secure boundary services with a Mac Mini?

Hi,
I have a Mac Mini with Yosemite. I want to host my own web and mail services for my business . I am thinking of establishing another Mac Mini in a DMZ to act as an SMTP relay, possibly also as a web server, and what do you think a VPN termination point too?

on my network I would have a Mac Mini running internal mail, In my mind users outbound mail would route to the Mac mini in the DMZ and then be routed out to the destination. Inbound would be received by the DMZ Mac Mini and routed to the internal mail server. This way I don't expose any internal system to the web.

Is this practical with Mac Mail servers and are there any constraints I may need to understand - Can I, for-example, share calendars or address books with mobile devices in this configuration? or would I need to provide a VPN on my mobile devices that could then 'extend' LAN services to them?

I haven't done much on the Mac to be honest so any advice, config notes, etc would be very welcome and greatly appreciated,
Thanks,
Sam

 

I guess my business is small and I would usually build a more robust capability in a DC should I need to. However, I want to enable a smaller footprint this time and retain control of my mail etc. The function of the DMZ server was really to avoid exposing my internal systems directly to the internet. I felt that I could reduce my attack footprint by only enabling SMTP between the inner and outer Mac Minis and also by just allowing a time, user, and MAC address access to the Mac Mini for when i need to update the website on it or do admin to the mail system.

I just cannot seem to find anyone who can help me configure the Mac Mini to be an outbound mail relay point only for an approved domain.

All help appreciated,
Sam