Long time user of Linode. I assume like any other provider, they would be obligated to make a best effort to obtain forensic data. i.e. logs from your ext4 filesystem. If you use a raw disk and encrypt it, then I assume they would live-snapshot your VM (they can live migrate them) and dump memory contents. Some of the lower-end VPS providers do not have live migrate capabilities (or at least, don't have an easy way to use them in their tooling).

It is your call how long you save/enable logs and if you save them to tmpfs and encrypt your swap. You can also encourage your users to 7-zip encrypt sensitive contents. You can also add specific MX routes in transport maps to use VPN connections to make connection logging less useful. Tinc (open source VPN) is great for this, as traffic routes in user-space through your mesh and therefor traffic can end up at its destination without a direct connection.

I am sure they can record IPs if neeeded. The difference is linode doesn't know who I am sending email to/receiving from.

Don't they? They certainly have access to the VPS file system.

But even beyond that, can they be compelled by a court order to install software on the VPS (and securing against someone with unlimited access to the VM host is… about as practical as securing against someone with physical access)? I'd assume so?

Probably?

The main benefit to me for runnign my own email is owning my own data/domain, and not having to allow third parties (aka google) full access to all my emails.

You just have to be sure and disable most logging if you're using something like mailinabox. Defaults are still pretty loquacious.