• Hi, i was unable to find any solution for Zimbra - Z-Push user restriction, so i want to share my solution to this problem.
    I have taken a bit of code from this old post, modified it to handle the CIDR restriction, to avoid file spam, and, instead of using function check on every request type, moved it to the backend Logon() function.
    If anyone interested, details i posted in my blog

  • Another possibility is to use LDAP authentication on the z-push apache server. This would prevent z-push from interacting with the zimbra webmail for all unauthenticated sessions. You can add fail2ban, or similar method to greylist/blacklist ip addresses that are repeatedly getting bad logons - you can see the discussion here - https://forum.kopano.io/topic/682/z-push-behind-basic-authentication/10