Family email server? Your family have an email server to themselves? You managed to deal with block lists over 2 decades and more?

My utmost respect to your dedication

Believe it or not I’ve come into contact with Microsoft Exchange 2010 running on Server 2008 for 2000 days once. The company had ransomware.

Please tell you to at least have Freexian patches installed…

I’m fairly certain that SSH and whatever else you’re exposing has had vulnerabilities fixed since then, especially if modern distros refuse to use the ssh key you were using, this screams of “we found something so critical here we don’t want to touch it”. If your server exposes anything in a standard port, e.g. SSH on 22, you probably should do a fresh install (although I would definitely not know how to rebuild a system I built almost 20 years ago).

That being said, it’s amazing that an almost 20 year old system can work for almost 10 years without touching anything.

Not to be that guy but why not use Curve25519?

I still remember all the conspiracies surrounding NIST and now 25519 is the default standard.

In 2013, interest began to increase considerably when it was discovered that the NSA had potentially implemented a backdoor into the P-256 curve based Dual_EC_DRBG algorithm.[11] While not directly related,[12] suspicious aspects of the NIST’s P curve constants[13] led to concerns[14] that the NSA had chosen values that gave them an advantage in breaking the encryption.[15][16]