I have currently set up a 5RC1 zimbra pair of servers. On being a ldap master and the other replicating. Each have the same services install (everything except proxy).

What I would want to do is to only allow access to the the admin console (port 7071) on the master ldap server. I can block connections with iptables simply enough but I would like to disable the service on the replica mailstore host as this would be the public server and I don't want anybody accessing the console service on that server. My understanding is that the console comes bundled with the mailstore package and haven't seen how to disable it from running.

Is this possible? Is there a security guide available?