Zimbra Gurus,

I've been trying to fine tune the security on my server and I notice opens _a lot_ of ports.. most of which are either used only by zimbra, or are redirected via iptables..

Here is my list of ports opened by Zimbra..


Port State Service
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
143/tcp open imap2
389/tcp open ldap
443/tcp open https
993/tcp open imaps
995/tcp open pop3s
3310/tcp open unknown
3784/tcp open unknown
7025/tcp open unknown
7070/tcp open realserver
7071/tcp open unknown
7075/tcp open unknown
7110/tcp open unknown
7143/tcp open unknown
7389/tcp open unknown
7443/tcp open unknown
7993/tcp open unknown
7995/tcp open unknown
8009/tcp open ajp13

My question is.. Can I bind everything that's not actually serving data to the internet to localhost? Does LDAP really need to be open to the world? At the very least, could I block access to these ports via iptables? Do the 70** addresses need to be available to the public, or does the iptables redirect act as a proxy?

What ports does the web application connect to?