Recently I decided to install the zimbra open source edition on a virtual machine at home. I gave it a good administrator password during installation, will be setting up a firewall, and set zimbra to always redirect users to the https page, so the client connections are always encrypted.

As far as security goes, is there anything else that I'm missing that I should do before I let clients connect to my zimbra server over the internet?
I realize that security is a huge topic, but I'm just wondering if there is anything obvious that I am missing that must be done before a nearly default install of zimbra can be opened to the internet.

PS. I have already run tests to see if it actually works, and I can send and receive email without a problem from gmail, so I'm not worried about functionality here - only security.