Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Users get access to another users mail!

  1. #1
    Hatrix is offline Translation Moderator
    Join Date
    Aug 2009
    Location
    Palma de Mallorca, Spain
    Posts
    66
    Rep Power
    6

    Default Users get access to another users mail!

    Hello Mailinglist,

    I have the following problem:
    Users get while working in the mail webclient another users session!

    We had like 4 or 5 incidents in the last few month (so, the rate is very low, but could be higher as it is possible that not everyone reports these kinds of incidents and after you close and reopen your browser all is normal anyway).

    The Zimbra solution is in place from January until know, the incidents first appeard (or where first reported) 3 or 4 month ago, we checked and could not find anything which could possible correlate to this problem in this timeframe (e.g. installations of other proxy, upgrades, etc.)


    I have at least a more detailed report from one User:

    The User has several emails in his Inbox.
    He clicks on one of them, then an error messages appears.
    -> It did not look like a windows error message
    -> The User did not remember what the message said (philosophical issue)
    -> There was a link in this errormessage which the user clicked
    Then he was suddenly in the Inbox of another user.

    The User called the internal IT department which tried to investigate
    -> After browser stop and start everything worked, so no possible cookie stuff problem
    -> The wrongly displayed Users never was connected on this machine
    -> A basic log file analysis on the proxy and mail server reveiled not much

    Server Setup:

    All Users connect directly to the Proxy Server
    -> apache on x86_64 bit linux, redhat enterprise linux server 5.3 tikanga
    -> The system is prepared to do loadbalancing between the zimbra's, but currently only one zimbra is in production
    -> Serves as a proxy for other systems as well, partly configured as:

    Proxy modules
    LoadModule proxy_module /etc/httpd/modules/mod_proxy.so
    LoadModule proxy_connect_module /etc/httpd/modules/mod_proxy_connect.so
    LoadModule proxy_ftp_module /etc/httpd/modules/mod_proxy_ftp.so
    LoadModule proxy_http_module /etc/httpd/modules/mod_proxy_http.so
    LoadModule proxy_ajp_module /etc/httpd/modules/mod_proxy_ajp.so
    LoadModule proxy_balancer_module /etc/httpd/modules/mod_proxy_balancer.so

    Zimbra configuration in Apache:
    <VirtualHost *:80>
    ServerAdmin sistema@DOMAIN.net
    ServerName webmail.DOMAIN.net
    ServerAlias correu.DOMAIN.net

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://webmail.DOMAIN.net
    </VirtualHost>

    <VirtualHost *:443>
    ServerAdmin sistema@DOMAIN.net
    ServerName webmail.DOMAIN.net
    ServerAlias correu.DOMAIN.net
    SSLProxyEngine On
    ErrorLog /var/log/httpd/defecte-error_log
    CustomLog /var/log/httpd/defecte-access_log combined

    <IfModule mod_ssl.c>
    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/wildcard.DOMAIN.net.crt
    SSLCertificateKeyFile /etc/httpd/ssl/wildcard.DOMAIN.net.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </IfModule>

    ProxyPass / http://ZIMBRA-IP1/
    ProxyPassReverse / http://ZIMBRA-IP1/
    </VirtualHost>

    I do not see anything special in the setup, but I as well am new to zimbra, is there another/better way to proxy?
    Where could the problem otherwise be originiated?
    Better use ajp for proxying?

    Thanks for your time and help
    best
    Ray

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    It would be helpful if you were to update your profile with the following information
    Code:
    su - zimbra
    zmcontrol -v

  3. #3
    Hatrix is offline Translation Moderator
    Join Date
    Aug 2009
    Location
    Palma de Mallorca, Spain
    Posts
    66
    Rep Power
    6

    Default

    Quote Originally Posted by uxbod View Post
    It would be helpful if you were to update your profile with the following information
    Code:
    su - zimbra
    zmcontrol -v
    Thanks for the Hint, Done!
    best

  4. #4
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Proxy cache

    I've had the same issue running two different proxies. Turning off the proxy's cache fixed the problem.

