Zimbra + mod_proxy

[greybrimstone]

Hi Guys,
First I wanted to say awesome product! Second, I need help so I'm here to get it. I have Zimbra installed and working perfectly but I want to put it behind a reverse proxy server. The server is running ubuntu linux with apache and mod_proxy. Once I get it working I am going to enable mod_security and we'll be ready to rumble.

That said, the reverse proxy doesn't work properly. When I attempt to read email from a proxied connection I get communications errors upon clicking on the email. Then when I take a look at the log files I see:

172.16.15.82 - - [04/Mar/2009:20:20:02 -0500] "POST /service/soap/ModifyPrefsRequest HTTP/1.1" 503 437 "http://suck.netragard.com/" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us)
AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1"

So, every time there is a post, the error is generated. Can anyone give me any help on how to solve this? Does anyone have a working mod_proxy + Apache2 config that they could show me? Thanks much in advace!

[Klug]

Welcome to the forum.

Everything is in the wiki...
Zimbra with Apache using mod jk - mod proxy - mod proxy ajp - Zimbra :: Wiki

[greybrimstone]

Also, is there a list of vulnerabilities anywhere out there for Zimbra? Or some sort of advisory database or maling list that we can monitor?

[Klug]

Any vulnerability found is posted to the forum (in the "Announcements").

[greybrimstone]

Ok thats good. Thanks much for the quick responses. Does Zimbra use parameterized stored proceedures for its queries? Have there ever been any SQL Injection vulnerabilities or XSS issues discovered? Whats done to keep it safe? Do you follow the OWASP standards?