using cpio anymore should be sufficient.
amavisd not using cpio anymore should be sufficient.
- Tue Feb 13, 2024 4:39 pm
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1069
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
There's still a big difference. You cannot make cpio execute commands, you could only make it write files to arbitrary destinations.
But if you can put an executable .jsp under /opt/zimbra/jetty/webapps/zimbra/public, you can execute it by calling the corresponding URL...
But if you can put an executable .jsp under /opt/zimbra/jetty/webapps/zimbra/public, you can execute it by calling the corresponding URL...
- Tue Feb 13, 2024 3:23 pm
- Forum: Administrators
- Topic: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
- Replies: 7
- Views: 1069
Re: New CPIO vulnerability (CVE-2023-7216). Zimbra affected?
Looks very similar indeed, this could trick amavis (using cpio) to write files into /opt/zimbra/jetty/webapps/zimbra/public, which contains executable code. This was initially fixed by installing pax, and later by avoiding cpio altogether . But the real underlying issue of this –and several other Zi...
- Wed Feb 07, 2024 3:15 pm
- Forum: Administrators
- Topic: How to delete any email from every mail accounts before specific year or date?
- Replies: 4
- Views: 537
Re: How to delete any email from every mail accounts before specific year or date?
In a multi-server environment, you may need to run "zmprov fc config" (flush config cache) to take config changes into account (only the server on which you ran zmprov to change the config "knows" about it).
Then watch your mailbox.log for "MailboxPurge" activity.
Then watch your mailbox.log for "MailboxPurge" activity.
- Wed Feb 07, 2024 9:20 am
- Forum: Administrators
- Topic: Date & Time format in COS
- Replies: 2
- Views: 381
Re: Date & Time format in COS
This is encoded in /opt/zimbra/jetty/webapps/zimbra/WEB-INF/classes/messages/I18nMsg.properties. You may want to copy (some of) the values from I18nMsg_en_GB.properties to get d/m/y and 24h clock etc. Then, run "zmprov fc uistrings" to reload. Beware, these files are part of the zimbra-mbo...
- Mon Feb 05, 2024 1:04 pm
- Forum: Administrators
- Topic: How to delete any email from every mail accounts before specific year or date?
- Replies: 4
- Views: 537
Re: How to delete any email from every mail accounts before specific year or date?
You can let Zimbra's "Mailbox Purge" job do the work, by setting zimbraMailMessageLifetime=3y (3 years) on COS level.
Wait until the thread has passed by all mailboxes, before setting it back to 0.
Wait until the thread has passed by all mailboxes, before setting it back to 0.
- Mon Jan 29, 2024 3:01 pm
- Forum: Administrators
- Topic: missing mailbox size (Classic UI) after Update von 10.x
- Replies: 2
- Views: 291
Re: missing mailbox size (Classic UI) after Update von 10.x
You can hover over the mailbox usage bar in the top right, under your login name. A mouseover message will appear with your mailbox size (%) and total quota.