We had a security audit done on our external IPs, and the only thing it saw from Zimbra was the following:
Tenable Network Security
Which says that the web server reveals the internal IP in the headers. I had to check to make sure (especially since I upgraded to 5.0.9 right after he did the audit) and got the following response:
I don't really see this as a problem, but I'd change it if I can. If only to make the auditors happy. I saw some references to potentially editing my /opt/zimbra/conf/httpd.conf file, but I try to make as few changes as I can to ZCS's config files by hand.
# telnet mail.domain.com 80
Connected to mail.domain.com.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 302 Found
I'd assume that someone else will see this at some point, and the SOX people will probably want an answer. Is there a way to fix this without hand-editing configs? Not that I won't, just that I don't want to have to add to my list of customizations for every time I upgrade Zimbra if I can avoid it.