Zimbra

sbutterfield · #1 (**permalink**) 12-05-2007, 02:25 AM

I am having major problems with slapd (or so it would seem when looking through the zimbra log)... It will perform a legitimate master exit and take the mailserver down. Below is the portion of the logfile identifying when it happened and what happened:

Dec 4 22:46:05 mailserver zmtomcatmgr[28900]: status requested
Dec 4 22:46:05 mailserver zmtomcatmgr[28900]: status OK
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxx.com: antispam: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxxxxx.com: antivirus: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxxxxx.com: ldap: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxx.com: logger: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxxxxxxx.com: mailbox: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxxxxxx.com: mta: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxxx.com: snmp: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxx.com: spell: Running
Dec 4 22:46:06 mailserver zimbramon[28718]: 28718:info: 2007-12-04 22:46:01, STATUS: mailserver.xxxxxxxxxxx.com: stats: Stopped
Dec 4 22:47:37 mailserver saslauthd[3582]: server_exit : master exited: 3582
Dec 4 22:47:37 mailserver slapd[1871]: daemon: shutdown requested and initiated.
Dec 4 22:47:37 mailserver slapd[1871]: slapd shutdown: waiting for 0 threads to terminate
Dec 4 22:47:38 mailserver slapd[1871]: slapd stopped.
Dec 4 22:47:43 mailserver amavis[2986]: Net::Server: 2007/12/04-22:47:43 Server closing!
Dec 4 22:47:48 mailserver zmtomcatmgr[29399]: threaddump requested
Dec 4 22:47:48 mailserver zmtomcatmgr[2862]: sending SIQUIT to tomcat/JVM process 2863
Dec 4 22:47:50 mailserver zmtomcatmgr[29406]: stop requested
Dec 4 22:47:50 mailserver zmtomcatmgr[29406]: waiting for manager process 2862 to die
Dec 4 22:47:50 mailserver zmtomcatmgr[2862]: shutdown requested, sending TERM signal to 2863
Dec 4 22:47:52 mailserver zmtomcatmgr[2862]: tomcat/JVM process exited (waitpid expected 2863 got 2863)
Dec 4 22:47:52 mailserver zmtomcatmgr[2862]: manager woke up from wait on tomcat/JVM with pid 2863
Dec 4 22:47:53 mailserver zmtomcatmgr[29406]: manager process 2862 died, shutdown completed
Dec 4 22:47:58 mailserver zmtomcatmgr[29414]: status requested
Dec 4 22:47:58 mailserver zmtomcatmgr[29414]: file /opt/zimbra/log/zmtomcatmgr.pid does not exist
Dec 4 22:47:58 mailserver zmtomcatmgr[29414]: assuming no other instance is running
Dec 4 22:47:58 mailserver zmtomcatmgr[29414]: no manager process is running

One minute all is well then another minute the world is ending. I cannot stress how hard this is on my cell phone bill

-- My biggest concern is that there is a vunerability I have left open or if there is something in my configuration that I should have done differently. The server is on a static IP and as of this writing I setup IPTables to try and halt any illegitimate connections to/from ldap.

Zimbra version info: Version 4.5.7_GA_1319.FC5 -- been running strong since September until all of a sudden this happened, I was really starting to praise this software...

phoenix · #2 (**permalink**) 12-05-2007, 05:25 AM

What's in the catalina.out?

sbutterfield · #3 (**permalink**) 12-05-2007, 09:58 AM

This looks like what you were looking for:

Code:

