CSRF token verification failed when receiving mails

Technical assistance
1

Hi,

Infos:

  • Used Zammad version: 3.6.0
  • Used Zammad installation source: via DEB
  • Operating system: Ubuntu 20.04
  • Browser + version: Chrome 86.0.4240.80

Expected behavior:

New Tickets appearing in the dashboard.

Actual behavior:

When I add an email account, I get the message that there are 2 mails already on the server. The verification completes without any error message, but the new tickets do not appear. When I check the production.log, I can see error messages like this (I removed personal information from the log):

I, [2020-11-26T12:01:54.184811 #862-47115581284660] INFO – : Completed 401 Unauthorized in 1ms (Views: 0.1ms | ActiveRecord: 0.0ms)
I, [2020-11-26T12:01:55.274479 #862-47115581284440] INFO – : Started POST “/api/v1/channels_email_inbound” for xxx at 2020-11-26 12:01:55 +0000
I, [2020-11-26T12:01:55.278455 #862-47115581284440] INFO – : Processing by ChannelsEmailController#inbound as JSON
I, [2020-11-26T12:01:55.278515 #862-47115581284440] INFO – : Parameters: {“adapter”=>“pop3”, “options”=>{“host”=>“mail.agenturserver.de”, “user”=>“xxx”, “password”=>"[FILTERED]", “ssl”=>true, “port”=>“995”}, “channel_id”=>3}
I, [2020-11-26T12:01:55.283089 #862-47115581284440] INFO – : fetching pop3 (mail.agenturserver.de/xxx port=995,ssl=true)
I, [2020-11-26T12:01:55.508541 #862-47115581284440] INFO – : check only mode, fetch no emails
I, [2020-11-26T12:01:55.559068 #862-47115581284440] INFO – : Completed 200 OK in 280ms (Views: 0.2ms | ActiveRecord: 0.5ms)
I, [2020-11-26T12:01:57.556917 #862-47115581285680] INFO – : Started POST “/api/v1/channels_email_outbound” for xxx at 2020-11-26 12:01:57 +0000
I, [2020-11-26T12:01:57.561431 #862-47115581285680] INFO – : Processing by ChannelsEmailController#outbound as JSON
I, [2020-11-26T12:01:57.561493 #862-47115581285680] INFO – : Parameters: {“adapter”=>“smtp”, “options”=>{“host”=>“mail.agenturserver.de”, “user”=>“xxx”, “password”=>"[FILTERED]", “port”=>“25”}, “email”=>“xxx”, “channel_id”=>3}
I, [2020-11-26T12:01:57.817178 #862-47115581285680] INFO – : Completed 200 OK in 256ms (Views: 0.2ms | ActiveRecord: 0.4ms)
I, [2020-11-26T12:01:57.856233 #862-47115581286100] INFO – : Started POST “/api/v1/channels_email_verify” for xxx at 2020-11-26 12:01:57 +0000
I, [2020-11-26T12:01:57.860160 #862-47115581286100] INFO – : Processing by ChannelsEmailController#verify as JSON
I, [2020-11-26T12:01:57.860234 #862-47115581286100] INFO – : Parameters: {“inbound”=>{“adapter”=>“pop3”, “options”=>{“host”=>“mail.agenturserver.de”, “user”=>“xxx”, “password”=>"[FILTERED]", “ssl”=>true, “port”=>“995”}, “channel_id”=>3}, “outbound”=>{“adapter”=>“smtp”, “options”=>{“host”=>“mail.agenturserver.de”, “user”=>“xxx”, “password”=>"[FILTERED]", “port”=>“25”}, “email”=>“xxx”, “channel_id”=>3}, “meta”=>{}, “channel_id”=>3, “group_id”=>1, “email”=>“xxx”}
I, [2020-11-26T12:01:58.755866 #903-46973898324380] INFO – : Scheduler running…
I, [2020-11-26T12:01:58.760898 #903-46973898324380] INFO – : Running job thread for ‘Check streams for Channel’ (Channel.stream) status is: sleep
I, [2020-11-26T12:01:58.760961 #903-46973898324380] INFO – : Running job thread for ‘Generate Session data’ (Sessions.jobs) status is: sleep
I, [2020-11-26T12:02:01.143186 #862-47115581285180] INFO – : Started POST “/api/v1/message_send” for xxx at 2020-11-26 12:02:01 +0000
I, [2020-11-26T12:02:01.147521 #862-47115581285180] INFO – : Processing by LongPollingController#message_send as JSON
I, [2020-11-26T12:02:01.147572 #862-47115581285180] INFO – : Parameters: {“data”=>{“event”=>“login”}}
I, [2020-11-26T12:02:01.147949 #862-47115581285180] INFO – : CSRF token verification failed
I, [2020-11-26T12:02:01.148032 #862-47115581285180] INFO – : CSRF token verification failed! (Exceptions::NotAuthorized)

