Quote:
|
Originally Posted by PNE Thank for your responses. In fact we are already using VPN and it is satisfying. VPN use is quite restrictive here (only from authorized computers + smartcards) and I just wanted to loosen mail access a little bit. Filtering by country is no option for us as our commercial staff is travelling really a lot. And I am not very surprised that Zimbra will not add such a feature as Kevin wrote. I just hoped that someone already had solved it at mail server level. |
It's probably not high on Zimbra's list of things to do.
Why can't you just restrict your remote users IP Addresses on the Internet firewall?
Are you users really not that trustworthy?
I am not sure I follow what you are trying to do here really I guess.
Is user1 attempting to read/access user2's mail?
If so, not sure it's a technical issue really? ;-)
If this is the case, it may help to modify the preferences in the 'Class of Service' section, 'advanced' so that the users have to:
1. maybe set the minimum password length/age/ to something higher
2. enable password history
3. set session idle timout to something lower
My point is, I am not sure what security risk you are trying to protect against really.
Non-emloyee logins from outside your network or your own users hacking each others e-mails.
Feel free to correct me if I totally missed what you are saying. ;-)
Being a network and firewall security person for more than 15+ years and not a sys/mail admin really, it makes more sense to me to do it at the firewall or router access list level, than to have to make changes on the server, by IP Address whenever there are moves/adds or changes and which would require me to restart a service or services on the mail server interupting access to all of the other users so that the change would take effect.
disclaimer: I still could be missing your security requirement. :-)
Scotty