You still have to update the OS or whatever you're running the mailserver on. You have to make sure it's not compromised nor DDosed, it doesn't run out of space, it doesn't crash or get stuck for whatever reason, etc etc.
Updating the OS... usually a fairly rare occurence again, kernel vulnerabilities that affect you with minimal services exposed are quite rare, most vulnerabilities are local escalations and such which wouldn't affect just a mail server. When was the last remote root exploit in the linux kernel? Maybe SSH which would be the only other thing you might run... Neither is within my memory. I suspect these would be ever less frequent than mail service updates, if ever.
As for the rest those aren't really issues you need to actively watch, you'll just know when something goes wrong to take a look. I can't see running out of disk with just a mail service, crashes are... never and compromise/DDoS isn't really a risk if you secure it properly to begin with and update it that once every few years. It's really very hands off if you're not running any other services and just review the vulnerabilities.
I'm guessing this is even less of a problem for most of us though because I and probably many others around here already run a personal dev server which is kept up to date regularly, so I was speaking simply to adding mail functionality to an existing system previously.
> I and probably many others around here already run a personal dev server
Oh yeah, me too, and tbh it's enough of a pain already without having to deal with mail, spam and the likes.
There is a reason that companies like Heroku exist and prosper; it's the same reason personal mail servers never saw mass-adoption, despite being one of the first things you could do on the internet. The anecdote that you find it easier than most doesn't change the reality of the matter.
I just don't understand where the difficulty some people have in mind comes from so I'm trying to understand it better. You don't have to be bleeding edge to be secure against remote attacks, most of the configuration is trivial, I think more people would do it if it wasn't made out to be such a difficult thing for no real reason.
Maybe if someone made an integrated mail server it'd be more common.
> I just don't understand where the difficulty some people have in mind comes from so I'm trying to understand it better.
It's a pain in the ass from time to time, especially if you don't administer Linux boxes for a living. I've been running my own MTA for well over a decade, and have dealt with every one of the issues cited by the other people responding to you in this thread, as well as most cited by other people discussing this article in general, and a few (such as the advent of deliverability/spam-fighting tools like DKIM and DMARC) which I haven't seen anyone else mention. I haven't kept close track, but I'd say it's cost me altogether somewhere between one and two weeks of time over the years - and that doesn't count initial setup, because I did that back before you could just pick any of a dozen HOWTOs that'd take you through the whole process end-to-end.
For me, and apparently also for you, that tradeoff is worthwhile. (For me, not least because the amount of effort required has gone nearly to zero in the past few years. If that weren't true, I'm not sure I'd feel the same way.) For a lot of people, that tradeoff makes less sense than spending about the same, or a bit more, money, in order to have their mail infrastructure looked after by professionals who do it for a living. Granted, they have to deal with risks that we don't, like Google's habit of surprising its users with rather stupid UI changes, only some of which fail to last. But we have to deal with risks that they don't, too. We prefer control to convenience and are willing to spend time and effort to get the result we want, and that's okay. Others prefer convenience to control and would rather spend money to get the result they want, and that's okay, too. Different people have different needs.
If that's still confusing, I don't really know what to tell you. Sorry.
E-mail deliverability is one of my top concerns, and I don't trust myself to handle it as well or better than the experts working on Google's email platform. SPF, DKIM, DMARC etc. are fairly basic concepts to learn but I wouldn't call myself an expert in their implementation by any stretch of the imagination. That's to say nothing of the non-standard oddities that pop up with deliverability to certain networks, ISPs, etc. that require ongoing attention and that I don't want to have to deal with.
If you are willing to deal with the occasional hiccup and learn about the odd issue as it comes up, the above is not really a huge concern. But if you are like me and would give up a lot to avoid the horror of realizing some email(s) have not gone through at the worst possible time (i.e. on the day of an important business deadline, with no time to troubleshoot the root cause), entrusting your mail to a platform like Google or FastMail is a must.
The "tinkerer" aspect of me would like to run my own mail server and would enjoy knowing that it's fully within my control and configured exactly the way I want it. The pragmatist in me says, "No way!"
Again, Docker isn't magic.