Due to the tight connections to the rest of your network, I personally would not put it in a DMZ. Ours resides on our internal network (behind the firewall and a router). The router port-forwards the needed POP/SMTP/IMAP ports from our external IP address to the internal network IP address of that server. Only those ports are reachable from the outside Internet, so it is–by default–more secure than if it were in a DMZ.
Users connecting via VPN are on our internal network, so they can also reach Exchange easily. Plus, we have Outlook Web Access set up on our web server which links to the Exchange server so that users can access their email from the Internet without using POP/IMAP/VPN.