Difference between revisions of "Blocking the Outlook Mobile App for iOS and Android"

(Log trace)
m
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Unsupported}}{{Article Infobox|{{admin}}|{{ZCS 8.6}}||{{ZCS 8.5}}|||}}
+
{{BC|Community Sandbox}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Blocking the Outlook Mobile App for iOS and Android=
 +
{{KB|{{Unsupported}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}
  
= Blocking the Outlook Mobile App for iOS and Android =
+
In February 2015, Microsoft released the Outlook Mobile app for iOS and Android. Previously, with Acompli, the Outlook Mobile App came with a lot of security issues and some companies expressed concerns about it:
 
 
In February 2015, Microsoft release the Outlook Mobile app for iOS and Android. Previously Acompli, the Outlook Mobile App came with a lot of security issues and some companies expressed concerned about it:
 
 
* [http://windowsitpro.com/blog/do-ex-acompli-now-outlook-clients-really-compromise-security-or-everyone-overreacting http://windowsitpro.com/blog/do-ex-acompli-now-outlook-clients-really-compromise-security-or-everyone-overreacting]
 
* [http://windowsitpro.com/blog/do-ex-acompli-now-outlook-clients-really-compromise-security-or-everyone-overreacting http://windowsitpro.com/blog/do-ex-acompli-now-outlook-clients-really-compromise-security-or-everyone-overreacting]
 
* [http://windowsitpro.com/blog/worried-about-security-and-privacy-outlook-ios-and-android-heres-your-chance-debate-issues http://windowsitpro.com/blog/worried-about-security-and-privacy-outlook-ios-and-android-heres-your-chance-debate-issues]
 
* [http://windowsitpro.com/blog/worried-about-security-and-privacy-outlook-ios-and-android-heres-your-chance-debate-issues http://windowsitpro.com/blog/worried-about-security-and-privacy-outlook-ios-and-android-heres-your-chance-debate-issues]
 
* [http://securityaffairs.co/wordpress/33059/hacking/ios-outlook-app-issues.html http://securityaffairs.co/wordpress/33059/hacking/ios-outlook-app-issues.html]
 
* [http://securityaffairs.co/wordpress/33059/hacking/ios-outlook-app-issues.html http://securityaffairs.co/wordpress/33059/hacking/ios-outlook-app-issues.html]
* [http://www.pcworld.com/article/2881632/eu-parliament-blocks-new-outlook-apps-over-privacy-concerns.htmlhttp://www.pcworld.com/article/2881632/eu-parliament-blocks-new-outlook-apps-over-privacy-concerns.html]
+
* [http://www.pcworld.com/article/2881632/eu-parliament-blocks-new-outlook-apps-over-privacy-concerns.html http://www.pcworld.com/article/2881632/eu-parliament-blocks-new-outlook-apps-over-privacy-concerns.html]
  
 
==Blocking the Outlook Mobile App with the Proxy service==
 
==Blocking the Outlook Mobile App with the Proxy service==
  
If we are running Zimbra with the Proxy service, we can block the Outlook Mobile App editing the next commands '''(these changes will survive a restart of the services, but not an upgrade)'''
+
If you are running Zimbra with the Proxy service, you can block the Outlook Mobile App editing the next commands '''(these changes will survive a restart of the services, but not an upgrade)'''
  
 
As the zimbra user, you'll edit the following files.
 
As the zimbra user, you'll edit the following files.
Line 27: Line 29:
 
     server
 
     server
 
     {
 
     {
         '''if ($http_user_agent ~ (Outlook-iOS-Android) ) {
+
         if ($http_user_agent ~ (Outlook-iOS-Android) ) {
         return 403;'''
+
         return 403;
     }
+
        }
 +
     [...]
 
Edit the HTTPS Nginx template:
 
Edit the HTTPS Nginx template:
  
     vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template
+
     vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template
  
 
And add the next content when the server starts:
 
And add the next content when the server starts:
Line 40: Line 43:
 
     server
 
     server
 
     {
 
     {
         '''if ($http_user_agent ~ (Outlook-iOS-Android) ) {
+
         if ($http_user_agent ~ (Outlook-iOS-Android) ) {
         return 403;'''
+
         return 403;
     }
+
        }
 +
     [...]
  
