Is this what whipping the llamas ass looks like?

That rarest of all creatures, someone admitting they were wrong on the internet

You need to set up dkim to prevent spoofing. Each message sent has a digital signature that matches one on a DNS record for your domain. You can also set an SPF record, which will tell the recipient what up addresses are authorized to send mail on behalf of your domain.

The recipent must have policies in place that reject mail which fails dkim/spf

Set up dkim/SPF properly, make sure the ip you plan to use is clean before you start, sign up for MXtoolbox blacklist alerts and if you get on a blacklist (doesn’t happen often if you do a bare minimum of proactive security), you request removal. It’s really not hard.

but my homelab is held together with hope and scripts to recover when it goes down

That’s every IT guy. When I’m done with work, I’m sick of doing things right. If it works it’s fine. Where’s my duct tape

Updates are paused until 2038/January/19

And the botnets rejoiced for their bounty was plentiful

1 kB is 1024 bytes and a byte is 8 bits. That is not metric. It just uses metric prefixes.