[Users] Last security patch
L Mark Stone
lmstone at lmstone.com
Tue Mar 19 15:00:03 CET 2019
Frédéric,
mailbox.log had errors like this (some entries modified for privacy)
2018-08-02 13:57:06,518 WARN [ImapSSLServer-5] [name=u<mailto:cfiddle at stepbystepny.org>ser at domain.tld;ip=10.7.57.17;oip=xx.xx.xx.xx;via=10.7.57.17(nginx/1.7.1);ua=Zimbra/8.8.8_GA_3008;cid=1325;] CompoundCachingTier - Error overflowing '8ec5c54f-eb59-4b22-adb6-2f2707617874:5:69952:1' into lower caching tier org.ehcache.impl.internal.store.offheap.OffHeapStore at 4d0b8b8b
org.ehcache.core.spi.store.StoreAccessException: The element with key '8ec5c54f-eb59-4b22-adb6-2f2707617874:5:69952:1' is too large to be stored in this offheap store.
Note this was back in August, when the system was running 8.8.8. It may be that Zimbra has increased the defaults since then in later versions; the farm where I provided the various ehcache values is 8.8.10 with the latest patch.
Hope that helps,
Mark
_________________________________________________
Another Message From... L. Mark Stone
________________________________
From: Frédéric Nass <frederic.nass at univ-lorraine.fr>
Sent: Tuesday, March 19, 2019 9:50 AM
To: L Mark Stone; Victor d'Agostino; David Touitou
Cc: users; Info Zeta Alliance
Subject: Re: [Users] Last security patch
Hello Mark,
Can you share with us the WARN or ERROR messages that had you contact Zimbra support initially ? So we can check if we're also facing Ehcache issues on our ZCS infrastructures?
Regards,
Frédéric.
Le 19/03/2019 à 14:45, L Mark Stone a écrit :
As regards ehcache, I had a Support Case open with Zimbra on this, and it was recommend to increase the ehcache size.
This is what I have now:
zimbra at my:~$ zmprov gacf | grep -i ehcach
zimbraActiveSyncEhcacheExpiration: 5m
zimbraActiveSyncEhcacheHeapSize: 10485760
zimbraActiveSyncEhcacheMaxDiskSize: 10737418240
zimbraImapActiveSessionEhcacheMaxDiskSize: 107374182400
zimbraImapInactiveSessionEhcacheMaxDiskSize: 107374182400
zimbraImapInactiveSessionEhcacheSize: 1048576
zimbra at my:~$
Hope that helps,
Mark
_________________________________________________
Another Message From... L. Mark Stone
________________________________
From: Victor d'Agostino <d.agostino.victor at gmail.com><mailto:d.agostino.victor at gmail.com>
Sent: Tuesday, March 19, 2019 9:36 AM
To: David Touitou
Cc: L Mark Stone; users; Info Zeta Alliance
Subject: Re: [Users] Last security patch
Hello again
Security apart the article lets suppose a zimbraMemcachedClientServerList empty attribute is always safer, but IMAP performance could be better with it because the zimbra store would use the memcached service for IMAP protocol instead of EhCache.
The official Zimbra guide says :
zimbraMemcachedClientServerList : list of host:port for memcached servers; set to empty value to disable the use of memcached
I also have an empty attribute on my Zimbra 8.8.8 multi-store environment. If I have I/O performance issues on my zimbra stores, should I set the zimbraMemcachedClientServerList server attribute or let it empty ?
Why does the memcached service is better than EhCache which is memory based ?
Regards,
Victor
Cordialement,
Victor d'Agostino
Le mar. 19 mars 2019 à 14:30, David Touitou <david at network-studio.com<mailto:david at network-studio.com>> a écrit :
> Thanks David; it wasn't clear to me that the author was saying in the last
> section that all these exposures had been fixed.
I might be wrong.
But considereing there are attributed CVE numbers and patches, it looks to me as standard procedure:
. vulnerability discovered and embargoed
. software company contacted
. software company acknowledged the vulnerability
. software company issued patch
. a couple days later, vulnerability went public with explanations
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20190319/8828928c/attachment.html>
More information about the Users
mailing list