I don´t see any advantages concerning security of the proposed design (Assuming your Mailserver is inside your network and controlled by your staff).
The mailflow between the client and the Universal Server remains unencrypted. Instead of the mailserver admin the Universal Server Admin will have the option to read all your mail in cleartext if he wants to.
In my opinion encrypting mail on the client-side is the only way to get a higher level of security in that szenario.
Besides publishing an internally placed WebMessenger Server is a no-go. The WebMessenger Server should always be placed outside your corporates border (In the DMZ for example).
So if you use internal placement I´d always recommend to create a cluster-node in the DMZ which offers the WebMessenger service.