Historically in Zimbra it has been possible to log in using the account email address, but also using an email alias. For security reasons it is recommended to disable the log in by use of an alias.
Follow below steps to find out if alias login is enabled on your Zimbra deployment, and configure it to your needs:
- Execute the below command on the respective mailbox server to check the current status first. It will show TRUE or FALSE.
zmlocalconfig alias_login_enabled
- Execute the below command to disallow login to alias account, for security reasons, this is the recommended setting.
zmlocalconfig -e alias_login_enabled=false
- Execute the below command to allow login to alias account
zmlocalconfig -e alias_login_enabled=true
- Once done with the above changes make sure to restart the mailbox services.
zmmailboxdctl restart
- If alias login is disabled and still somebody tries to login using alias account the log entry will show like follows in /opt/zimbra/log/audit.log
2021-06-28 23:14:25,104 WARN [qtp1225197672-333://localhost:8080/service/soap/BatchRequest] [name=alias-user@example.com;oip=xx.xx.xx.xx;ua=zclient/8.8.15_GA_3991;soapId=c2df7e2;] security - cmd=Auth account=original-user@example.com; protocol=soap; error=authentication failed for [alias-user@example.com], alias login not enabled.;
No comments yet.