08/25/2016 (Thu) 20:19:17
Run minimal, if there is a zero day for one service say apache, but you also host your mail using postfix, depending on the severity of the exploit, your loose your mail security as well.
If your server doesn't need a package to do its job, don't install it. Run minimal for the same reason as above. Once the attacker gets in they'll have more tools to work with the more you install.
Run postfix and dovecot on one server, and httpd on another shut off port 25 143 on the apache server, and depending on your use case shut off port 80, input on the mail server, etc. Run with the minimum number of ports open for each service to operate.
I'm not an expert but these are just feelings about it. I'm not rich enough to host all of my services on different computers but if you are you should.