Users can sign up to the web interface in a virtual host domain different from their own domain by using their full email address: can login at if using the full email address as login id.

This shouldn't pose any particular security issues (or does it?) as the user still sees his own mail. Also a user would have to know that another domain is using zimbra (and on the same zimbra install). However, it's messy. It's also liable to create FUD in the minds of end-users and corporate admin clients if they ever encounter this behaviour.

Is there any way to prevent this, and force a user in a given domain to only be able to login in the web mail page for that domain ? That is, can only log in at can only log in at