This is a question that often goes ignored by companies looking to purchase a new email server. At first it doesn't exactly appear to be an email security-related question. But where will the server sit within your architecture? Is this going to be strictly an internal email server or will it interact heavily with the outside world? If it's an external email server, which it likely is, then you need to consider placement on your network. Will it sit in the DMZ? Are you going to protect it with access control lists on the router or with a firewall?
Consider the full installation of your email server in the context of the security you need to provide for the server. If we address email security within this project right from the start, we have a better chance of implementing complete security. Never make security a second priority or there's a good chance the security for your new email server will be inadequate.
This was first published in April 2008