 
Restart the Zimbra services to apply the changes [still as the zimbra user]:
 
Restart the Zimbra services to apply the changes [still as the zimbra user]:
Line 50: Line 54:
 
==Log trace==
 
==Log trace==
  
In the logs we can see the access attempts with Outlook Mobile App and the 403 errors [Forbidden] :
+
In the nginx log '''/opt/zimbra/log/nginx.access.log''' we can see the access attempts with Outlook Mobile App and the 403 errors [Forbidden] :
    tail -f /opt/zimbra/log/nginx.access.log
 
 
     54.187.102.116:55301 - zimbra.io\x5Cadmin [11/Feb/2015:10:16:42 -0500]   
 
     54.187.102.116:55301 - zimbra.io\x5Cadmin [11/Feb/2015:10:16:42 -0500]   
 
   "POST /Microsoft-Server-ActiveSync?User=zimbra.io%5Cadmin&DeviceId=215CD17123FC80C2&DeviceType=Outlook&Cmd=Sync  
 
   "POST /Microsoft-Server-ActiveSync?User=zimbra.io%5Cadmin&DeviceId=215CD17123FC80C2&DeviceType=Outlook&Cmd=Sync  
 
   HTTP/1.1" 403 310 "-" "Outlook-iOS-Android/1.0" "-"
 
   HTTP/1.1" 403 310 "-" "Outlook-iOS-Android/1.0" "-"
  
We can also see a reference to the IP address of 54.187.102.116, which is the Microsoft Outlook servers, and not from our device ISP provider.
+
Note the reference to the IP address of 54.187.102.116, which is the Microsoft Outlook servers, and not from our device ISP provider.
  
And see the Log from the Mail.app accesing without problem:
+
We can also see that Mail.App can continue accession the ZCS server with no issues:
  
 
   23.23.23.23:51889 - zimbra.io\x5Cadmin [11/Feb/2015:10:17:29 -0500]   
 
   23.23.23.23:51889 - zimbra.io\x5Cadmin [11/Feb/2015:10:17:29 -0500]   
Line 80: Line 83:
  
  
{{Article Footer|Zimbra Collaboration Suite 8.6, 8.5|02/11/2015}}
+
{{Article Footer|Zimbra Collaboration Suite 8.8, 8.7, 8.6|02/11/2015}}

Latest revision as of 09:03, 14 September 2017

Blocking the Outlook Mobile App for iOS and Android

   KB 21518        Last updated on 2017-09-14  




0.00
(0 votes)

In February 2015, Microsoft released the Outlook Mobile app for iOS and Android. Previously, with Acompli, the Outlook Mobile App came with a lot of security issues and some companies expressed concerns about it:

Blocking the Outlook Mobile App with the Proxy service

If you are running Zimbra with the Proxy service, you can block the Outlook Mobile App editing the next commands (these changes will survive a restart of the services, but not an upgrade)

As the zimbra user, you'll edit the following files.

su - zimbra

Edit the HTTP Nginx template:

   vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template

And add the next content when the server starts:

   # HTTP Proxy Default Configuration
   #
   server
   {
       if ($http_user_agent ~ (Outlook-iOS-Android) ) {
       return 403;
       }
   [...]

Edit the HTTPS Nginx template:

   vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template

And add the next content when the server starts:

   # HTTPS Proxy Default Configuration
   #
   server
   {
       if ($http_user_agent ~ (Outlook-iOS-Android) ) {
       return 403;
       }
   [...]

Restart the Zimbra services to apply the changes [still as the zimbra user]:

   zmcontrol restart

Log trace

In the nginx log /opt/zimbra/log/nginx.access.log we can see the access attempts with Outlook Mobile App and the 403 errors [Forbidden] :

   54.187.102.116:55301 - zimbra.io\x5Cadmin [11/Feb/2015:10:16:42 -0500]  
  "POST /Microsoft-Server-ActiveSync?User=zimbra.io%5Cadmin&DeviceId=215CD17123FC80C2&DeviceType=Outlook&Cmd=Sync 
  HTTP/1.1" 403 310 "-" "Outlook-iOS-Android/1.0" "-"

Note the reference to the IP address of 54.187.102.116, which is the Microsoft Outlook servers, and not from our device ISP provider.

We can also see that Mail.App can continue accession the ZCS server with no issues:

  23.23.23.23:51889 - zimbra.io\x5Cadmin [11/Feb/2015:10:17:29 -0500]  
 "POST /Microsoft-Server-ActiveSync?User=admin&DeviceId=M92PFITKBD0S14XXXXXXXXXXXX&DeviceType=iPad&Cmd=Sync 
 HTTP/1.1" 200 357 "-" "Apple-iPad2C5/1202.466" "127.0.1.1:8443"

Related Bugs/RFE's

Identified Support/Known Issues

Verified Against: Zimbra Collaboration Suite 8.8, 8.7, 8.6 Date Created: 02/11/2015
Article ID: https://wiki.zimbra.com/index.php?title=Blocking_the_Outlook_Mobile_App_for_iOS_and_Android Date Modified: 2017-09-14



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search