Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

Frustration setting in...

Post feedback about our hosted demo or your local install. Tell us what you love and/or what you’d like to see added in the future.
cavj1
Advanced member
Advanced member
Posts: 52
Joined: Sat Sep 13, 2014 2:09 am

Frustration setting in...

Postby cavj1 » Thu Feb 03, 2022 8:55 pm

Hi...

I know I'm going to get some hate here for this but we've been using Zimbra for over ten years now and over the past year or so my frustration with the product continues to grow. Even something as a simple rule doesn't work correctly. Not only does it not work correctly the design process behind the rule is flawed at best.

For example...I'm a business...I go out of office. I want to setup a OOO rule that while I'm out I want my mail is forwarded to someone to cover. This should be part of the OOO of rules and settings. In ZCO...not there. Webmail not there. You have to go somewhere else to setup the forward. If I set a filter it doesn't keep the message...

Another example...I get mail from a particular email address. I want a rule where the message comes in...move it to a folder and forward a copy to another address. I WANT the original in my folder. How do I manage my business if I don't know what was forwarded? The redirect to another address doesn't even give you a sent item. I know it sent the item but why would I not have the sent item.

Sorry...I know I'm venting and I don't want to get on the O365/Google Enterprise bandwagon but they need to catch to the rest of the email and collab space.

If anyone has any suggestions to fixing the two of many issues outlined here I'm all ears...or eyes since I'll be reading it and not hearing it.

Appreciate the read...


User avatar
jholder
Zimbra Employee
Zimbra Employee
Posts: 4824
Joined: Fri Sep 12, 2014 10:00 pm

Re: Frustration setting in...

Postby jholder » Fri Feb 04, 2022 9:14 pm

Hi cavj1,

My name is John Holder. I wanted you to know that I read your post, and we're grateful for your feedback. Your concerns seem reasonable. If you have a sales agent, I would contact them. They can often push things through the pipeline faster.

I wanted to give you the context behind a few of your observations. This is not to diminish your issues.
Not only does it not work correctly the design process behind the rule is flawed at best.

The Zimbra server uses rules from the industry-standard java class "jseive". We have found their design robust and well thought out, but I completely understand if you disagree.

Zimbra splits this into 2 settings for a reason. Both are configurable via the Class of Service. We have found that a granular approach to settings (while annoying) is more desirable than a bundle of settings that assumes admins are okay with allowing users to automatically forward in the event of an OOO.

We follow RFC 3834: https://datatracker.ietf.org/doc/html/rfc3834
One major consideration when we implement settings that are automated is data leakage. Zimbra must never create a scenario where an unexpected setting can leak things like credit card purchases, password resets, and other sensitive data. The only way we can ensure that the user and admin are well aware of this is to separate the setting and require more interaction.

There's no standard for OOF. It's up to the implementor. When implementing Zimbra, we followed Google's approach to this topic, and not Microsoft's. But, I don't think there's a problem revisiting this.
cavj1
Advanced member
Advanced member
Posts: 52
Joined: Sat Sep 13, 2014 2:09 am

Re: Frustration setting in...

Postby cavj1 » Fri Feb 04, 2022 10:47 pm

Thank you very much John for your reply. It is nice to see someone listening.

We do have a business partner and we have expressed these concerns over the years to them. I don't know where they wind up though.

I understand wanting to protect information being forwarded to an incorrect place but I'm not sure how that is prevented by having the forward option in a different place. A mistake could be made anywhere.

For us the forward option doesn't exist at all in ZCO. With a large user base that has "grown up" using Outlook it is what they know. To have to tell them oh...now open the web client to finish the OOO settings is cumbersome. Unfortunately, the integrations to our other systems only exist in the Microsoft Office world. I would love to move to Web only but it just isn't an option without heavy cost of third party integration's.

As for the Filters...can you add an option for a forward to another address with a keep local copy? I don't see any ability to enable such a function in a COS. Using your example a user has no idea if something was sent to a wrong place if they don't get a sent item from the forward AND have a way to see the original to know what work came in and follow through to make sure it was handled.

I hope I'm making this clear here...sometimes it is hard to put it all into a post.

Thanks
Joe
User avatar
jholder
Zimbra Employee
Zimbra Employee
Posts: 4824
Joined: Fri Sep 12, 2014 10:00 pm

Re: Frustration setting in...

Postby jholder » Fri Feb 04, 2022 10:55 pm

Let me look into this for you. It's the weekend and we recently had the XSS security issue, so it might be a few days. If I forget, feel free to remind me: jholder@zimbra.com

Let me see what I can do.
BradC
Advanced member
Advanced member
Posts: 185
Joined: Tue May 03, 2016 1:39 am

Re: Frustration setting in...

Postby BradC » Sat Feb 05, 2022 6:02 am

cavj1 wrote:As for the Filters...can you add an option for a forward to another address with a keep local copy? I don't see any ability to enable such a function in a COS. Using your example a user has no idea if something was sent to a wrong place if they don't get a sent item from the forward AND have a way to see the original to know what work came in and follow through to make sure it was handled.


There is an option in Preferences->Mail->Receiving Messages->Message Arrival to forward a copy of incoming mail to another address. Not exactly a "one touch" solution, and very much an "all or nothing", but it's there.
cavj1
Advanced member
Advanced member
Posts: 52
Joined: Sat Sep 13, 2014 2:09 am

Re: Frustration setting in...

Postby cavj1 » Mon Feb 07, 2022 9:53 pm

Thanks Brad...the all or nothing doesn't work for this use case. It is a From a Specific Address, move to folder and forward a copy to another person.
User avatar
jholder
Zimbra Employee
Zimbra Employee
Posts: 4824
Joined: Fri Sep 12, 2014 10:00 pm

Re: Frustration setting in...

Postby jholder » Thu Feb 17, 2022 12:54 am

Just wanted to give you an update. I have not forgotten about this. Some days I get a bit busy, and it has been a very busy 2 weeks. Apologies, but I can I assure you it's not forgotten.

Return to “Users”

Who is online

Users browsing this forum: No registered users and 10 guests