Results 1 to 3 of 3

Thread: ZCO 6.0.1_GA_1816 allows users to "send on behalf"

  1. #1
    Join Date
    Mar 2008
    Location
    Berkeley, CA
    Posts
    23
    Rep Power
    7

    Default ZCO 6.0.1_GA_1816 allows users to "send on behalf"

    Good evening,

    We recently upgraded to ZCS 6.0.1_GA_1816 Network Edition (running on Ubuntu 6.06 LTS), and, accordingly, upgraded our Zimbra Connectors for Outlook.

    While I found posts acknowledging that sending mail as another user in other areas of Zimbra was an issue addressed in the last of the 5.0.x releases, we have found that Outlook users can, when creating a new message, choose Options->Show From and enter any address from their address book, and send on behalf of another user, even though the "Allow sending e-mail from any address" preference is neither enabled for the user nor any CoS on the ZCS server.

    Mac users receive the item in the Sent box (which makes sense; this would follow the "sent on behalf of" concept), and but since the message does not identify itself as "sent on behalf" as it does in Outlook, it seems as though it would be easy to masquerade as someone else if you had access to Outlook and the connector. The only clue is the "Reply-to" field, which shows the true sender.

    Is this a known and accepted behavior, or is this being addressed in a future release? Or, is there something that is mis-set somewhere that I might be overlooking? I've checked the CoS and user preferences for the "Allow sending e-mail from any address" box, and they are all unchecked. Is there another setting in the connector itself that might correspond to this?

    Thanks very much in advance for your help.

  2. #2
    Join Date
    Sep 2006
    Posts
    1,334
    Rep Power
    11

    Default

    We've gone back and forth on this, and decided that for now, this is by design. What we really need is a server side Send As permission. The server part has been done (bug 22819). Bug 36226 is a client enhancement that is slated for a later release. There would also have to be some ZCO work for this.

  3. #3
    Join Date
    Mar 2008
    Location
    Berkeley, CA
    Posts
    23
    Rep Power
    7

    Default

    That's good to know. The reason this is so concerning is that it's easier for Apple Mail users to be spoofed. Outlook users see the unusually verbose "sent on behalf of" heading on the message, but Mac users don't get that.

    Even so, it would be good to rectify the permission to prevent the interpretation that the user on whose behalf the message was sent really originated the message.

Similar Threads

  1. Active Directory Script to import users to Zimbra
    By egrueda in forum Administrators
    Replies: 35
    Last Post: 08-29-2012, 11:54 AM
  2. Replies: 1
    Last Post: 11-02-2008, 12:52 AM
  3. [SOLVED] Download links not working for Demo users trying to test ZCO
    By BrandonH in forum Zimbra Connector for Outlook
    Replies: 2
    Last Post: 12-04-2007, 09:41 PM
  4. ZCO adding new profile when upgrading
    By chh in forum Zimbra Connector for Outlook
    Replies: 2
    Last Post: 09-28-2007, 04:29 AM
  5. Mixing and matching ZCO versions with ZCS versions?
    By vshah in forum Zimbra Connector for Outlook
    Replies: 3
    Last Post: 12-21-2006, 05:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •