Results 1 to 7 of 7

Thread: Prevent account creation on specific mailstore?

  1. #1
    Join Date
    Jan 2007
    Location
    Baltimore, Maryland
    Posts
    51
    Rep Power
    8

    Default Prevent account creation on specific mailstore?

    We have 3 zimbra servers running with this intended use.

    mailstore1 (1750 users/4TB storage)
    mailstore2 (1750 users/4TB storage)
    proxy perdition for imap/pop and tomcat for webUI ( intend 0 users)

    We like giving a single URL for webUI use but I have the unexpected result of a full mail store that could have an account created on it by error. Is there a way to prevent account creation? (COS offers some control but it can be overridden manually)

    I installed the mailstore because I think I need it to get tomcat.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Ok so using that third box with perdition for the imap/pop users and your MTA?

    On that third box instead of installing the mailstore for the web interface-why not just add a virtual host/the url you want people to connect too. Domains>Virtual Hosts tab. The virtual host requires a valid DNS configuration with an A record.

    You can deploy a load balancer so that all users can log in using the same address/name instead of having to remember which server their mailbox is on.

    You set up a virtual hostname of mail.example.com and configure the mail servers, mail1.example.com to mailx.example.com.

    When users log on to mail.example.com, the load balancer directs the user to any one of the mail servers to verify the log on information. After successfully logging on, users are redirected to the actual server their mail is stored on. While they are logged on, all subsequent requests go directly to their server.

    In order to configure load balancing for ZCS,
    1. Each Zimbra servers must have a routeable address/name.
    2. You must configure the virtual hostname on the administration console.
    3. You must turn on the following localconfig setting on each mail server,
    zmlocalconfig -e zimbra_auth_always_send_refer=true

    We like giving a single URL for webUI use
    The real question is-for the web interface, are you trying to hide the url of the machine they connect to? That would be a whole other topic/method.
    Last edited by mmorse; 06-28-2007 at 07:46 AM.

  3. #3
    Join Date
    Jan 2007
    Location
    Baltimore, Maryland
    Posts
    51
    Rep Power
    8

    Default

    I am not sure how our certificates would react to this layout. The current config allows us to use our self signed certificates (We install our root CA) without any error messages for the users to ignore or ask questions about. We have a different cert for each host, mail-01, mail-02 & zmail.

    Currently we tell users to connect to zmail.example.com once they log in the get redirected to mail-01 or mail-02... But only the auth portion is encrypted...

    No hiding the URL is not important. It will actually help a bit when users start setting up zimbra remote on phones.

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    But only the auth portion is encrypted...
    So you have it setup so that after login they leave the https connection anyway right?
    So they connect to the virtual host (on any mailstore), login, get redirected to their mailstore...So the question is does the https connection switch to http before the redirect or after....personally I couldn't tell ya, I don't make use of that method.
    If your using https for the entire session-that's where wildcard certs come in handy

  5. #5
    Join Date
    Jan 2007
    Location
    Baltimore, Maryland
    Posts
    51
    Rep Power
    8

    Default

    Quote Originally Posted by mmorse View Post
    If your using https for the entire session-that's where wildcard certs come in handy
    But the phones do not play nice with wildcard certs.

    When will my karma be in balance?

  6. #6
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Is it WM5?

    As Windows Mobile 5 does not support SSL certificates containing "wildcards" in URL address (for example *.company.com). This applies for AlternativeNames as well as for URL address of the server-to disable ceritificate checking in Windows Mobile 5 device:
    -edit the following registry in Hkey_Current_User\Software\Microsoft\ActiveSync\Partner s\UID_Server_partnership.
    -Add a new Value secure of DWORD type and set it to 0.
    (UID_Server_partnership
    is unique ID number specifing the partnership with the specific server.)
    Last edited by mmorse; 06-28-2007 at 08:28 AM.

  7. #7
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

Similar Threads

  1. External LDAP - auto Account creation
    By nepenthe in forum Administrators
    Replies: 9
    Last Post: 08-20-2008, 10:05 AM
  2. Replies: 2
    Last Post: 05-31-2007, 01:19 PM
  3. How to send blocked email to a specific account
    By greywolf in forum Administrators
    Replies: 3
    Last Post: 03-05-2007, 02:22 PM
  4. Catch All for a specific account
    By LaptopsForLess in forum Administrators
    Replies: 4
    Last Post: 01-25-2007, 11:36 PM
  5. Automatic Account Creation
    By dtrounson in forum Migration
    Replies: 2
    Last Post: 10-05-2006, 04:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •