I'll enumerate below a suite of guides I've followed to setup a Ubuntu server:

* https://www.informaticar.net/security-hardening-ubuntu-20-04
* https://linuxize.com/post/secure-nginx-with-let-s-encrypt-on-ubuntu-20-04/
* https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu
* https://www.linuxbabe.com/ubuntu/automatic-security-update-unattended-upgrades-ubuntu
* https://www.linuxbabe.com/security/harden-ssh-server
* https://www.linuxbabe.com/mail-server/host-multiple-mail-domains-in-postfixadmin
* https://www.linuxbabe.com/mail-server/block-email-spam-postfix
* https://www.linuxbabe.com/mail-server/block-email-spam-check-header-body-with-postfix-spamassassin
* https://www.linuxbabe.com/mail-server/opendmarc-postfix-ubuntu
* https://www.linuxbabe.com/mail-server/microsoft-outlook-ip-blacklist
* https://www.linuxbabe.com/security/10-steps-in-application-security-assessment

Optional:

* https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
* https://www.linuxbabe.com/ubuntu/set-up-local-dns-resolver-ubuntu-20-04-bind9

Notes:

* For https://www.linuxbabe.com/mail-server/postfixadmin-create-virtual-mailboxes-ubuntu-20-04 I had to use part of https://linuxize.com/post/set-up-an-email-server-with-postfixadmin/ because I'm using PHP 8.0.
* I also had to download and install the latest version of `postfixadmin` from https://packages.ubuntu.com/impish/all/postfixadmin/download
* This command **might** need to be run every 3 months to renew and merge certificates for multiple mail domains:
```bash
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email you@example.com
```

# Upgrade tasks

* compile the ModSecurity module for Nginx on a new version using https://www.linuxbabe.com/security/modsecurity-nginx-debian-ubuntu#upgrading-nginx
* download https://github.com/coreruleset/coreruleset/releases and update Nginx rules