@nishil I see that you still have some outdated ciphers accepted, this is likely a misconfiguration. Nothing too big but maybe good to look into:
Also please consider to add a security.txt see https://securitytxt.org/ so that people can actually find where to report vulnerabilities.
As for email:
DNSSEC is not correctly configured, therefore you do not meet the requirements of PG.
Also TLS for email allows 1.0 this version should not be accepted. I wonder generally why inbound-smtp.us-west-2.amazonaws.com is used. This seems to have a weak configuration also DANE is missing.