Blocking the Outlook Mobile App for iOS and Android
Article Information |
---|
This article applies to the following ZCS versions. |
Blocking the Outlook Mobile App for iOS and Android
In February 2015, Microsoft release the Outlook Mobile app for iOS and Android. Previously Acompli, the Outlook Mobile App came with a lot of security issues and some companies expressed concerned about it:
- http://windowsitpro.com/blog/do-ex-acompli-now-outlook-clients-really-compromise-security-or-everyone-overreacting
- http://windowsitpro.com/blog/worried-about-security-and-privacy-outlook-ios-and-android-heres-your-chance-debate-issues
- http://securityaffairs.co/wordpress/33059/hacking/ios-outlook-app-issues.html
- [1]
Blocking the Outlook Mobile App with the Proxy service
If we are running Zimbra with the Proxy service, we can block the Outlook Mobile App editing the next commands (these changes will survive a restart of the services, but not an upgrade)
Edit the HTTP Nginx template:
vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template
And add the next content when the server starts:
# HTTP Proxy Default Configuration # server { if ($http_user_agent ~ (Outlook-iOS-Android) ) { return 403; }
Edit the HTTPS Nginx template:
vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template
And add the next content when the server starts:
# HTTPS Proxy Default Configuration # server { if ($http_user_agent ~ (Outlook-iOS-Android) ) { return 403; }
Like user zimbra, restart Zimbra services to apply the changes:
zmcontrol restart
Testing the changes
Once the Zimbra server is up, we can go to our devices and open the Mail.app in iOS and send to us a email, we will see it. If we open the Outlook Mobile App, we will not sync Mail, Contacts, or Calendar, anymore.
Log trace
In the Logs we can see the attempts of access since the Outlook Mobile App and the 403 error like this:
54.187.102.116:55301 - zimbra.io\x5Cadmin [11/Feb/2015:10:16:42 -0500] "POST /Microsoft-Server-ActiveSync?User=zimbra.io%5Cadmin&DeviceId=215CD17123FC80C2&DeviceType=Outlook&Cmd=Sync HTTP/1.1" 403 310 "-" "Outlook-iOS-Android/1.0" "-"
AS we can see, the IP 54.187.102.116, is from the Outlook servers, and not from our device ISP provider.
And see the Log from the Mail.app accesing without problem:
23.23.23.23:51889 - zimbra.io\x5Cadmin [11/Feb/2015:10:17:29 -0500] "POST /Microsoft-Server-ActiveSync?User=admin&DeviceId=M92PFITKBD0S14XXXXXXXXXXXX&DeviceType=iPad&Cmd=Sync HTTP/1.1" 200 357 "-" "Apple-iPad2C5/1202.466" "127.0.1.1:8443"
Identified Support/Known Issues