Disable Admin View Mail

[dwmtractor]

Quote:

Originally Posted by flums

Hi

As the top lever admin i use this feuture sometimes when i have imported data from PST to check if it looks ok.

But we need more users to add/delete/unlock account, but without the possebility to view mail. Zimbra admins; is it not posseble to remove the link? My only wish is to either remove the links for these users or until fine grain control is up and running, remove it completly.

This is not possible with current release. However, this thread makes it quite clear it's a feature that a lot of folks would use.

I have created Bug 26056 as an RFE for this issue. Please visit that bug and vote/comment as appropriate.

Cheers,

Dan

[Jason Hung]

We just used the "View Mail" feature to produce evidence to prosecute an employee for intellectual property stealing. This is a necessary feature for our IT department, given our dealings include the military.

Employees who have joined our company have signed a Proprietary Rights Agreement, reaffirming our right to view employee email. Any access to or on company property is subject to review. US law provides for review of employee accounts.

[flums]

Yes, yes, and nobody, at least not me want to take it away. We are a hosting partner of Zimbra and have many customers across domains, but do NOT want to give everybody this feuture that want access til add/modify/delete accounts.

[chh]

Yes this feature can be important. But at the same time it can be a reason why it is critical to use Zimbra.
For example if, in Germany, private emails are allowed nobody in the company has the right to look into my mailbox!
And even if it is not allowed to send private mails in many companies it is required to have 2 individual people authenticated to search the mail of an employee.

And regarding flums post:
I would not want to have my service provider to have access to my bussiness mail!

[dwmtractor]

Quote:

Originally Posted by chh

And regarding flums post:
I would not want to have my service provider to have access to my bussiness mail!

Then you need to

1. Use some form of encryption on ALL your business email, or
2. Host your own system.

If you don't want to do one of these two things, any perception of privacy is an illusion, since your service provider, of necessity, has root access to the server where your mail is stored. You cannot have unencrypted data of any source on somebody else's machine and believe that they could not access it if they so choose. 'Tis the nature of the beast.

[uxbod]

I was thinking about this, and how some sort of encryption could be achieved. If Zimbra worked with SecureIDs (the type where a number is generated every couple of seconds) and the message store was encrypted with a key, but would require this number every time the user connected and the decryption would only last aslong as the session was active. Probably a pie-in-the-screen idea but a thought non the less

[dwmtractor]

Quote:

Originally Posted by uxbod

I was thinking about this, and how some sort of encryption could be achieved. If Zimbra worked with SecureIDs (the type where a number is generated every couple of seconds) and the message store was encrypted with a key, but would require this number every time the user connected and the decryption would only last aslong as the session was active. Probably a pie-in-the-screen idea but a thought non the less

Phil,

I assume you mean those gadgets that RSA sells, that have a little keychain fob with an LCD readout on them? Wow, that would be heavy hitting! I think a simpler solution would be to work with somebody like PGP that's already open-source. . .or just use IMAP for your mail and an external client (there are lots) that already have PGP integrated.

There is an existing RFE for integrating PGP into the web client. However it's a whole lot easier said than done, I suspect. There is a debate even on Bugzilla as to whether the messages would be encrypted only for transport, then stored on the server in decrypted (and therefore searchable) form, or whether they should remain encrypted in storage. Yet again, it's a case of different requirements for different users. . .what else is new?

Dan

[Jason Hung]

Like people echoed in this thread, you have a greater problem if you can't trust your service provider. At the very best, make it an option to be turned off at a user or role level, but don't remove the feature.

I do not know the law in Germany, but in the US, you may be required to sign away your rights when you use company e-mail. What you do in your personal e-mail is your own business (companies do have the right to inspect your work computer at any time), but you shouldn't be using your company e-mail to conduct personal business.

You are thinking on a personal aspect. Use of company e-mail is strictly for professional business. Zimbra, in the Network Edition, is made to accommodate professional use. Administrators are charged with the responsibility to ensure the security of a business.

The bottom-line: if you are going to steal your company's IP, don't do it using e-mail because you have no expectation of privacy when using company computers. This is a common condition of employment at many firms, particularly those who work in areas that require traceability (Sarbanes-Oxley, finance, etc).

[dwmtractor]

Quote:

Originally Posted by Jason Hung

Zimbra, in the Network Edition, is made to accommodate professional use.

Yes, but not ONLY professional use, and not ONLY in America. Zimbra is designed to accommodate email users and their administrators. Some of them need more corporate accountability--others, such as ISPs and educational institutions, have other requirements. We've all got opinions based upon where we live and how we use the Zimbra suite, but I would hate to see any one perspective make the others' use of the product impossible. Enhancements can be made to accommodate requirements that tilt toward individual privacy or corporate accountability at the administrators' option, and I think plenty of reasonable arguments have been made on this thread for the AVAILABILITY of both options.

Sure, it's fun to debate the philosophy of administration, but in the final analysis the technical decisions can and should be made to increase all our options. What we do with them, is of course, optional. . .

Cheers,

Dan

[Jason Hung]

In this case, we can have our cake and eat it too. For users who really want to turn it off, provide a master switch that disables it globally. For those who want control over who can use this feature, use role-based security.

We use a combination of LDAP and SOAP services to maintain our Zimbra store, so administrators who have a need to the full scope of administrative abilities are limited to a select few. Our self-subscription Web service creates the Open Directory/LDAP logins as well as the mailbox using Zimbra's SOAP service. No administrative interaction is required since the self subscription service is linked to our ERP. Our user creation process only requires the new hire to be entered into the ERP by HR, and the new hire in turn enters his social security number and other personal identifiers to create a new account through the self-subscription Web site. On the same token, the account is locked when the employee's relationship with the company is terminated, and queued for backup and archiving. (This is in strong credit to Zimbra's SOAP interfaces that have made automation possible--reducing the number of Zimbra administrators needed and thereby lowering risk)

We only have a few admins who have access to the admin interface and we require a written log of what changes are made.