Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Collaboration Suite > ZCS Client Connectors > Zimbra Connector for Outlook
Reload this Page ZCO 6.0.1_GA_1816 allows users to "send on behalf"

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-03-2009, 06:10 PM
Intermediate Member
  
Posts: 21
Default ZCO 6.0.1_GA_1816 allows users to "send on behalf"
Good evening,

We recently upgraded to ZCS 6.0.1_GA_1816 Network Edition (running on Ubuntu 6.06 LTS), and, accordingly, upgraded our Zimbra Connectors for Outlook.

While I found posts acknowledging that sending mail as another user in other areas of Zimbra was an issue addressed in the last of the 5.0.x releases, we have found that Outlook users can, when creating a new message, choose Options->Show From and enter any address from their address book, and send on behalf of another user, even though the "Allow sending e-mail from any address" preference is neither enabled for the user nor any CoS on the ZCS server.

Mac users receive the item in the Sent box (which makes sense; this would follow the "sent on behalf of" concept), and but since the message does not identify itself as "sent on behalf" as it does in Outlook, it seems as though it would be easy to masquerade as someone else if you had access to Outlook and the connector. The only clue is the "Reply-to" field, which shows the true sender.

Is this a known and accepted behavior, or is this being addressed in a future release? Or, is there something that is mis-set somewhere that I might be overlooking? I've checked the CoS and user preferences for the "Allow sending e-mail from any address" box, and they are all unchecked. Is there another setting in the connector itself that might correspond to this?

Thanks very much in advance for your help.
Reply With Quote
  #2 (permalink)  
Old 11-03-2009, 09:34 PM
Zimbra Employee
  
Posts: 580
Default
We've gone back and forth on this, and decided that for now, this is by design. What we really need is a server side Send As permission. The server part has been done (bug 22819). Bug 36226 is a client enhancement that is slated for a later release. There would also have to be some ZCO work for this.
Reply With Quote
  #3 (permalink)  
Old 11-04-2009, 04:24 PM
Intermediate Member
  
Posts: 21
Default
That's good to know. The reason this is so concerning is that it's easier for Apple Mail users to be spoofed. Outlook users see the unusually verbose "sent on behalf of" heading on the message, but Mac users don't get that.

Even so, it would be good to rectify the permission to prevent the interpretation that the user on whose behalf the message was sent really originated the message.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com


Home - Blog - Contact Us - Archive - Top


 

Search Engine Optimization by vBSEO 3.1.0