[Users] Impersonate emails

Phil Pearl phil.pearl at synacor.com
Fri Oct 5 02:37:17 CEST 2018 

You might find this useful: [ https://wiki.zimbra.com/wiki/Security_Center#ZWC_affected_by_Mailsploit | https://wiki.zimbra.com/wiki/Security_Center#ZWC_affected_by_Mailsploit ] 

- The short summary is 8.8.7 included the change that should have new installs with zimbraPrefShortEmailAddress set to FALSE, but sites that upgrade need to make this change manually (this wasn't forced upon upgrade due to the fact that it is a fairly visible change for end users) 

Phil 


From: "Barry de Graaff" <info at barrydegraaff.tk> 
To: "Thor" <thor918 at gmail.com> 
Cc: "users" <users at lists.zetalliance.org> 
Sent: Thursday, October 4, 2018 5:00:36 PM 
Subject: Re: [Users] Impersonate emails 

I had a discussion about this with Zimbra and since Mailsploit, I believe the consensus is that putting it to FALSE is the safest. 

Also maybe for new installations the default is FALSE, had a discussion about that, but not sure that ever made GA. 


Regards Barry 

On 4 Oct 2018, at 21:40, Thor < [ mailto:thor918 at gmail.com | thor918 at gmail.com ] > wrote: 




ah thanks. 
found the attribute for it 

<attr id="1173" name="zimbraPrefShortEmailAddress" type="boolean" cardinality="single" optionalIn="account,cos" flags="accountInherited,domainAdminModifiable" since ="7.0.1"> 
<defaultCOSValue>TRUE</defaultCOSValue> 
<desc>show just the display name of email addresses in the message header area and compose pane</desc> 
</attr> 

so I can set it in COS :) 

what do you have it set to for all user as default? 

-Thor- 


On Thu, 4 Oct 2018 at 21:15, Aaron Cayard-Roberts < [ mailto:cayaraa at earlham.edu | cayaraa at earlham.edu ] > wrote: 

BQ_BEGIN

You can disable the name only when viewing a message by turning off "Display names in place of email addresses when available". Its found at the very bottom of the General settings. 


-Aaron 

----- On Oct 4, 2018, at 3:11 PM, Thor [ mailto:thor918 at gmail.com | thor918 at gmail.com ] wrote: 

> [ https://forums.zimbra.org/viewtopic.php?t=59714 | https://forums.zimbra.org/viewtopic.php?t=59714 ] 
> 
> How do others deal with users that fall for emails that tries to trick by 
> using same title as real persons they normaly communicate with? I know you 
> could mouseover. any other suggestions on how to deal with those on zimbra? 

-- 
Aaron Cayard-Roberts 
System and Security Administrator 
Information Technology Services 
Earlham College 
801 National Road West 
Richmond, IN 47374 
Phone: 765-983-1851 




BQ_END





This message and any attachment may contain information that is confidential and/or proprietary. Any use, disclosure, copying, storing, or distribution of this e-mail or any attached file by anyone other than the intended recipient is strictly prohibited. If you have received this message in error, please notify the sender by reply email and delete the message and any attachments. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20181004/7a8f79f5/attachment.html>

More information about the Users mailing list