TL:DR It's a mail server in a small box. Mfg claims its V. secure. BS detector red linning.
I can think of a way to
Take the source for a mature Linux distro.
Strip every module out that's not directly needed to carry out this task. No apps included "just in case." No language processors. Include secure update facilities
Run every remaining module through source code analysis tools to identify latent bugs and insecure coding practices. Fix them and re run the tools.
Put the source code up on a site and offer generous bug bounties. Leave it for some months. Scour the internet for every possible exploit of those applications. Start work on the server side of your secure updates system.
While you're doing ind the most up to date minimal tool chain you can find and run it through the same tools.
Compile the tool change with the most minimal possible compiler. Then re-build them with full versions of the tools to get an efficient tool chain.
Now build the code and put it into the hardware.
Run all the known exploits against the code base in situ. Log any that failed then re-write to eliminate all of them. After the code has been up on the site for 3-6 months take any reported bugs and add them into the re-write process.
Re-run the code analysis tools on the source code. Drive out any further bugs found. Re-build the code, Assuming all tests are passed and all current exploits fail to penetrate ship the hardware with the current executable.
It's a long winded process and it's not cheap. It will significantly reduce the available attack surface for an attacker but it does not guarantee unconditional security for all time.
Now who thinks anyone is going to do this IRL?
Security is a process, not an event. And if you want to be a serious player IE nation state resistant security (like privacy) is pretty f**king hard to do properly.