Hello, