Results 1 to 5 of 5

Thread: Preventing admin from reading certain mailboxes

  1. #1
    koi-bito is offline Intermediate Member
    Join Date
    Nov 2006
    Posts
    18
    Rep Power
    8

    Default Preventing admin from reading certain mailboxes

    We'd like to know if there's a way to prevent the Zimbra admin from reading certain mail accounts of senior management, as their mailboxes will contain certain confidential material.

    Is there a way to do this? Many thanks in advance.

  2. #2
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,292
    Rep Power
    13

    Default

    No.

    Anyway the messages are written on the server's harddrive in a readable format...

  3. #3
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    You run into the "who polices the police" problem.

    I'm sure you could file a bug enhancement request for this feature, but anyone with root access can see the eml files anyway.

    You could set up a cron job to mail, rsync, or sftp the audit.log to someone. . .Allthough the log itself is still open to tampering.

  4. #4
    nxnw is offline Intermediate Member
    Join Date
    Feb 2006
    Posts
    22
    Rep Power
    9

    Default

    You could use an email client (thunderbird, outlook (I assume), apple mail) that supports s/mime encryption. I assume that this is not yet supported by the zimbra web interface.

    Each person in the secure group would need certificates and public/private keys, which can be obtained from a certificate authority like Thawte.

    You will find lots of instructions if you google s/mime thawte. Add apple to the search if you are using a mac.
    Last edited by nxnw; 12-03-2006 at 11:34 AM.

  5. #5
    schemers is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    228
    Rep Power
    9

    Default

    There is an outstanding bug for fine-grained admin access control, which is slated for an upcoming release.

    After it is implemented, you'll be able to say at a fine-grained level what access you want an admin to have. For example, you could grant one admin access to reset passwords on certain accounts, but not change anything else, and another admin access to create domains but not change server info, etc.

    You'll also be able to grant "view mail" access to an admin on only certain mailboxes. Of course, if they have physical access to the machine and/or a root/zimbra login they will still be able to access the data.
    Bugzilla - Wiki - Downloads - Before posting... Search!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 6
    Last Post: 08-21-2007, 09:51 PM
  2. Replies: 9
    Last Post: 08-31-2006, 08:02 AM
  3. From POP3 and 100 scattered mailboxes to Zimbra
    By spiderman in forum Administrators
    Replies: 5
    Last Post: 08-11-2006, 08:00 PM
  4. How do I set Admin password?
    By sjames in forum Installation
    Replies: 4
    Last Post: 07-24-2006, 04:01 PM
  5. Move server to different OS
    By EriSan500 in forum Administrators
    Replies: 7
    Last Post: 03-05-2006, 01:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •