Zimbra offers an awesome Open Source collaboration suite. EC2 is an awesome compute cloud service. The points I learned and did while deploying Zimbra on EC2.

1. Zimbra on Ubuntu is supported on Hardy (8.04), but not newer. Install only if you want an adventure. I didn’t want an adventure, and I love Hardy.
2. Hardy EBS backed image was not available on Amazon (by today) So, I did this, and got things ready. (If you want the AMI, let me know. I can share the same with you.)
3. Download Zimbra Ubuntu package, unpack stuff and … wait.
4. Zimbra uses LDAP for maintaining user registry, so, you need to know that Zimbra is going to install LDAP for you.
5. But, LDAP has a weird habit of checking for host over DNS even if you install the LDAP server on same machine AND editing /etc/hosts file do not suffice.
6. So, you need few entries in your DNS.
   1. MX Entry for your website. (MX entry tells which server will handle mails for that particular domain)
   2. A Entry for your MX server. (that particular mail server should be resolved to an IP)
7. This should solve your problems if your servers are connected to internet, but most of time, they do not. They will be behind a firewall, and they will have LAN IPs which won’t be same as your public IPs, and your server might not even know that it has a public IP (server will just know natted IP). This is just the case with EC2.
8. So, now you need to configure a DNS server on your LAN to do the work for you. Follow this tutorial on how to create zones. It will help you to create proper entries on your Bind server.
9. Confirm that your Bind server is working by doing. Replace example.com and mail.example.com with appropriate domain names.
   • dig @localhost example.com MX  - to see your server’s MX record
   • dig @localhost mail.example.com A - to see your mail server’s A record
10. Once, local DNS is configured. Add an entry to your /etc/resolv.conf and also add mail.example.com xxx.xxx.xxx.xxx to your /etc/hosts. Replace domain and IP appropriately.
11. Now, you can continue with installation of Zimbra. Just start the installation. And follow the steps. Zimbra installation, by itself is a fairly simple process.
12. During the installation process, Zimbra will think that mail.example.com is the domain for which you are installing, and try to check MX record for it. As, we do not want email for our mail server (we dont want mail@mail.example.com, rather we want mail@example.com), we didn’t not create any MX entries for for mail.example.com. So, Zimbra will fail to check for MX record of mail.example.com and ask whether you want to change it. Now, change it to example.com
13. And, finish installation.
14. Last and important, goto your AWS console, Security Groups, and enable SMTP, SMTPS (IMAP, IMAPS, POP3, POP3S ports if needed)

Now, as you are on EC2, there are some issues, you are going to face.

1. EC2 doesn’t support reverse DNS, which means, your example.com will resolve to Amazon IP, but that amazon IP when nslookup’ed on, will return something like ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com rather than example.com. There is no way of changing this as of now. LittleScrewed.
2. That means, some mail servers might not accept your mails, thinking that your spamming. Screwed.
3. EC2 has very bad limit on sending outgoing emails from its SMTP ports. I got an email from EC2 abuse for sending 10 emails. Totally Screwed.

But, as light at end of the tunnel, there are few things you can do.

• You can use an external SMTP service to send email. For that you have to configure your MTA ie., Postfix here, to relay emails using that external SMTP service. Of course, the a reliable external SMTP service will add some weight to your bill.
• Configure a proper SPF on your DNS and pray that all mail servers accept your email.
• Rather than going for external SMTP, you can configure SPF and request Amazon to increate your email limit and hope they approve.

But, because bad things always happen, few mail servers like my employers, throw you a 554 code when reverse DNS fail for your IP. Logically speaking, things should work when proper SPF is configured, but, this is practical world. Things are always beyond the control of standards. If you are an IE user, you would never know this.