We recently migrated from our old server, mail-1.colo.company.com (company.com used as john doe eq) to our new server in our new colo, mail-101.colo.company.com. With our old server, we had webmail.company.com pointed to it with a matching certificate and everthing. It worked great. Then after the migration, it all worked great except once you connected to webmail.company.com, it would redirect you to mail-101.colo.company.com which is not an externally-accessible DNS name for our company.
I contacted Zimbra support and we worked through a lot of the settings and everything looked good. Ultimately the solution was this:
zmlocalconfig | grep zimbra_auth_always_send_refer
If it is set to "true", let's set it to false;
zmlocalconfig -e zimbra_auth_always_send_refer=false
Problem solved, yay! I couldn't find this anywhere so I hope this brief note helps someone out.