I have been toying with running secure pop and smtp email of late for a few roaming users as well as myself. It has been quite simple to setup running on Postfix and largely moves toward securing the transaction of checking email (other than from a man in the middle attacks, somewhat unlikely).
The beauty is leveraging Stunnel – which allows one to configure your preferred mail server as you wish and simply intercept your secure ports (for example Port 995 for POP3s and 465 for SMTP). This may not be the way to tacke it for the large scale as one can build secure configurations into the mail server – though it has worked nicely on a small scale for me during testing.
A bonus to use of Stunnel is its indifference to what mail server one is running – and its sole dependence fortunately is on OpenSSL – which most of us have by default on our boxes.
Stunnel has a straightforward Man doc and some simple examples that will enable you to test quickly. Obviously insure your mail client handles SSL connections – fairly universal at this point.
I also had a bit of a dated HowTo in my links that serves up a more in-depth example. This article also addresses opening up iptables firewall ports, configuring xinetd and includes IMAP information.
Jump Start Git, 2nd Edition
Visual Studio Code: End-to-End Editing and Debugging Tools for Web Developers