We recently upgraded to ZCS 6.0.1_GA_1816 Network Edition (running on Ubuntu 6.06 LTS), and, accordingly, upgraded our Zimbra Connectors for Outlook.
While I found posts acknowledging that sending mail as another user in other areas of Zimbra was an issue addressed in the last of the 5.0.x releases, we have found that Outlook users can, when creating a new message, choose Options->Show From and enter any address from their address book, and send on behalf of another user, even though the "Allow sending e-mail from any address" preference is neither enabled for the user nor any CoS on the ZCS server.
Mac users receive the item in the Sent box (which makes sense; this would follow the "sent on behalf of" concept), and but since the message does not identify itself as "sent on behalf" as it does in Outlook, it seems as though it would be easy to masquerade as someone else if you had access to Outlook and the connector. The only clue is the "Reply-to" field, which shows the true sender.
Is this a known and accepted behavior, or is this being addressed in a future release? Or, is there something that is mis-set somewhere that I might be overlooking? I've checked the CoS and user preferences for the "Allow sending e-mail from any address" box, and they are all unchecked. Is there another setting in the connector itself that might correspond to this?
Thanks very much in advance for your help.