If you didn’t specifically open ports on your router, you’re starting off pretty well. Now software on the Fedora box could be reaching out to the internet opening ports, possibly misconfigured, but that’s a much smaller attack surface.
That’s a great thread. That’s why you don’t want to host your own email. Well, if you’re planning to use it as a daily driver for an extended period of time. There’s guys who are out there with basically just managing that process as their full time job. (Not really, but almost — when does a hobbyist have that kind of free time?). You know there’s things like shinobi and private Servers that would likely see your server responding to port 25 in a few hours and it’s going to be game on for how good your security practices have been. I don’t want to expose my internal network to that as I’ll likely have file servers not too far off with security practices that are intended to be behind a firewall. But hey, if the guy wants to do it, he can.
Also of note which may be mentioned elsewhere-without business class service at your location, most ISP’s block mail, http and other ports at their side, so you’re dead in the water anyway.
Headscale/nebula server. Something In the cloud to help NAT punch — nginx reverse proxy. I’m looking to leverage my home servers as if they were in the cloud for as little as possible.