  5. #5
    Hatrix is offline Translation Moderator
    Join Date
    Aug 2009
    Location
    Palma de Mallorca, Spain
    Posts
    66
    Rep Power
    6

    Default

    Hi Bill,

    Thanks for answering, but we do not use caches in our proxy solution, it's just proxying the request to the zimbra server ...

  6. #6
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Cacheing.

    Not sure about your setup but I've never used a proxy that didn't use a cacheing scheme of some kind.

  7. #7
    Hatrix is offline Translation Moderator
    Join Date
    Aug 2009
    Location
    Palma de Mallorca, Spain
    Posts
    66
    Rep Power
    6

    Default

    Quote Originally Posted by Bill Brock View Post
    Not sure about your setup but I've never used a proxy that didn't use a cacheing scheme of some kind.
    We use apache as a Reverse Proxy.

    I did right now some research, mod_proxy in apache is able to use caching, however, it needs mod_cache (and/or mod_mem_cache, mod_disk_cache) to work.

    This modules are not loaded in our Apache process, i checked again and this is the full output of static and loaded modules in the apachae:

    Loaded Modules:
    core_module (static)
    mpm_prefork_module (static)
    http_module (static)
    so_module (static)
    actions_module (shared)
    alias_module (shared)
    auth_basic_module (shared)
    authn_file_module (shared)
    authz_host_module (shared)
    authz_groupfile_module (shared)
    authz_default_module (shared)
    authz_user_module (shared)
    authn_dbm_module (shared)
    autoindex_module (shared)
    cgi_module (shared)
    dir_module (shared)
    env_module (shared)
    expires_module (shared)
    include_module (shared)
    log_config_module (shared)
    mime_module (shared)
    negotiation_module (shared)
    setenvif_module (shared)
    ssl_module (shared)
    suexec_module (shared)
    userdir_module (shared)
    php5_module (shared)
    proxy_module (shared)
    proxy_connect_module (shared)
    proxy_ftp_module (shared)
    proxy_http_module (shared)
    proxy_ajp_module (shared)
    rewrite_module (shared)
    proxy_balancer_module (shared)
    Syntax OK

    So, no, we do not have any caching active at this side ...

  8. #8
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Have you resolved this?

    Just wondering if you had resolved this and if so, how?

    Is it proper to have your IfModule mod_ssl.c directives nested inside your Virtualhost *443 directive?

  9. #9
    Hatrix is offline Translation Moderator
    Join Date
    Aug 2009
    Location
    Palma de Mallorca, Spain
    Posts
    66
    Rep Power
    6

    Default

    Quote Originally Posted by Bill Brock View Post
    Just wondering if you had resolved this and if so, how?

    Is it proper to have your IfModule mod_ssl.c directives nested inside your Virtualhost *443 directive?
    Hello,

    thanks for following up, I have to say, no, nobody seems to experience the same problems, but we have to come to the bottom of this, I am thinking of buying support from Zimbra if noone else can help me, because we can not let this go on, it's a big problem which does not have to happen in an email solution.

    As we have only this mod_proxy and go directly to the zimbra port 80 i am not sure HOW this can happen at all ...

    your other question, regarding the nested ifModule, it is working fine in this installation, but I have to say I am not the guy who installed it, just right now there to fix this stuff ...

    thanks and best

  10. #10
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Link

    Here is a link to a site where the issue is similar to yours. I notice you are running ajp. Apache maybe handing off some work to Tomcat which my possibly be cacheing.

    Since you are having the exact same issue I was having I just keep going back to some kind of cache. I don't mean to be a pain in the touche.

    Apache/Tomcat error - wrong pages being delivered - Stack Overflow

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Migration Assistance
    By dwill in forum Administrators
    Replies: 10
    Last Post: 12-02-2008, 08:20 AM
  3. server dropped connection
    By ferra in forum Installation
    Replies: 20
    Last Post: 10-06-2008, 04:32 PM
  4. Replies: 2
    Last Post: 02-12-2008, 11:55 AM
  5. Mail not getting to mail boxes
    By ehults in forum Installation
    Replies: 5
    Last Post: 10-31-2005, 09:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •