defaults and security

**ninehrcoma** · 11-28-2006, 01:07 PM

Hi, recently installed the open source version of Zimbra on CentOS and like the interface. Performance hasn't been a problem, but we haven't done perf testing as of yet to see where it strains.

On another note, I noticed a couple of things that seem odd.

-Postfix is configured to give out it's default smtp banner.
-Any mistyping in the url will show you an error page that tells you Apache Tomcat/5.5.15 is running instead of a page-not-found or page missing message.
-A head request on the url tells you that Apache-Coyote/1.1 is running.
-Requests to pop3/110 let's us know that the Zimbra POP3 server is ready.
etc..

Will be doing some digging to evaluate the security of the application/s before we decide to purchase. Just curious what measures have been taken to secure the install?

Thanks.

**phoenix** · 11-28-2006, 01:38 PM

Perhaps you could elaborate on what type of security you're talking about?

**ninehrcoma** · 11-28-2006, 02:06 PM

Literally the security of the application, Zimbra.

Additionally, what other measures are in place to ensure the underlying applications are configured in a secure manner?

Zimbra

Thread: defaults and security

LinkBack

Thread Tools

Search Thread

Display

defaults and security

Thread Information

Users Browsing this Thread

Posting Permissions