Zimbra Forums

Hi,

After migration to ZCS 8.8.6 + patch I have issues with Webmail users, who have configured retreival of external mail into their mailbox.
Those external account's passwords vanish after ZCS server is rebooted. For all users with external retreival configured.

I've run already zmfixperms -extended, but no joy.

Any idea?

What do you mean with "vanish"? I don't think the passwords disappear from the LDAP or do they? You can check by calling With the -l switch it will show you an obfuscated value for the attribute zimbraDataSourcePassword which is normally filtered out.

Hmmm...weird. Seems like password is there, but password hash is different:
- BEFORE I changed it, right after reboot, wrong:
zimbraDataSourcePassword: Af+auscjdbSg1Y36Vw82gNfcH1cB/CZBFy3TYvydDliH
- AFTER I changed it to correct pass:
zimbraDataSourcePassword: AQZAIvxwFWI42kL7JMdlzdJWnvM20dwheJVwpTDQlL2g
- and WEIRD...some 15 minutes later, when I did not change anything:
zimbraDataSourcePassword: Ac0hhq8lnneU44az7BFV1fbiydVlEM5uAApNu/KHBqKK

Where did the wrong one came from?
And how did it change by itself after 15 minutes?
I seems like until I reboot the box, password is correct, then after reboot it changes to something incorrect.

BTW...this box was migrated from Ubuntu 12.04 --> 14.04 and from ZCS 8.0.9 to 8.8.6 recently. Before migration I never had problems.

I had a quick peek at the code and it looks like the password is AES-encrypted; the key is a salted MD5 sum of the data source id. The value is base64 encoded, the first byte is the constant version 1 followed by 16 bytes of salt and then finally the encrypted password. The salt is randomly generated whenever the value is changed. What does this mean? To have a different value whenever the password is changed is totally normal.

But to have something™ change the password again 15 minutes later is odd. There should be a ChangeDataSourceRequest logged in mailbox.log when this happens.

Weird...it seems then that stored password does not change after all, but something else prevents access to external account.
In my case, both the original user and "external" account are on same Zimbra server. So it is internal retreival.

So, as user "A" I go to PREFERENCES --> ACCOUNTS --> select the "external" account and fill in the password.
Click on TEST = Success!
Does not matter, whether I select SSL port 993 or plain 143, works both wasy.
Select SAVE and another test goes on = Success.

I check the password hash and make a not on it.

But right after if I checl the external account's INBOX (from the "A" user's Webmail), I get error:
system failure: Folder sync failed, system failure: Synchronization of folder '/External box/INBOX' failed, system failure: Server returned no response for UID FETCH 1659 BODY.PEEK[]

And if I check password hash, it is NOT changed.

Even if I DELETE external account and recreate it after 15 minutes or so, I get the same error. TEST passes OK, but as soon as I SAVE, I get ERROR.
And it's the same for external accounts on this Zimbra server, or some 3rd party external account - does not work anymore after upgrade.

What a mess after migration/upgrade...Yeah :/



....***EDIT***
Actually, it seems like the issue occurs only with IMAP External account.
POP3 does not have problems.

And now it looks to me that I have some IMAP-related problems on server, possibly related to my other problem described here:
SSL_write failed SSL: 32: Broken pipe while proxying
viewtopic.php?f=15&t=63658