I do not have any problems with the login. My nginx config looks like this:

server {
listen xxx:443 ssl http2;

server_name xxx.de;
server_name www.xxx.de;
server_name ipv4.xxx.de;

ssl_certificate             /opt/psa/var/certificates/xxx;
ssl_certificate_key         /opt/psa/var/certificates/xxx;

client_max_body_size 128m;

root "/xxx/zammad/public";
access_log "/var/www/vhosts/system/xxx/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/xxx/logs/proxy_error_log";

#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
	root /var/www/vhosts/default/htdocs;

	types { }
	default_type text/plain;

	satisfy any;
	auth_basic off;
	allow all;

	location ~ ^/\.well-known/acme-challenge.*/\. {
		deny all;
	}
}
#extension letsencrypt end

#extension sslit begin

#extension sslit end

location ~ /\.ht {
	deny all;
}

disable_symlinks if_not_owner "from=/var/www/vhosts/xxx";

add_header X-Powered-By PleskLin;

    location /ws {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_read_timeout 86400;
        proxy_pass http://127.0.0.1:6042;
    }

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        # Change this line in an SSO setup
        proxy_set_header X-Forwarded-User "";

        proxy_read_timeout 300;
        proxy_pass http://127.0.0.1:3000;

        gzip on;
        gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
        gzip_proxied any;
    }

}

server {
listen 82.165.126.234:80;

server_name xxx.de;
server_name www.xxx.de;
server_name ipv4.xxx.de;

client_max_body_size 128m;

location / {
	return 301 https://$host$request_uri;
}

}

Steps to reproduce the behavior:

  • Fresh install on Ubuntu 20.04
  • Add email account and try to receive emails

Could you please help me with this issue?

Thanks,
Mark

1 Like
2

Did you even try to find a solution before posting? There are a ton of threads with this error message already. For a possible solution you could look at Fresh install 3.2.x: CSRF token verification failed and the posts folling this one.

3

Yes, as you can see in my configuration file I posted above. I added this line: “proxy_set_header X-Forwarded-Proto https;”, but it does not work.

I reinstalled the package and the error is gone, but Zammad still can not receive any tickets. And there is no error in the log.

Update: I have found the log information.

  • Failed to run scheduled job ‘Import OTRS diff load’. Cause: Failed to run Import::OTRS.diff_worker after 10 tries #<Errno::EACCES: Permission denied @ apply2files - /opt/zammad/tmp/cache_file_store_production/506/470/Scheduler%3A%3A4>
  • Failed to run scheduled job ‘Check Channels’. Cause: Failed to run Channel.fetch after 10 tries #<Errno::EACCES: Permission denied @ apply2files - /opt/zammad/tmp/cache_file_store_production/507/480/Scheduler%3A%3A5>
  • Failed to run scheduled job ‘Execute jobs’. Cause: Failed to run Job.run after 10 tries #<Errno::EACCES: Permission denied @ apply2files - /opt/zammad/tmp/cache_file_store_production/50A/4B0/Scheduler%3A%3A8>
4

Found the solution :slight_smile: I had to set the permissions manually with: sudo chown -R zammad /opt/zammad

5

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.