> Now my mailserver is running a database (Redis) which is required to run rspamd, which is required to implement DKIM, without which I cannot send mail to yahoo.com addresses. True story.
I have DKIM set up just fine without running Redis or rspamd so this part is purely down to your choices.
> Speaking of letsencrypt
Let's Encrypt is a website/service. There are many clients and you can write your own. At some point Let's encrypt will need to verify that you control the domain so you will need to be able to either host something via HTTP or have sufficient dynamic control over the DNS server. Neither DNS nor HTTP needs to be hosted on the same host as your mail server though.
I have DKIM set up just fine without running Redis or rspamd so this part is purely down to your choices.
> Speaking of letsencrypt
Let's Encrypt is a website/service. There are many clients and you can write your own. At some point Let's encrypt will need to verify that you control the domain so you will need to be able to either host something via HTTP or have sufficient dynamic control over the DNS server. Neither DNS nor HTTP needs to be hosted on the same host as your mail server though.