The "general" rule is to a a three-tier-architecture.
This is typically suited for web-servers with dynamic content and a database backend.
First Tier: Frontend - Webserver - in your case - public IP
Second Tier: This is where the work gets done - Application-Server - in your case: e-Mailserver
Third Tier: Database - in your case propable storage groups for the mailserver.
In your case the frist tier can contain a load-balancer, a web-application-firewall or just a dedicated firewall.
