This is why ISPs typically block port 25. Also, I love containers as much as the next guy but for the reasons mentioned I reduce complexity in all areas of critical systems were it doesn’t belong such as a email server.

You are not the first to do this with docker hosted email servers and you won’t be the last. The Internet is full of people talking about this exact issue.

If you have active directory why not just use it’s DNS server?

Meh, been doing it for 5 years now with minimal issues. Had one issue come up where my domain was flagged as malicious, but was solved in a few days and some emails to security vendors.

I think it’s important that those who can, and are educated enough to keep it running properly do host their own. Hosting your own email should be encouraged if capable because it helps reduce the monopoly, and keep a little bit of power for those who want to retain email privacy.

The web version is most definitely safer. Most of the people here probably don’t penetration test their servers, conduct security audits or use best practices. Unless you are a cyber security guru on par with a dedicated team, the web version will be much safer for you.