gspe
Mailcows default settings are very good.
For a “normal” mailserver, here’s not much more to do from the application side IMHO. Choose strong passwords, enable 2FA on the Portal accounts and you’re good to go.
Of course, as with all things, you should always know what you are doing. there’s a lot of settings to customize to your liking and some of them might affect security as well!
Managing and securing the underlying system is up to you and the general rules and recommendations for server administration apply.
Also, you should get an idea about email mechanics, techniques and security and how to implement for example SPF/DMARC/DKIM for your domains.
A certain level of knowledge on these topics is strongly recommended!