What is your mail server. Depending on the server you are using and how it is setup you will have different ways of securing it.
Are you using hosting or in house mail server?
What authentication method(s) are you using for authentication (outgoing SMTP auth)?
You should be able to configure your mail server to only accept mail from your local users, but that does not usually help with "remote users". You would than create a rule for your VPN IPs. And for anyone else, @ home for example, wanting to get their e.mail and not VPN in to the company... Webmail over a secure pipe (SSL or HTTPS)...
All of these features and more should be part of any standard Mail Server...