users deleted form distribution lists

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
lethargos
Posts: 19
Joined: Thu Oct 20, 2016 12:32 pm

users deleted form distribution lists

Post by lethargos »

Every once in a while, some random users, as far I as could tell, are removed from their distribution lists for no apparent reason. Ever since I noticed this, I created a script so that zimbra would send a daily report with all users and their membership. That didn't actually help a lot, except for that fact that I know when this happens. Of course, usually the damage has been done by the time the user calls me and tells me he's not receiving e-mails anymore. This time over a month has passed. I've no idea what is going on, I don't remember making any alterations to the user's profile, except increasing his mailbox size, which I did a few days ago - so I can't have removed him from the distribution lists by mistake.

Any ideas what is going on and how I can troubleshoot this?
Zimbra Version: 8.6.0_GA_1162.
Centos 7.3.1611

It's also worth mentioning that the authentication is done through active directory (ldap) on a Windows Server 2012 R2.
Last edited by lethargos on Thu Feb 16, 2017 7:29 am, edited 1 time in total.
User avatar
vavai
Advanced member
Advanced member
Posts: 174
Joined: Thu Nov 14, 2013 2:41 pm
Location: Indonesia
ZCS/ZD Version: 0
Contact:

Re: users deleted form distribution lists

Post by vavai »

Hi,
lethargos wrote:Every once in a while, some random users, as far I as could tell, are removed from their distribution lists for no apparent reason. Ever since I noticed this, I created a script so that zimbra would send a daily report with all users and their membership. That didn't actually help a lot, except for that fact that I know when this happens. Of course, usually the damage has been done by the time the user calls me and tell me he's not receiving e-mails anymore. This time over a month has passed. I've no idea what is going on, I don't remember making any alternations to the user's profile, except increasing his mailbox size, which I did a few days ago - so I can't have removed him from the distribution lists by mistake.

Any ideas what is going on and how I can troubleshoot this?
Zimbra Version: 8.6.0_GA_1162.
Centos 7.3.1611

It's also worth mentioning that the authentication is done through active directory (ldap) on a Windows Server 2012 R2.
Most process on Zimbra will be recorded on Zimbra logs, so you may looking at mailbox.log (or any other related logs) to see whether it records removal process or not.

As you are using external auth with AD, do you have an auto provisioning script for adding (or removing) user account/dist list automatically?
lethargos
Posts: 19
Joined: Thu Oct 20, 2016 12:32 pm

Re: users deleted form distribution lists

Post by lethargos »

There's no script, if I delete a zimbra account, it doesn't also delete the AD username, if that's what you mean. Only the authentication is configured and it works fine as it is.

The distribution lists are independent of AD, they work only internally. One solution would have been a synchronization in AD with groups that act as distribution lists, indeed, but that's not the case.

I'm not sure where I'm supposed to be looking exactly for distribution list logs. I'm not really sure that zimbra actually logs this. Simply searching the logs is a little bit of a huge task, given how big and diverse the logs are and given that I don't even have any keywords to search after.

Anyway, I did have a look at mailbox.log, but there doesn't seem to be anything related to this (logins, logouts, etc.)
jnewport
Posts: 7
Joined: Thu Apr 28, 2016 7:04 am

Re: users deleted form distribution lists

Post by jnewport »

I have experienced this problem also. Every once in a while, a random user will contact our Helpdesk saying they are no longer receiving emails sent to distribution lists they expect to receive. When we check they have lost membership to all distribution lists they had before.

It has occurred on the following versions:

8.7.0 GA Release - Ubuntu 14.04 LTS
8.7.1 GA Release - Ubuntu 14.04 LTS
8.7.3 GA Release - Ubuntu 14.04 LTS
8.7.4 GA Release - Ubuntu 14.04 LTS
8.7.5 GA Release - Ubuntu 14.04 LTS

We have 1066 accounts in our Zimbra on a multi-server installation.
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 632
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12

Re: users deleted form distribution lists

Post by ccelis5215 »

lethargos wrote: I'm not sure where I'm supposed to be looking exactly for distribution list logs. I'm not really sure that zimbra actually logs this. Simply searching the logs is a little bit of a huge task, given how big and diverse the logs are and given that I don't even have any keywords to search after.
Hi, take a look in audit.log.

I've just remove a member of an existing distribution list using Admin UI.

Code: Select all

2017-04-21 09:03:00,952 INFO  [qtp1508221996-3296:https://192.168.127.99:7071/service/admin/soap/ModifyDistributionListRequest] [name=adminaccount@domain.com;mid=1;ip=192.168.127.89;ua=ZimbraWebClient - GC59 (Win);] security - cmd=ModifyDistributionList; name=examplelist@domain.com;
2017-04-21 09:03:00,964 INFO  [qtp1508221996-3261:https://192.168.127.99:7071/service/admin/soap/RemoveDistributionListMemberRequest] [name=adminaccount@domain.com;mid=1;ip=192.168.127.89;ua=ZimbraWebClient - GC59 (Win);] security - cmd=RemoveDistributionListMember; name=examplelist@domain.com; member=[memberlist@domain.com];
lethargos
Posts: 19
Joined: Thu Oct 20, 2016 12:32 pm

Re: users deleted form distribution lists

Post by lethargos »

grep -i modify /var/log/audit/* returns absolutely nothing. I've also search after the name of a user whom I removed from a few distribution lists just yesterday. Zimbra doesn't seem to log anything related to this, at least not on my server. Of course, when I say "remove", I'm talking about the GUI, not about the command line. And I seem to have the same issue this user seems to have (viewtopic.php?t=59244), although it doesn't happen whenever a user logs out. I haven't been able to associate it with anything, but very often in the "Member of" section it keeps saying "Loading" when a user has been removed from all distribution lists.
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 632
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12

