Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 52

Thread: Disable Admin View Mail

  1. #11
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default Really?

    What was the bug ID? I'll try to track that down for you...
    Bugzilla - Wiki - Downloads - Before posting... Search!

  2. #12
    Join Date
    Jan 2007
    Posts
    58
    Rep Power
    8

    Default Disable Admin View Mail


  3. #13
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default That's not what the bug's about...

    That bug says that when admins are logged into the mail system as themselves they should have normal user rights. This was causing people no end of confusion, because one user would share a calendar with the admin read-only and the admin would be able to modify it from their regular mail client.

    You want something completely different. Is there a bug filed for what you want?
    Bugzilla - Wiki - Downloads - Before posting... Search!

  4. #14
    Join Date
    Jan 2007
    Posts
    58
    Rep Power
    8

    Default Disable Admin View Mail

    My case number is: 00008212 "Is it possible to disable the admin from being able to view the users email?"
    Last edited by pfefferc; 02-07-2007 at 01:23 PM.

  5. #15
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by pfefferc View Post
    My case number is: 00008212 "Is it possible to disable the admin from being able to view the users email?"
    It is possible to write an admin extension that will disable the feature in the UI, however they will still be able to do it if they hack into the SOAP.
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  6. #16
    Join Date
    Jan 2007
    Posts
    58
    Rep Power
    8

    Default Disable Admin View Mail

    How would I do that? Or is there away so that when they click view mail, to prompt for the user's password?

  7. #17
    Join Date
    Apr 2006
    Posts
    84
    Rep Power
    9

    Default

    Quote Originally Posted by Greg View Post
    It is possible to write an admin extension that will disable the feature in the UI, however they will still be able to do it if they hack into the SOAP.
    That would be a nice workaround though.
    I am in the same situation as pfefferc :
    I use Zimbra Open Source only for my domain (with a quite limited number of users, about 30).
    I would like to delegate the creation of user accounts to one of my colleagues, but I don't want him to be able to view users emails.

    Why can the global administrator view users emails anyway ? I don't want to view them !
    Having the ability to reset a user's password is enough, IMHO.

    For now, I just voted for this bug (quite hard to find, but it's here : http://bugzilla.zimbra.com/show_bug.cgi?id=11374), but I really think this is a power that administrators shouldn't have.

  8. #18
    Join Date
    May 2006
    Posts
    196
    Rep Power
    9

    Default

    Quote Originally Posted by Greg View Post
    It is possible to write an admin extension that will disable the feature in the UI, however they will still be able to do it if they hack into the SOAP.
    I think you should include something like this as a regular feature. so that you have to decide if you want this activated or not when installing.
    The point is that in Germany (and I guess in other countries as well) this feature will make it impossible to use Zimbra in some companies.
    There are laws that prohibit anyone to be able to read the mails of another person without consent or very strict rulings as long as it is not forbidden to use the mailbox for private mails as well (and still even if this is the case).

    Christian

  9. #19
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by chh View Post
    The point is that in Germany (and I guess in other countries as well) this feature will make it impossible to use Zimbra in some companies.
    There are laws that prohibit anyone to be able to read the mails of another person without consent or very strict rulings as long as it is not forbidden to use the mailbox for private mails as well (and still even if this is the case).
    Having a drill is not illegal, but using it to drill a whole in the safe box is. It seems like the problem in this case is not the availability of this feature in the UI but the ability of an admin to read users' email. If the laws prohibit it then clicking the "View Mail" button without the user's consent is illegal. As it is illegal to access this user's mailbox in any other way. However, there is a catch If you are the admin and you have root access to the box, you can read any email you want unless it is encrypted with a public key and the adresse of the email is the only one who has the private key. Also, if there is an ability to change password - the admin can 1 - change password, 2 - log in into the mailbox, 3 - read the email. And so on... there are numerous ways to break this law for someone with root access to the domain no matter which email server is being used. The bottom line is that the admin has an ability to access users' email whether this feature is there or not. So, I agree that this feature might be provocative for an admin who you do not trust, but I do not see how this UI feature interferes with the law.
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  10. #20
    Join Date
    May 2006
    Posts
    196
    Rep Power
    9

    Default

    Greg,
    you are right, the feature has nothing to do with the law. And you are right in saying that an admin can, nearly, do everything he wants.
    IT is just making this thing very easy and obvious. And I know that some applications dealing with email make it impossible to do this (except going back to basic OS mechanisms) for a single person to read the mails of others.
    Perhaps I am a bit over concious on this point as we had some workshops for customers dealing with these things.

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 02:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 09:09 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 04:34 PM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •