Edge cases have probably slipped past my memory, but back in the day I iused to use qpsmtpd as an incoming SMTP server for processing a decent volume of mail.
As you'll see the core of qpsmtpd was very light but it was very extensible and allowed plugins to make changes/rejections to incoming mail at SMTP-time and that was very useful.
The only specific advice I'd have for you would be to use the SWAKS testing tool for various testing attempts in addition to the golang testing.
You should reject the obvious things (mail without Message-Id:, or Date: headers), you should avoid pipelining clients by dropping connections which start the transaction without waiting for the HELO/EHLO banner you send - which should be "slow".
You should probably also consider greylisting and similar built-in facilities. I found it very useful to automatically temp-fail 100% of incoming SMTP submissions if the system load were high, but that was back in the days when my SMTP server had 1gb of memory so it might be outdated.
Edge cases have probably slipped past my memory, but back in the day I iused to use qpsmtpd as an incoming SMTP server for processing a decent volume of mail.
As you'll see the core of qpsmtpd was very light but it was very extensible and allowed plugins to make changes/rejections to incoming mail at SMTP-time and that was very useful.
These days the project was superseded by https://haraka.github.io/
The only specific advice I'd have for you would be to use the SWAKS testing tool for various testing attempts in addition to the golang testing.
You should reject the obvious things (mail without Message-Id:, or Date: headers), you should avoid pipelining clients by dropping connections which start the transaction without waiting for the HELO/EHLO banner you send - which should be "slow".
You should probably also consider greylisting and similar built-in facilities. I found it very useful to automatically temp-fail 100% of incoming SMTP submissions if the system load were high, but that was back in the days when my SMTP server had 1gb of memory so it might be outdated.
[dead]