Results 1 to 5 of 5

Thread: External Webmail - only allow certain users

  1. #1
    zippy32 is offline Starter Member
    Join Date
    Sep 2011
    Posts
    1
    Rep Power
    3

    Default External Webmail - only allow certain users

    I have a new installation with the Mailstore server in the internal network and a zimbra proxy server in the DMZ. I am using external authentication using AD. All is working fine, but all users have access to Webmail from anywhere.

    Is there anyway that permissions can be added to proxy server to only allow certain users to use the proxy server?

  2. #2
    karthik@est is offline New Member
    Join Date
    Sep 2011
    Posts
    4
    Rep Power
    3

    Default

    nope.. had same requirement and Zimbra support said there is no settings as such to restricting users from accessing webmail.
    This is a security issue, for few security compliance this option should be available.

  3. #3
    Himanshu is offline Advanced Member
    Join Date
    Jan 2008
    Posts
    223
    Rep Power
    7

    Default

    Quote Originally Posted by zippy32 View Post
    I have a new installation with the Mailstore server in the internal network and a zimbra proxy server in the DMZ. I am using external authentication using AD. All is working fine, but all users have access to Webmail from anywhere.

    Is there anyway that permissions can be added to proxy server to only allow certain users to use the proxy server?
    We have restricted the Users in UTM which sits between MailServer & Internet

  4. #4
    mattg1 is offline Active Member
    Join Date
    Jun 2009
    Posts
    31
    Rep Power
    6

    Default

    I don't know if this technique would apply to your proxy & AD environment, but like you, we wanted to be able to control who can access the Zimbra web interface from outside. So, we set up a simple PHP web page which presents a login form, and checks if the userid is on our permit list. If not, a simple rejection page is diplayed. Or, if they are permitted, the page authenticates the userid/pw combo against kerberos, generates a Zimbra preauth token, and then redirects them to the Zimbra web interface. The wiki has info on how to use preauthentication.

  5. #5
    Himanshu is offline Advanced Member
    Join Date
    Jan 2008
    Posts
    223
    Rep Power
    7

    Default

    Quote Originally Posted by mattg1 View Post
    I don't know if this technique would apply to your proxy & AD environment, but like you, we wanted to be able to control who can access the Zimbra web interface from outside. So, we set up a simple PHP web page which presents a login form, and checks if the userid is on our permit list. If not, a simple rejection page is diplayed. Or, if they are permitted, the page authenticates the userid/pw combo against kerberos, generates a Zimbra preauth token, and then redirects them to the Zimbra web interface. The wiki has info on how to use preauthentication.
    Yes . Good Way to Implement . We are Picking of Group of Directory Users who are allowed to Access E-mails from WAN.There are Provisions to create Local Users in Most UTM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Copy user's password to an external LDAP
    By Kilath in forum Administrators
    Replies: 1
    Last Post: 07-18-2011, 07:34 AM
  2. Restrict external mail to some users ONLY
    By VictorMedina in forum Administrators
    Replies: 4
    Last Post: 05-23-2011, 07:17 AM
  3. Replies: 2
    Last Post: 04-28-2011, 03:20 AM
  4. download Brief case content for external users
    By nashwa_sowelam@avit.com.eg in forum Users
    Replies: 1
    Last Post: 01-31-2011, 03:49 PM
  5. External LDAP - Users can't log in
    By bjimerson in forum Administrators
    Replies: 4
    Last Post: 08-20-2006, 01:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •