How I handle my email:
I run a Dovecot server on my home network (inaccessible externally) that I connect to via Gnus. I use fetchmail to pull mail from my personal mailserver (mikegerwitz.com, also running Dovecot), and fencepost.gnu.org.
Mail rules are assigned on mikegerwitz.com if it needs to bounce, via Sieve. Otherwise, I have Sieve rules on my internal mailserver.
My SMTP server at mikegerwitz.com is Postfix. The SMTP server I use depends on my From address.
Follow
I also use fetchmail via POP, so I don't have my mail accessible potentially to attackers on remote servers. But I wait to flush the mail until after I run my backups locally, just to make sure I don't lose any messages.
If I need to access my mail, I do so via SSH, which requires my Nitrokey; my mailserver is inaccessible outside of the box that it's running on. Consequently, I use Gnus via that SSH session; I do not connect to my local IMAP server from my laptop, to limit attack surface a bit further.
This is also out of respect to people I correspond with, since any compromise of my system is a breach of their privacy as well.