Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page External Webmail - only allow certain users

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-23-2011, 02:09 PM
Starter Member
  
Posts: 1
Default External Webmail - only allow certain users
I have a new installation with the Mailstore server in the internal network and a zimbra proxy server in the DMZ. I am using external authentication using AD. All is working fine, but all users have access to Webmail from anywhere.

Is there anyway that permissions can be added to proxy server to only allow certain users to use the proxy server?
Reply With Quote
  #2 (permalink)  
Old 09-26-2011, 11:08 PM
New Member
  
Posts: 4
Default
nope.. had same requirement and Zimbra support said there is no settings as such to restricting users from accessing webmail.
This is a security issue, for few security compliance this option should be available.
Reply With Quote
  #3 (permalink)  
Old 10-05-2011, 02:10 AM
Special Member
  
Posts: 139
Default
Quote:
Originally Posted by zippy32 View Post
I have a new installation with the Mailstore server in the internal network and a zimbra proxy server in the DMZ. I am using external authentication using AD. All is working fine, but all users have access to Webmail from anywhere.

Is there anyway that permissions can be added to proxy server to only allow certain users to use the proxy server?
We have restricted the Users in UTM which sits between MailServer & Internet
Reply With Quote
  #4 (permalink)  
Old 10-07-2011, 01:22 PM
Active Member
  
Posts: 28
Default
I don't know if this technique would apply to your proxy & AD environment, but like you, we wanted to be able to control who can access the Zimbra web interface from outside. So, we set up a simple PHP web page which presents a login form, and checks if the userid is on our permit list. If not, a simple rejection page is diplayed. Or, if they are permitted, the page authenticates the userid/pw combo against kerberos, generates a Zimbra preauth token, and then redirects them to the Zimbra web interface. The wiki has info on how to use preauthentication.
Reply With Quote
  #5 (permalink)  
Old 10-07-2011, 11:16 PM
Special Member
  
Posts: 139
Default
Quote:
Originally Posted by mattg1 View Post
I don't know if this technique would apply to your proxy & AD environment, but like you, we wanted to be able to control who can access the Zimbra web interface from outside. So, we set up a simple PHP web page which presents a login form, and checks if the userid is on our permit list. If not, a simple rejection page is diplayed. Or, if they are permitted, the page authenticates the userid/pw combo against kerberos, generates a Zimbra preauth token, and then redirects them to the Zimbra web interface. The wiki has info on how to use preauthentication.
Yes . Good Way to Implement . We are Picking of Group of Directory Users who are allowed to Access E-mails from WAN.There are Provisions to create Local Users in Most UTM.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.