Disable login using email alias

Historically in Zimbra it has been possible to log in using the account email address, but also using an email alias. For security reasons it is recommended to disable the log in by use of an alias.

Follow below steps to find out if alias login is enabled on your Zimbra deployment, and configure it to your needs:

  • Execute the below command on the respective mailbox server to check the current status first. It will show TRUE or FALSE.
 zmlocalconfig alias_login_enabled
  • Execute the below command to disallow login to alias account, for security reasons, this is the recommended setting.
 zmlocalconfig -e alias_login_enabled=false
  • Execute the below command to allow login to alias account
 zmlocalconfig -e alias_login_enabled=true
  • Once done with the above changes make sure to restart the mailbox services.
 zmmailboxdctl restart
  • If alias login is disabled and still somebody tries to login using alias account the log entry will show like follows in /opt/zimbra/log/audit.log
 2021-06-28 23:14:25,104 WARN  [qtp1225197672-333://localhost:8080/service/soap/BatchRequest] [name=alias-user@example.com;oip=xx.xx.xx.xx;ua=zclient/8.8.15_GA_3991;soapId=c2df7e2;]  
 security - cmd=Auth account=original-user@example.com; protocol=soap; error=authentication failed for [alias-user@example.com], alias login not enabled.;

Further reading


No comments yet.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures