Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: disable alias login?

  1. #1
    ypong is offline Senior Member
    Join Date
    Jan 2009
    Posts
    66
    Rep Power
    6

    Default disable alias login?

    This may seem like a strange request considering in the past people have asked for the exact opposite, but, is it possible to disable logins for created aliases?

    e.g. I have created a mailbox using account user1@domain.com, and created alias fullnameuser1@domain.com. But I only want the account to be accessed by user1@domain.com, not by fullnameuser@domain.com.

    An obvious security issue here is I don't want some script kiddy parked at my imap or smtp ports trying password after password for aliases like postmaster, webmaster, hostmaster etc. With the default Zimbra password lockout for an hour after 10 retries, it means that in a 6 month period (before the password is changed again) they could have tried ~43,000 combinations, and worse still, significantly impacted on the person trying to login to the account proper.
    Release 7.2.0_GA_2669.UBUNTU10_64 UBUNTU10_64 FOSS edition

  2. #2
    ypong is offline Senior Member
    Join Date
    Jan 2009
    Posts
    66
    Rep Power
    6

    Default

    anybody have any suggestions?
    Release 7.2.0_GA_2669.UBUNTU10_64 UBUNTU10_64 FOSS edition

  3. #3
    ccelis5215 is offline Elite Member
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    443
    Rep Power
    3

    Default

    Why don't just delete the user alias using the admin UI?
    Last edited by ccelis5215; 10-22-2011 at 03:50 PM.

  4. #4
    ypong is offline Senior Member
    Join Date
    Jan 2009
    Posts
    66
    Rep Power
    6

    Default

    I need the aliases, I just don't want logins to be made available via those aliases. So deleting isn't an appropriate option, unfortunately!
    Release 7.2.0_GA_2669.UBUNTU10_64 UBUNTU10_64 FOSS edition

  5. #5
    ccelis5215 is offline Elite Member
    Join Date
    Jun 2011
    Location
    Caracas Venezuela
    Posts
    443
    Rep Power
    3

    Default

    uhmm.... a suggestion to workaround.



    1. Delete the alias.
    2. Create another account with the name used as the alias.
    3. Receive and forward the messages you want to the main account.


    Regards.

  6. #6
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    man thats odd

    may someone create a bugreport and post the link (sorry iam lazy do it all the time : )

    actually its a security threat not able to dissable
    a big one....


    ife delete now some text cause i dont want to teach someone how todo but all i can say is thats possible to shutdown entire hositng companys because of this with a minimum on knwolege and resources


    i also posted long time ago that they have to fix the return-path in outgoing mail because here you can see the actual username too

    sadly no luck with that even there was a discussion about it

  7. #7
    king0770's Avatar
    king0770 is offline Zimbra Employee
    Join Date
    Sep 2007
    Posts
    186
    Rep Power
    7

  8. #8
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    thanks - voted

  9. #9
    ypong is offline Senior Member
    Join Date
    Jan 2009
    Posts
    66
    Rep Power
    6

    Default

    Thanks, voted too.
    Release 7.2.0_GA_2669.UBUNTU10_64 UBUNTU10_64 FOSS edition

  10. #10
    batfastad is offline Elite Member
    Join Date
    Aug 2007
    Location
    London, UK
    Posts
    295
    Rep Power
    7

    Default

    Voted!! I've been wanting to be able to do this for a while.
    My Zimbra Bugs Wishlist: 16411, 24567, 35676, 36430, 37770, 41872, 43733, 44384, 46383, 47759
    And a way to associate mailto: handlers with a Zimbra Prism webapp

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Question about alias domains
    By jafo in forum Administrators
    Replies: 0
    Last Post: 07-30-2011, 07:54 AM
  2. User login hangs up on Loading screen
    By marinew in forum Administrators
    Replies: 9
    Last Post: 07-14-2011, 08:53 PM
  3. better mobile login page
    By crevier in forum Zimbra Mobile
    Replies: 0
    Last Post: 10-29-2010, 09:48 AM
  4. Replies: 4
    Last Post: 12-13-2007, 10:18 AM
  5. Domain Alias & Login Name
    By Bingo in forum Administrators
    Replies: 6
    Last Post: 02-02-2007, 08:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •