Question: Are your clients new enough that you could get by with _only_ activesync and you don't need mapi? (hint: if only outlook 2013 and mobile devices will be used, you're golden)
then I would not do zimbra. These linux distros for this kind of thing are almost universally bad. I had high hopes for openchange.. but... well.. let's not go there.
I very recently did a deep dive with postfix, lucene, kolab, activesync, mysql and a bunch of other glue and it worked out really well. Actually, I don't know if I've leveled up a bunch in server admin or what (lol, nope -- thanks package maintainers) because I was basically able to do almost everything without really doing much other than reading the docs. So far it has been rock solid and stable.
I added on clamav and some postfix extensions like greylisting and realtime dns stuff to help cut back on spam and my god I don't think I've had a better mail server.
I then setup another one for tek that is basically the same, and we've been using it internally, and love it.
We have full calendar, contacts and email sync to a fully open backend _on debian_ so I am not worried about patches, forward compatibility and all that.
P.s. zimbra charges for your mapi connectivity and gimps activesync last I checked.
p.p.s it also has imap for a fallback for those clients. imap is dead to me though lol.
p.p.p.s. and for the paranoid it is trivial to put your message store on an encrypted file system so if someone snapshots your vm, unless they also snapshot ram, they're boned to decrypt your message store. Did I mention debian? Debian. apt-get your way to happiness and sanity.
p.p.p.p.s you pretty much have to buy a real SSL cert though so you can do SSL all over the place with smtp and imap and https and blah blah blah. Perhaps our readers can give us a run down of places to get free or insanely cheap SSL certs?