Difference between revisions of "Blocking the Outlook Mobile App for iOS and Android"

(Log trace)
(Log trace)
Line 50: Line 50:
 
==Log trace==
 
==Log trace==
  
In the logs we can see the access attempts with Outlook Mobile App and the 403 errors [Forbidden] :
+
In the nginx log '''/opt/zimbra/log/nginx.access.log''' we can see the access attempts with Outlook Mobile App and the 403 errors [Forbidden] :
    tail -f /opt/zimbra/log/nginx.access.log
 
 
     54.187.102.116:55301 - zimbra.io\x5Cadmin [11/Feb/2015:10:16:42 -0500]   
 
     54.187.102.116:55301 - zimbra.io\x5Cadmin [11/Feb/2015:10:16:42 -0500]   
 
   "POST /Microsoft-Server-ActiveSync?User=zimbra.io%5Cadmin&DeviceId=215CD17123FC80C2&DeviceType=Outlook&Cmd=Sync  
 
   "POST /Microsoft-Server-ActiveSync?User=zimbra.io%5Cadmin&DeviceId=215CD17123FC80C2&DeviceType=Outlook&Cmd=Sync  

Revision as of 16:18, 11 February 2015

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 8.6 Article ZCS 8.6ZCS 8.5 Article ZCS 8.5


Blocking the Outlook Mobile App for iOS and Android

In February 2015, Microsoft release the Outlook Mobile app for iOS and Android. Previously Acompli, the Outlook Mobile App came with a lot of security issues and some companies expressed concerned about it:

Blocking the Outlook Mobile App with the Proxy service

If we are running Zimbra with the Proxy service, we can block the Outlook Mobile App editing the next commands (these changes will survive a restart of the services, but not an upgrade)

As the zimbra user, you'll edit the following files.

su - zimbra

Edit the HTTP Nginx template:

   vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template

And add the next content when the server starts:

   # HTTP Proxy Default Configuration
   #
   server
   {
       if ($http_user_agent ~ (Outlook-iOS-Android) ) {
       return 403;
   }

Edit the HTTPS Nginx template:

   vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template

And add the next content when the server starts:

   # HTTPS Proxy Default Configuration
   #
   server
   {
       if ($http_user_agent ~ (Outlook-iOS-Android) ) {
       return 403;
   }

Restart the Zimbra services to apply the changes [still as the zimbra user]:

   zmcontrol restart

Log trace

In the nginx log /opt/zimbra/log/nginx.access.log we can see the access attempts with Outlook Mobile App and the 403 errors [Forbidden] :

   54.187.102.116:55301 - zimbra.io\x5Cadmin [11/Feb/2015:10:16:42 -0500]  
  "POST /Microsoft-Server-ActiveSync?User=zimbra.io%5Cadmin&DeviceId=215CD17123FC80C2&DeviceType=Outlook&Cmd=Sync 
  HTTP/1.1" 403 310 "-" "Outlook-iOS-Android/1.0" "-"

We can also see a reference to the IP address of 54.187.102.116, which is the Microsoft Outlook servers, and not from our device ISP provider.

And see the Log from the Mail.app accesing without problem:

  23.23.23.23:51889 - zimbra.io\x5Cadmin [11/Feb/2015:10:17:29 -0500]  
 "POST /Microsoft-Server-ActiveSync?User=admin&DeviceId=M92PFITKBD0S14XXXXXXXXXXXX&DeviceType=iPad&Cmd=Sync 
 HTTP/1.1" 200 357 "-" "Apple-iPad2C5/1202.466" "127.0.1.1:8443"

Related Bugs/RFE's

Identified Support/Known Issues

Verified Against: Zimbra Collaboration Suite 8.6, 8.5 Date Created: 02/11/2015
Article ID: https://wiki.zimbra.com/index.php?title=Blocking_the_Outlook_Mobile_App_for_iOS_and_Android Date Modified: 2015-02-11



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search