I've been hosting my own email server having 4 domains (one is business-related) for 6 years. I don't have any problems, because I know what I do.
In case it's a help. The stack is: Postfix (SPF-support), Dovecot (Sieve), OpenDKIM, OpenDMARC and rspamd. I also recommend fail2ban, because an open infrastructure is hammered on very often.
Of course TLS is needed, so nginx with acme.sh as combo does the job fine.
Backups are also essential. I like restic. CLI tools are automated very easy.
I don't think, it's much. My setup is very generic, but maybe it's already too overwhelming for some people.
I've been using Sieve on Dovecot (Pidgeonhole) for years and it's great. Earlier I had Procmail, which is fine, too. The only disadvantage is that I'd need to login on my server to edit the rules, while Sieve is directly editable in email clients.
Yes. I selfhost it. It's pretty easy. All you need to know is that you occasionally need to merge your config with the original that is getting updated.
If you know how to use nvim diff mode, it's trivial.
I'm also missing the smart tabular output here, because it's easier to read and allows to inspect the source of the errors. Maybe it's because it's SAS?
Next time, when you make major changes like ZFS upgrade, create a checkpoint and keep it for a while. You can roll back everything, even the pool version.
I personally like to run ZFS on a bare metal server, just the plain OS, no further "NAS" or virtualization software.
I don't really know what your use cases are, so I cannot tell if it's adequate for you.
I only get crap results when using the public SearXNG instances. It's far better when I use my own container.
I didn't notice google results are gone. But I also don't care. If they rely on your metadata to give you results, it's obvious they are violating privacy.
First layer is done by Postscreen (by Postfix). It watches bots misbehaving, check blackhole DNS and disconnects them. Fail2ban takes care of bots who cause errors and warnings in logs and bans them.
Third layer is SPF and DKIM. If it does not match, it's getting flagged.
If someone conforms to protocols and passes the tests, there is still rspamd on the fourth layer. It does zillions of checks on the metadata and additionally learns via bayes. Dovecot moves all the crap to Junk and inserts the valid mails into their proper folders.
The fifth layer is me. If some junk mail arrives in the inbox, I move it to Junk manually and Dovecot tells rspamd to learn it as spam.
... or be able to backup it?