In fact, Bitlocker is part of the guidance for the Exchange Preferred Architecture, the “ideal world” scenario Microsoft lays out if you want a bulletproof Exchange deployment that exploits all the strengths and mitigates all the weaknesses of the product. Set up Bitlocker in Windows Server to encrypt the whole drive and be done with it — it is a two-step process. (Don’t lose your backup encryption keys, though.)
Create transport rules with Transport Layer Security (TLS)
The secure Exchange deployment mandates the use of TLS for security during transmissions. TLS is the equivalent of HTTPS and SSL for mail transmissions, resulting in the encryption of the entire data transmission portion of an SMTP conversation between mail servers. When an e-mail is sent, both the mail servers involved in the transaction exchange certificates and then agree to talk on an encrypted channel, and the message headers, body, and any attachments travel across that secure channel.
Most SMTP servers these days support opportunistic TLS, meaning that they will try to use TLS by default when contacting remote mail servers and also when accepting inbound mail to users homed in their organization sent from outside, but they will fall back to traditional clear text insecure SMTP if the other party does not support TLS.