Stalwart v0.16 was released, and with it support for automatic DNS updates for things like TLSA records (DANE). It also supports Bunny DNS, so it’s interesting for me. Will I replace my current mail server (with docker-mailserver) with Stalwart soon? 👀

I would never have thought that blocking just one country and one ASN would be so effective in reducing the spam reaching my email server, in addition to using Postscreen and Rspamd, of course. Over time, I had built myself a pretty sophisticated filter with Sieve and added a long list of domains to reject, but automatic blocking with iptables is even better.

Now I have this setup: automated blocking of country/ASN ranges with iptables + Postscreen + Rspamd with Abusix integration + Sieve rules. And my inbox is quiet again, and only legitimate mail reaches me.

Earlier this year, I used Purelymail until I switched back to a self-hosted email server. Today, I found out that Purelymail was sold shortly after I closed my account due to health reasons. The new owner has pledged to continue the service in the same spirit as its founder, who always provided excellent support when I needed it. My reason for switching wasn’t due to any dissatisfaction with Purelymail; I simply wanted more control and to host my data in Europe again. I wish Purelymail all the best and hope it continues to provide its great, no-nonsense email service.

My email server works perfectly for almost everyone. I’ve got all the security measures: SPF, DKIM, DMARC, MTA-STS, DNSSEC etc. My IP isn’t on any blocklist. Yet, with giants like Outlook and iCloud.com, my emails consistently hit spam or get outright rejected. The fix? An AWS SES relay, just for them. Suddenly, mail from Amazon gets through. This is pure tech oligopoly garbage, forcing us through their gatekeepers! /rant

It’s surprising how much I can reduce the amount of spam that Rspamd needs to filter – whether it ends up in my junk folder or even my inbox – just by blocking certain recipient addresses. Using unique email addresses for each service, like “deezer @ example.com” for Deezer, was one of the best decisions I made, especially combined with a catch-all address.

For example, Deezer had a data leak a few years ago, which led to a flood of spam targeting the email I used for their service. Fortunately, with Postfix, I can simply reject emails sent to that specific address, keeping my inbox much cleaner and reducing the workload for Rspamd.

I’m tired of spam emails flooding my inbox, so I decided to take inspiration from Kev’s approach. I noticed that many of the spam messages were being sent to the email address I published on my legally required imprint.

To combat this, I now include a random email address on my imprint page, which I can update regularly. In my mailbox, I’ve set up a Sieve filter rule to reject any emails sent to the same subdomain but addressed to a different email.

This way, whenever I notice an increase in spam, I can easily update the contact address and adjust the filter rule.

To avoid confusing legitimate senders, the rejection message returned to the sender’s server (and typically forwarded to the sender as well) includes instructions on where to find the current email address or alternative ways to contact me.

Here’s hoping this strategy works!