I found the following entry in the mailbox.log.2010-05-03:
It's my servers IP, i just replaced it with 220.127.116.11.
2010-05-03 22:36:42,943 WARN [btpool0-715]  log - SSL renegotiate denied: java.nio.channels.SocketChannel[connected local=/18.104.22.168:7071 remote=/22.214.171.124:38614]
I have OSSEC installed (as stated in the first post), is there any special advice for ossec+zimbra?
Also do you know how to resolve the well known issue of ntp?
OSSEC HIDS Notification.
2010 May 03 22:39:51
Received From: icons->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
May 3 22:39:50 icons ntpd: can't open /var/lib/ntp/ntp.drift.TEMP: Permission denied
--END OF NOTIFICATION