Re: users deleted form distribution lists

Post by ccelis5215 »

lethargos wrote:grep -i modify /var/log/audit/* returns absolutely nothing. I've also search after the name of a user whom I removed from a few distribution lists just yesterday. Zimbra doesn't seem to log anything related to this, at least not on my server. Of course, when I say "remove", I'm talking about the GUI, not about the command line. And I seem to have the same issue this user seems to have (viewtopic.php?t=59244), although it doesn't happen whenever a user logs out. I haven't been able to associate it with anything, but very often in the "Member of" section it keeps saying "Loading" when a user has been removed from all distribution lists.
Logs in /opt/zimbra/log ...

ccelis
jnewport
Posts: 7
Joined: Thu Apr 28, 2016 7:04 am

Re: users deleted form distribution lists

Post by jnewport »

ccelis5215 wrote: Hi, take a look in audit.log.

I've just remove a member of an existing distribution list using Admin UI.

Code: Select all

2017-04-21 09:03:00,952 INFO  [qtp1508221996-3296:https://192.168.127.99:7071/service/admin/soap/ModifyDistributionListRequest] [name=adminaccount@domain.com;mid=1;ip=192.168.127.89;ua=ZimbraWebClient - GC59 (Win);] security - cmd=ModifyDistributionList; name=examplelist@domain.com;
2017-04-21 09:03:00,964 INFO  [qtp1508221996-3261:https://192.168.127.99:7071/service/admin/soap/RemoveDistributionListMemberRequest] [name=adminaccount@domain.com;mid=1;ip=192.168.127.89;ua=ZimbraWebClient - GC59 (Win);] security - cmd=RemoveDistributionListMember; name=examplelist@domain.com; member=[memberlist@domain.com];
I've checked our audit.log around the time that it occurred using the command: zgrep "RemoveDistributionListMember" /opt/zimbra/log/audit.log*

This showed there were 9 sequential entries for "cmd=RemoveDistributionListMember" by an admin.

Code: Select all

audit.log.2017-04-18.gz:2017-04-18 09:07:27,665 INFO  [qtp66233253-305662:https:https://smtp.example.com:7071/service/admin/soap/RemoveDistributionListMemberRequest] [name=admin@example.com;mid=34;ip=internal-ip;port=internal-port;ua=ZimbraWebClient - FF47 (Linux);] security - cmd=RemoveDistributionListMember; name=list1@example.com; member=[affected-user@example.com, affected-user@example.com];
...
audit.log.2017-04-18.gz:2017-04-18 09:07:28,042 INFO  [qtp66233253-305997:https:https://smtp.example.com:7071/service/admin/soap/RemoveDistributionListMemberRequest] [name=admin@example.com;mid=34;ip=internal-ip;port=internal-port;ua=ZimbraWebClient - FF47 (Linux);] security - cmd=RemoveDistributionListMember; name=list9@example.com; member=[affected-user@example.com, affected-user@example.com];
I confirmed that the admin only changed the account status of the affected user from "Lockout" to "Active" and there is an audit.log entry just before the 9 entries for "cmd=RemoveDistributionListMember" that confirms the account status was modified.

Code: Select all

2017-04-18 09:07:27,539 INFO  [qtp66233253-305323:https:https://smtp.example.com:7071/service/admin/soap/ModifyAccountRequest] [name=admin@example.com;mid=34;ip=internal-ip;port=internal-port;ua=ZimbraWebClient - FF47 (Linux);] security - cmd=ModifyAccount; name=affected-user@example.com; zimbraPasswordLockoutFailureTime=; zimbraAccountStatus=active; zimbraPasswordLockoutLockedTime=; zimbraMailStatus=enabled;
How does editing an account in the Zimbra Administration Console result in the account's membership of all distribution lists being removed?

We have noticed that when viewing the Zimbra Administration Console in Firefox, when editing an account, occasionally the "Member Of" > "Direct Member Of" section will show "Loading..." forever and won't show what distribution lists that account is a member of. When this occurs and you edit the account and hit save, does Zimbra Admin Console interpret that empty "Direct Member Of" field as the admin user has clicked "Remove All"? Seems likely that it does.

Our work around for this issue for the time being will be to use Chrome instead of Firefox when using the Zimbra Administration Console as I can't remember seeing the empty "Member Of" > "Direct Member Of" issue in Chrome.
lethargos
Posts: 19
Joined: Thu Oct 20, 2016 12:32 pm

Re: users deleted form distribution lists

Post by lethargos »

Thank you for your replies and thank you jnewport for pointing out the 'Loading...' problem. It didn't cross my mind to associate it with a browser problem. Indeed, I'm a firefox user and on chrome I never see this problem. From now on I will know :) I had had been deleting distribution lists, as it were, unknowingly because of firefox, or rather because of zimbra's implementation that is not adapted to Firefox. A rather big bug, in my opinion
Thanks :)
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 632
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12

Re: users deleted form distribution lists

Post by ccelis5215 »

lethargos wrote:Thank you for your replies and thank you jnewport for pointing out the 'Loading...' problem. It didn't cross my mind to associate it with a browser problem. Indeed, I'm a firefox user and on chrome I never see this problem. From now on I will know :) I had had been deleting distribution lists, as it were, unknowingly because of firefox, or rather because of zimbra's implementation that is not adapted to Firefox. A rather big bug, in my opinion
Thanks :)
Can you fill a report in bugzilla?

My ZCS is 8.0.9 just because of stability, and this old version seem not have this behaviour.

ccelis
Post Reply