The way you stated the question I believe is confusing. A pinhole is a way to connect a subsection of your network to another subsection that otherwise would not be accessible. For example, the web server on the orange network could communicate with the Raspberry PI in the green (e.g. sending logs to it) when normally it would not be allowed to do it by the firewall.
What you are talking about when you mention having a mail server or a web server or an FTP server on the PI accessible from the red interface, it is not simply a pinhole but it means opening that specific network service to the world by doing a destination NAT on its traffic from the firewall to the machine in the green zone, which would be a very bad idea.
Of course you could setup a reverse proxy in the DMZ orange zone, exposed to internet (being the destination of the DNAT of the firewall), and forward the traffic to another server in the PI, in the green zone. That I guess would be a better architecture of the network, but I cannot give any informed opinion on the security of such a layered system. I hope someone more knowledgeable can do that.
A side comment about having a personal mail server, where it is not just the green vs orange the issue. It is 100X more difficult than a web server or an FTP server in so many different ways, especially in the security department, due to the constant abuse by spammers. Even if you do everything right (and there are so many moving parties on setting a mail system that makes everything else a joke in comparison), you will likely have your server blacklisted by everyone just because it is in a residential IP range. You would need to have a mail provider accepting to forward your mail traffic in order to be able to reach your destination.