Self-Hosted Email Gateways in 2026
Self-hosted secure email gateways compared: Proxmox Mail Gateway vs Hermes SEG vs DIY Rspamd, plus which classic appliances are now abandonware.
All the articles with the tag "security".
Self-hosted secure email gateways compared: Proxmox Mail Gateway vs Hermes SEG vs DIY Rspamd, plus which classic appliances are now abandonware.
How to expose a possibly-vulnerable app to the public internet and survive it: rootless containers, a file-integrity tripwire, and zero inbound SSH on the box.
Kasm Workspaces streams disposable Linux desktops and apps to your browser. Threat model, real homelab uses, and how it compares to Guacamole.
Open Policy Agent and Gatekeeper enforce rules across Kubernetes — block privileged pods, require labels, restrict images. Rego basics and real homelab constraints.
cert-manager makes Let's Encrypt automatic on Kubernetes — once. Then you scale, hit DNS-01 quirks, wildcard limits, and rate-limit walls. Here's the full survival guide.
Zeek (formerly Bro) turns network traffic into structured logs you can actually query. The IDS that doesn't shout — it documents. Setup and use in a home lab.
ModSecurity 3 is end-of-life and Coraza is the open-source successor — Go-native, faster, and friendlier. Here's the migration story and what actually changes.
Stop the .env-in-1Password dance. SOPS encrypts secrets per-key, age provides modern crypto, and git stores them safely. Here's how to ship it without footguns.
Passkeys finally killed passwords for real users. Here's what WebAuthn actually is under the hood, and how to roll passkeys out on your self-hosted services.
Native ZFS dataset encryption vs LUKS under your pool — which layer to encrypt at, performance trade-offs, key management, and raw send/recv.
Zero-trust access for SSH, k8s, and databases — HashiCorp Boundary vs Teleport compared on identity, session recording, and self-host fit.
Go beyond basic UFW rules — rate limiting, geo-blocking, application profiles, logging, and before.rules tricks for serious firewall hardening.