This is a hill to die on so take the following as advice only. Everyone has reasons beyond the ability of a community forum post to convey why mail must stay internal. You may have regulatory, compliance, or other reasons for hosting internally. For this, I understand and respect your decision. If this is the case, then an on prem solution is warranted. This I can not argue or debate.
With the preamble out of the way, I will offer two alternatives.
If you must stick with an on prem solution, take a look at Kerio Connect. It will be an improvement on Apple's solution, supports an Exchange emulator if you need to provide contact and calendars in addition to mail, offers virus protection, and has an Open Directory schema extension to allow you to integrate into OD for users and passwords. It is generally very solid and for years (quite a few ago) was our go to offering for customers.
If on prem hosting is not based on concrete requirements, I encourage you to look at O365 (and maybe Google but I prefer O365). O365 offers very flexible licensing options that start at $5 a user per month. Plus the Shared Mailbox feature for indefinite archiving of separated employees is worth its weight in gold (free gold) if you have to retain data for 7 years. All the hard work is handled for you by Microsoft and you get the Office Suite included (at $12.50 a month) plus OneDrive, SharePoint/Teams Groups, Teams, and OneNote. In the world of subscription software, Microsoft is the one company offering a great product at a great price and they keep adding useful enhancements that benefit Mac users. Higher levels are available so you can grow with the product, all the way up to E5 and Intune, conditional access, and even Defender.
Moving to an externally hosted solution removes most of the single points of failure you have with a self hosted solution. For example, that single power supply Mac running mail (likely on a non-raided disk) is likely on a single switch, a single firewall, and a single Internet connection. Between the Mail server and the sender there are many points of failure that can easily make for a bad day for you. And while no service is infallible, O365 if highly redundant and maintained by an entire legion of technicians. And as mentioned above, it offers so many more features than Apple's IMAP, CalDAV, CardDAV collection.
I hope this helps. Again, I do not know your environment. On prem may be a requirement. But on prem on macOS with open source products is an exercise in pain and suffering. And remember, I am the guy who loves Apple servers. I just am not the guy who loves Apple's groupware solutions. Ever. And sadly, I go back to ASIP and the mail service included with that (as a shudder runs down my spine).
Reid
Member of Apple Consultants Network
