Study: Improving Security in Corporate (SMTP) E-Mail Delivery

When I started working at my current job as information security analyst, I found that there were several problems with the configuration of Internet services (e-mail, web, DNS, etc.) in regard to security. The Internet servers were not hardened either at the operating system or the application level, the systems were all located on the internal network (not in a DMZ), and there were implementation details that allowed certain Internet traffic to bypass security controls that were in place. For this case study, I will examine one of these Internet services, e-mail over SMTP (Simple Mail Transfer Protocol), and what was done to improve the security of that system.