[graffiti]

I install phpldapadmin to the same machine where Zimbra-LDAP is installed and I can use it to see all Zimbra stuff in ldap anonymously.

I didnt mean to say Postfix needs binding just because it can see ldap data. What I meant to say is in order to secure Zimbra, we need disallow AnonymousBind in slapd.conf and therefore, we must change Postfix configuration because currently Postfix uses anonymous binding.

Another security concern is about chrooting zimbra. Can I chroot Postfix, MySQL, Tomcat, OpenLDAp, i.e, put each of them in their own jail? If that's not possible, can we chroot and set /opt/zimbra as their new root? I may hack myself but it would be great if Zimbra ships this feature by default.


-g