find /opt/zimbra ! -type l -ls |grep rw.rw.rw
you will find a lot of files with -rw-rw-rw and directories with drwxrwxrwx.
That is not very secure.
Even /opt/zimbra is 755, so every user logged into the zimbra box can do nasty things like removing or altering mail messages.
I guess, for now the box should be admin-only.
Are there any plans to tighten the file/directory rights?