Last week our ISM sent me vulnerability report of zimbra server and they found below points which needs to be address..
1. "Deprecated SSL Protocol Usage - The remote service encrypts traffic using a protocol with known weaknesses"
2. Weak Supported SSL Ciphers Suites
3. Web Server Uses Plain Text Authentication Forms
4. "Remote DNS Resolver Uses Non-Random Ports - The remote name resolver (or the server it uses upstream) may be vulnerable
to DNS cache poisoning.
5. LDAP allows null bases