At a minimum, I would set it up to use port 587. Then block via firewall all the email ports other than port 25 all countries from which you will not be using the server.
Keep the attack surface small. For example don't provide for web based email. Original Message From: postmas...@wsly.de Sent: November 25, 2019 5:48 PM To: postfix-users@postfix.org Subject: how to setup a privacy oriented mailserver Hi community, I finally got a domain from registrar, if I want to run a privacy oriented mail server, what steps should I take? For example, setup SSL over all, SPF, DKIM, DMARC, DNSSec, DoH, encrypted storage, app special pasword, secondary authentication? Is there any guide for it? Thanks in advance. regards.