As far as your users are concerned, there are three things to configure to send and receive email. Of course, if they're using a web client, like the very fully-functional Zimbra interface, these are not an issue but standard Outlook, Thunderbird and many smart phones require at least two of these three protocols be configured.
POP3 - Defined in RFC 1939 and extensions in RFC 2449.
POP3 is typically used in environments where users download their email to a local client for review. This was the standard in the early days of email, but IMAP is more frequently used now.
You'd want to use POP3 if you have storage issues on the mail server and would prefer to not store all user's email on it. You'll want to think about the fact that you will often not keep messages on the server, and so backups will have to be kept client side and unless you have a separate email archiving service you'll lose many of the benefits of tracing messages, etc that keeping messages server side offers.
IMAP - Defined in RFC 3501.
IMAP is the most common way to deliver messages to email clients nowadays. With the "always on" nature of email, it's not uncommon to have users connecting from multiple clients throughout the day. Their office PC, cell phone and home computer all should have the same data available at all times. This is where IMAP shines.
You'll have to consider mailbox restrictions and/or storage requirements of your environment if you choose to use IMAP sine all emails will be stored server side, but backups, single instancing, and mailbox provisioning rules can all mitigate these issues.
SMTP - Defined in RFC 821 and extended in RFC 2821.
SMTP Is how you will send email. It's how servers communicate email messages between them, but also how users send to the server. If you have offsite users you'll need to consider this if you decide to lock down SMTP ports on your firewall, but you can often just NAT another port to port 25 on your mail server if you decide to do that. This of course does not prevent you from having to have other precautions in place, but it does mean than any intruder would have to complete a port scan before finding your assigned SMTP port.
All of these protocols offer session based encryption, and I highly recommend using it. SSL/TLS are often as simple on the client as checking a checkbox nowadays, and the additional configuration on the server side is minimal in comparison with the benefits. Enabling encryption will often change the default ports you connect on as well. Sometimes this can be used to work around ISPs that block port 25 as well.
