Once you have an email server installed and functioning, you can't just forget about it. Sure, the email server...
will likely continue functioning for a long time, but how long will it remain secure? New exploits are released every single day for a variety of operating systems and applications. The longer you ignore the server, the greater the chance that you'll miss a critical patch that could improve email security.
Create a plan for maintaining email security. Take into account patching and software updates. Consider how administrators are going connect to the server and administer it in the most secure manner possible. What configuration settings will allow the server to be as secure as possible but still perform as expected? Finally, do you have a specific individual or department that will be responsible for keeping the server secure once it's in place?