I guess that most people use amavisd-new together with spamassassin and for example ClamAV. Probably a few more use features like DKIM verification and signing with amavis. However, there are some features which aren’t found in the usual howtos. Here are some of them.
Continue reading Inside Amavisd-new: Advanced Features for Intelligent Mail FilteringRedis Instance Isolation: Running Multi-Instance Redis with systemd Templates
Instead of running a single global Redis server, I prefer to use multiple isolated instances. This allows me to precisely limit resources like memory (maxmemory) and apply specific tuning per instance. This approach is fundamental to reliable operation in a shared environment. I used systemd templates to manage this, creating an instance for Amavisd-new as a practical example.
Continue reading Redis Instance Isolation: Running Multi-Instance Redis with systemd TemplatesNGINX Hardening: Achieving A+ Security & Performance
Improving your web security and performance starts with a solid foundation. I regularly use external online generators and verification tools to ensure my NGINX configuration meets the highest standards. This guide details my steps to achieve an A+ security rating and optimal performance settings.
Continue reading NGINX Hardening: Achieving A+ Security & PerformanceAdvanced Mail Filtering: A Deep Dive into Amavisd-new and Amavisd-milter Policy Banks
Amavis isn’t new; in fact, AMaViS started as a shell program back in 1997. It has since evolved into a powerful, flexible tool for content filtering. This article will be a hands-on guide to setting up Amavisd-new with a milter and multiple policy banks. I’ll explain the critical difference between after- and before-queue filtering in Postfix, demonstrate how to use both, and show you how to split your mail traffic for a robust, multi-layered defense.
Continue reading Advanced Mail Filtering: A Deep Dive into Amavisd-new and Amavisd-milter Policy BanksEmail Signing and Verification with Amavisd-new and DKIM
I recently had a moment of “why did I do that?” when I temporarily disabled DKIM signing on my mail server. A quick email to a mailing list triggered a flood of DMARC authentication failure reports. It was a clear reminder that a surprising number of administrators have DMARC and DKIM reporting enabled.
Continue reading Email Signing and Verification with Amavisd-new and DKIMSecuring Email with MTA-STS and TLSRPT
What is MTA-STS (MTA Strict Transport Security)?
MTA-STS is a mechanism that enforces TLS encryption for your email communication. Think of it as HTTP Strict Transport Security (HSTS) for email. By instructing the sending mail server that a secure connection is mandatory, you can effectively mitigate or stop Man-in-the-Middle (MITM) attacks. The official abstract from the RFC puts it best:
Continue reading Securing Email with MTA-STS and TLSRPT