Redis Instance Isolation: Running Multi-Instance Redis with systemd Templates

Instead of running a single global Redis server, I prefer to use multiple isolated instances. This allows me to precisely limit resources like memory (maxmemory) and apply specific tuning per instance. This approach is fundamental to reliable operation in a shared environment. I used systemd templates to manage this, creating an instance for Amavisd-new as a practical example.

Continue reading Redis Instance Isolation: Running Multi-Instance Redis with systemd Templates

NGINX Hardening: Achieving A+ Security & Performance

Improving your web security and performance starts with a solid foundation. I regularly use external online generators and verification tools to ensure my NGINX configuration meets the highest standards. This guide details my steps to achieve an A+ security rating and optimal performance settings.

Continue reading NGINX Hardening: Achieving A+ Security & Performance

Advanced Mail Filtering: A Deep Dive into Amavisd-new and Amavisd-milter Policy Banks

Amavis isn’t new; in fact, AMaViS started as a shell program back in 1997. It has since evolved into a powerful, flexible tool for content filtering. This article will be a hands-on guide to setting up Amavisd-new with a milter and multiple policy banks. I’ll explain the critical difference between after- and before-queue filtering in Postfix, demonstrate how to use both, and show you how to split your mail traffic for a robust, multi-layered defense.

Continue reading Advanced Mail Filtering: A Deep Dive into Amavisd-new and Amavisd-milter Policy Banks

Email Signing and Verification with Amavisd-new and DKIM

I recently had a moment of “why did I do that?” when I temporarily disabled DKIM signing on my mail server. A quick email to a mailing list triggered a flood of DMARC authentication failure reports. It was a clear reminder that a surprising number of administrators have DMARC and DKIM reporting enabled.

Continue reading Email Signing and Verification with Amavisd-new and DKIM

Securing Email with MTA-STS and TLSRPT

What is MTA-STS (MTA Strict Transport Security)?

MTA-STS is a mechanism that enforces TLS encryption for your email communication. Think of it as HTTP Strict Transport Security (HSTS) for email. By instructing the sending mail server that a secure connection is mandatory, you can effectively mitigate or stop Man-in-the-Middle (MITM) attacks. The official abstract from the RFC puts it best:

Continue reading Securing Email with MTA-STS and TLSRPT