Dec 5, 2007 2:05:02 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
Dec 5, 2007 2:05:04 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-7071
Dec 5, 2007 2:05:04 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3957 ms
Dec 5, 2007 2:05:04 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Dec 5, 2007 2:05:04 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.15
Dec 5, 2007 2:05:04 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
log4j:WARN No appenders could be found for logger (org.apache.catalina.startup.TldConfig).
log4j:WARN Please initialize the log4j system properly.
Dec 5, 2007 2:05:06 AM org.apache.catalina.startup.HostConfig deployDescriptor
WARNING: A docBase /opt/zimbra/apache-tomcat-5.5.15/webapps/zimbra inside the host appBase has been specified, and will be ignored
log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase).
log4j:WARN Please initialize the log4j system properly.
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext resourcesStart
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base /opt/zimbra/apache-tomcat-5.5.15/server/webapps/manager does not exist or is not a readable directory
    at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:140)
    at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:3812)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:3983)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:603)
    at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535)
    at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470)
    at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1118)
    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1020)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
    at org.apache.catalina.core.StandardService.start(StandardService.java:450)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:406)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.zimbra.cs.launcher.TomcatLauncher.start(TomcatLauncher.java:52)
    at com.zimbra.cs.launcher.TomcatLauncher.main(TomcatLauncher.java:74)
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext start
SEVERE: Error in resourceStart()
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext start
SEVERE: Error getConfigured
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/manager] startup failed due to previous errors
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext stop
INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] has not been started
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext resourcesStart
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base /opt/zimbra/apache-tomcat-5.5.15/server/webapps/host-manager does not exist or is not a readable directory
    at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:140)
    at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:3812)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:3983)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:603)
    at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535)
    at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470)
    at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1118)
    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1020)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
    at org.apache.catalina.core.StandardService.start(StandardService.java:450)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:406)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.zimbra.cs.launcher.TomcatLauncher.start(TomcatLauncher.java:52)
    at com.zimbra.cs.launcher.TomcatLauncher.main(TomcatLauncher.java:74)
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext start
SEVERE: Error in resourceStart()
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext start
SEVERE: Error getConfigured
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/host-manager] startup failed due to previous errors
Dec 5, 2007 2:05:07 AM org.apache.catalina.core.StandardContext stop
INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager] has not been started
log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase).
log4j:WARN Please initialize the log4j system properly.
Zimbra server reserving server socket port=110 bindaddr=null ssl=false
Zimbra server reserving server socket port=995 bindaddr=null ssl=true
Zimbra server reserving server socket port=143 bindaddr=null ssl=false
Zimbra server reserving server socket port=993 bindaddr=null ssl=true
Zimbra server process is running as root, changing to user=zimbra uid=500 gid=500
Zimbra server process, after change, is running with uid=500 euid=500 gid=500 egid=500
Dec 5, 2007 2:05:17 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-80
Dec 5, 2007 2:05:17 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-7071
Dec 5, 2007 2:05:17 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13064 ms

sbutterfield · #4 (**permalink**) 12-05-2007, 10:00 AM

Server has been up for almost 8hours now; so far - better than it has been doing the last couple of days.

sbutterfield · #5 (**permalink**) 12-06-2007, 01:06 PM

bump:: Could really use some help --- it happened again on a production server today.

jholder · #6 (**permalink**) 12-06-2007, 01:14 PM

There is a LDAP vulnerability in 4.5.7 that you need to close by updating. In the interm, is port 389 open to the world?
What makes you think this is a security issue? Because it received a shutdown? Zimbra can call a shutdown is something goes wrong, so I'm less inclined to believe that.

Next, please post your:
/opt/zimbra/log/audit.log
and
/opt/zimbra/log/mailbox.log

Don't paste. Please attach as a file.

sbutterfield · #7 (**permalink**) 12-06-2007, 02:00 PM

Not sure if this is a vunerability or not thus the question marks... Just another paranoid admin...

Will post 'attachments' tonight

Thanks for the reply!

dljordaneku · #8 (**permalink**) 12-19-2007, 07:09 PM

Quote:

Originally Posted by jholder

There is a LDAP vulnerability in 4.5.7 that you need to close by updating. In the interm, is port 389 open to the world?

Can you explain more on this or point me to another link on this?
dj

sbutterfield · #9 (**permalink**) 01-06-2008, 06:34 PM

Sorry for a reply after over a month. Everything was going well for the rest of December until it started acting up again the last couple of days. The log files show the same things as Dec4th as mentioned above so I thought I would post the requested audit.log and mailbox.log; in addition I posted some updated logs from zimbra for review.

I am more than happy to upgrade at this point as long as I know that I won't have to spend six hours re-doing everything (all the user accnts and passwords, settings, yeiks, that could put me under...)

Any quick how-to guides for upgrading to 5.0 on FC5 you could point me to?

Any ideas on how I can patch up these problems?

sbutterfield · #10 (**permalink**) 01-06-2008, 06:38 PM

Quote:

Originally Posted by jholder

There is a LDAP vulnerability in 4.5.7 that you need to close by updating. In the interm, is port 389 open to the world?
What makes you think this is a security issue? Because it received a shutdown? Zimbra can call a shutdown is something goes wrong, so I'm less inclined to believe that.

Next, please post your:
/opt/zimbra/log/audit.log
and
/opt/zimbra/log/mailbox.log

Don't paste. Please attach as a file.

no, 389 is not open... I have IPTables running with only the necessary ports for mail I/O and the administrative website from my static IP.

Zimbra

Downloads

Product Information

Toolbox

Why Join?