This may seem like a strange request considering in the past people have asked for the exact opposite, but, is it possible to disable logins for created aliases?
e.g. I have created a mailbox using account firstname.lastname@example.org, and created alias email@example.com. But I only want the account to be accessed by firstname.lastname@example.org, not by email@example.com.
An obvious security issue here is I don't want some script kiddy parked at my imap or smtp ports trying password after password for aliases like postmaster, webmaster, hostmaster etc. With the default Zimbra password lockout for an hour after 10 retries, it means that in a 6 month period (before the password is changed again) they could have tried ~43,000 combinations, and worse still, significantly impacted on the person trying to login to the account proper.