Results 1 to 3 of 3

Thread: Impersonating in ZD and ZWeb

  1. #1
    Join Date
    Apr 2012
    Posts
    3
    Rep Power
    3

    Default Impersonating in ZD and ZWeb

    Hi there, first post here.
    A colleague found that if you enter Prefrences and edit your Profile (Main Account) you can cahnge the "From" data to any other existing account (name, email address) and later send a message impersonating this account without knowing its password.

    Of course, if you analize afterwards the full header, you'll find the trace of the real account, buy for security purposes I consider this should be avoided.

    Does anybody knows how to deal with this problem?
    Please let me know if this problem hast been delt in another place.

    Thanks to everyone,
    Marcelo Mello

  2. #2
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    454
    Rep Power
    6

    Default

    A colleague found that if you enter Prefrences and edit your Profile (Main Account) you can cahnge the "From" data to any other existing account (name, email address) and later send a message impersonating this account without knowing its password.
    This isn't possible if either using, the web portal, Zimbra desktop or Outlook for the Zimbra Network Edition if 'Allow sending email from any address' is not checked.

    If using pop3 or IMAP, there are no controls. To turn this feature off:

    In the administrative portal, go to the user's class of service (COS), under Preferences, uncheck:

    Allow sending email from any address

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  3. #3
    Join Date
    Apr 2012
    Posts
    3
    Rep Power
    3

    Default

    Dear Lytldd, thanks for sharig this piece of information, I've tried successfully the option you've mentioned.

    Best regards,
    Marcelo Mello

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •