Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

doMailboxMove leads to broken mailbox

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
thomas.klaube
Posts: 43
Joined: Sat Nov 30, 2013 5:17 am
Location: Stuttgart
ZCS/ZD Version: 8.8.15P33
Contact:

doMailboxMove leads to broken mailbox

Postby thomas.klaube » Thu Sep 22, 2022 9:05 am

Hi all,

on a Zimbra 8.8.15 multiserver setup we moved a mailbox to another server. On zimbra01.server.com we did:

zxsuite hsm doMailboxMove zimbra02.server.com accounts some@account.com

the move started and was interrupted after some time (>1h). The mailbox is now on zimbra02.server.com (was on zimbra01.server.com before) but only fraction of the mailbox was moved. The vast majority of the items is missing. What now? The data is still available on zimbra01.server.com as we did not purge the old mailbox. But how could I "revert" the doMailboxMove in a safe way and just use the "old" mailbox data on zimbra01.server.com? Let's pretend we don't care about the mails that have been received in the meantime....

We will open a supportcall for this, but if anyone knows about a "dirty trick" I would be happy to try it out...

Thanx and reagards
Thomas


User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2457
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: doMailboxMove leads to broken mailbox

Postby L. Mark Stone » Thu Sep 22, 2022 12:25 pm

What does the op_doMailboxMove_*.log file say?

In a successful mailbox move, the log will show that it has moved all of the blobs, followed by suspending the drive index for the account, moving the index files and resuming the indexing on the destination server. It will then show a table of statistics about the move, including errors, like this:

Code: Select all

2022-03-17 10:52:13,290 INFO  --
 Moved accounts        :     1/1
 Moved domains         :     0/0
 Moved blobs           :     9756/9756
 Error blobs           :     0
 Moved drive blobs     :     0/0
 Errors on drive blobs :     0
 Moved indexes         :     1
 Error indexes         :     0
 Moved zimbra db items :     35011/35011
 Error zimbra db items :     0
 Moved drive db items  :     0
 Error drive db items  :     0
 Moved chat db items   :     0
 Error chat db items   :     0
 Moved backup items    :     0
 Error backup items    :     0
 Moved auth db items   :     0
 Error auth db items   :     0
 Non local accounts    :     0



Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
User avatar
thomas.klaube
Posts: 43
Joined: Sat Nov 30, 2013 5:17 am
Location: Stuttgart
ZCS/ZD Version: 8.8.15P33
Contact:

Re: doMailboxMove leads to broken mailbox

Postby thomas.klaube » Thu Sep 22, 2022 1:09 pm

Hi Mark,

L. Mark Stone wrote:What does the op_doMailboxMove_*.log file say?


The file says:

Code: Select all

2022-09-22 07:41:26,488 some@account.com INFO Begin visit account some@account.com
2022-09-22 07:41:26,488 some@account.com WARN Account some@account.com does not have mailbox
2022-09-22 07:41:27,369 some@account.com INFO End visit account some@account.com
2022-09-22 07:41:27,369 INFO  --
 Moved accounts        :     1/1
 Moved domains         :     0/0
 Moved blobs           :     0/0
 Error blobs           :     0
 Moved drive blobs     :     0/0
 Errors on drive blobs :     0
 Moved indexes         :     0
 Error indexes         :     0
 Moved zimbra db items :     0/0
 Error zimbra db items :     0
 Moved drive db items  :     0
 Error drive db items  :     0
 Moved chat db items   :     0
 Error chat db items   :     0
 Moved backup items    :     0
 Error backup items    :     0
 Moved auth db items   :     0
 Error auth db items   :     0
 Non local accounts    :     0


What happend: The Zimbra System has 3 mailbox servers. The doMailboxMove was issued from the wrong server - the mailbox was not on zimbra01.server.com as I wrote before, but on zimbra03.server.com...So i guess, the doMailboxMove did not find a local mailbox and just created an empty mailbox on the destination server (zimbra02.server.com). The few items the user found in this mailbox were just some new mails that arrived in the morning...

What will happen if I just change the zimbraMailTransport and zimbraMailHost back to the old server for this user (maybe restart mailboxd, flush cache, etc...)?

Regards
Thomas
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2457
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: doMailboxMove leads to broken mailbox

Postby L. Mark Stone » Thu Sep 22, 2022 3:01 pm

Time to open a Support Case; you'll have two mailboxes to consolidate.
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
User avatar
thomas.klaube
Posts: 43
Joined: Sat Nov 30, 2013 5:17 am
Location: Stuttgart
ZCS/ZD Version: 8.8.15P33
Contact:

Re: doMailboxMove leads to broken mailbox

Postby thomas.klaube » Thu Sep 22, 2022 3:56 pm

Hi Mark,

L. Mark Stone wrote:Time to open a Support Case; you'll have two mailboxes to consolidate.


I opened the Support Case instantaneously when I realised what happend... Zimbra is already looking into this issue - but it takes some time I guess....
The mailbox is huge the user received only some mails in the last hours. So these few items could easily be exported/imported. I only need a way to
reactivate the old mailbox.... Let's see what Zimbra Support suggests...

Thanx and regards
Thomas
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2457
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: doMailboxMove leads to broken mailbox

Postby L. Mark Stone » Mon Sep 26, 2022 1:14 pm

Please be sure to comment on the case that reactivating the old mailbox is a sufficient workaround for the moment. That's something that Zimbra Support should be able to help you with quickly.

But, you could always create a brand-new mailbox for the user (renaming the existing accounts as needed), and then use IMAPSYNC to move mail from the two partial mailboxes to the brand-new mailbox.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 26 guests