Hello, Bill. I had the same concern a few years ago.
I have been self-hosting for more than a decade, and more recently, I built this: https://github.com/progmaticltd/homebox This is oriented towards security and privacy, and include defence mechanisms against remote and physical intrusion. - All daemons are protected by AppArmor. - The main drive is fully encrypted using LUKS, unlock with a Yubikey locally or remotely using SSH. - Implementation of latest standards, like DNSSEC, SSHFP, MTA-STS, etc... - Encrypted remote or local backups with borg, with jabber alerts. - Everything coming from Debian repositories. - Some bonus features, like Jabber, RoundCube, Zabbix, SOGo, gogs, transmission, etc. One feature you may find particularly useful, is a monthly report with all the accesses, by country, ISP, hours: https://homebox.readthedocs.io/en/dev/access-reports/ Real time alerts and/or blocking if you connect from a blacklisted IP and various parameters. Everything is tested using continuous integration with a Jenkins server. It is on Debian Stretch for now, but we will provide a buster version next year. I am currently working on a way to provide static IP address if you do not have one... Enjoy! Kind regards, André On Tue, 2019-11-26 at 00:48 -0500, Bill Cole wrote:
On 25 Nov 2019, at 22:53, lists wrote: > Security is privacy. More precisely: Security includes privacy. Privacy is an essential *PART OF* security. The remit requested by the OP is really too broad to answer on a public mailing list intended for discussion of a specific MTA (even though Postfix would be a likely component...) because it could have very different answers depending on the specific needs of a site and issues like scale, threat model, risk tolerances, and available resources.