Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page disable alias login?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-18-2011, 07:30 PM
Senior Member
  
Posts: 51
Default disable alias login?
This may seem like a strange request considering in the past people have asked for the exact opposite, but, is it possible to disable logins for created aliases?

e.g. I have created a mailbox using account user1@domain.com, and created alias fullnameuser1@domain.com. But I only want the account to be accessed by user1@domain.com, not by fullnameuser@domain.com.

An obvious security issue here is I don't want some script kiddy parked at my imap or smtp ports trying password after password for aliases like postmaster, webmaster, hostmaster etc. With the default Zimbra password lockout for an hour after 10 retries, it means that in a 6 month period (before the password is changed again) they could have tried ~43,000 combinations, and worse still, significantly impacted on the person trying to login to the account proper.
__________________
Release 7.1.3_GA_3346.UBUNTU10_64 UBUNTU10_64 FOSS edition
Reply With Quote
  #2 (permalink)  
Old 10-20-2011, 02:47 AM
Senior Member
  
Posts: 51
Default
anybody have any suggestions?
__________________
Release 7.1.3_GA_3346.UBUNTU10_64 UBUNTU10_64 FOSS edition
Reply With Quote
  #3 (permalink)  
Old 10-22-2011, 03:45 PM
Advanced Member
  
Posts: 206
Default
Why don't just delete the user alias using the admin UI?
Last edited by ccelis5215; 10-22-2011 at 03:50 PM..
Reply With Quote
  #4 (permalink)  
Old 10-22-2011, 05:00 PM
Senior Member
  
Posts: 51
Default
I need the aliases, I just don't want logins to be made available via those aliases. So deleting isn't an appropriate option, unfortunately!
__________________
Release 7.1.3_GA_3346.UBUNTU10_64 UBUNTU10_64 FOSS edition
Reply With Quote
  #5 (permalink)  
Old 10-22-2011, 05:06 PM
Advanced Member
  
Posts: 206
Default
uhmm.... a suggestion to workaround.


  1. Delete the alias.
  2. Create another account with the name used as the alias.
  3. Receive and forward the messages you want to the main account.

Regards.
Reply With Quote
  #6 (permalink)  
Old 10-22-2011, 09:46 PM
Advanced Member
  
Posts: 214
Default
man thats odd

may someone create a bugreport and post the link (sorry iam lazy do it all the time : )

actually its a security threat not able to dissable
a big one....


ife delete now some text cause i dont want to teach someone how todo but all i can say is thats possible to shutdown entire hositng companys because of this with a minimum on knwolege and resources


i also posted long time ago that they have to fix the return-path in outgoing mail because here you can see the actual username too

sadly no luck with that even there was a discussion about it
Reply With Quote
  #7 (permalink)  
Old 10-22-2011, 11:49 PM
Zimbra Employee
  
Posts: 184
Default
See, https://bugzilla.zimbra.com/show_bug.cgi?id=54838
Reply With Quote
  #8 (permalink)  
Old 10-23-2011, 12:21 PM
Advanced Member
  
Posts: 214
Default
thanks - voted
Reply With Quote
  #9 (permalink)  
Old 10-24-2011, 01:43 AM
Senior Member
  
Posts: 51
Default
Thanks, voted too.
__________________
Release 7.1.3_GA_3346.UBUNTU10_64 UBUNTU10_64 FOSS edition
Reply With Quote
  #10 (permalink)  
Old 02-17-2012, 11:08 AM
Elite Member
  
Posts: 275
Default
Voted!! I've been wanting to be able to do this for a while.
__________________
My Zimbra Bugs Wishlist: 16411, 24567, 35676, 36430, 37770, 41872, 43733, 44384, 46383, 47759
And a way to associate mailto: handlers with a Zimbra Prism webapp
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.