What you are looking for would be a very advanced setup [...]
I don't think so. But we'll see!
I would be happy to take a pre-packaged mail server solution like iRedMail which includes RoundCube or whatever.
I just need a "easy", practical guide to reconfigure it to 1) download e-mails from a multidrop, and 2) relay external e-mail to the ISP's SMTP server. Well, at least saying it like that does not sound hard. 8-)
More importantly, most ISPs are very limited in the way of support. [...]
While that assertion is generally true, most ISPs I have seen do get the basic e-mail service right. All have a kind of "catch all" e-mail address. Level of service is normally fine for a small business. If it is not, you can always change ISP.
Hardware costs are not a problem. Most small companies I have seen have a file server sitting idle most of the time. Creating a VM with VirtualBox or KVM is relatively easy.
Backing the mail server up is easy too: you just copy the VM as a big file. In a small business you may need a few Gigabytes per year if you want to keep all e-mails.
I have even written a script that stops a KVM virtual machine every day at 4 am, backs the big file up to a NAS, and the restarts the VM. OK, I am not actually using it, and there is room for improvement, but the basic idea would work. If the server breaks, you have some downtime and you lose some data, but not too much. Most small businesses have more downtime and more data loss for other reasons.
Retention is problematic anyway even if you use an external provider. With an external provider you also have to consider data protection issues. Small businesses are often exempt from difficult legal requirements (but I am not a lawyer either).
The server would still need to be accessible publicly for email to be routed to it.
That's not the case. It hasn't been for an Exchange Server with "POP3 Connector" that I have seen. And it will not be the case with a Dovecote that fetches e-mail from the ISP over multidrop.
[...] things unexpectedly and you still have maintenance regarding deliverability (i.e. reputation, dkim/spf/dmarc) and will still be paying additional
Not applicable. Reputation, SPF, etc. is handled by the ISP. Those are standard things, a commodity nowadays.
[...] Webform attacks are rising so there would
Not applicable. No web interface exposed. Only accessible over a VPN connection.
[...] This includes the workaround.org guide which you'll inevitably run across. That guide was designed for a personal server, its a good step forward but there are many more requirements needed for business.
That is true. On the other hand, you may be overestimating the needs of a small business. Some of them still use Hotmail addresses!
[...] > Stakeholders will need to include all emails related to it at the final signing. [...]
I am thinking of a small business here, where most things are rather more informal. Something along the lines of "I would do it this way, but if you need something professional, I am out of my depth, because I am not actually an admin at all, you know". That's how real life often works. 8-)
In other words, I am looking for a workaround.org guide for multidrop. Just for fun!
Regards, rdiez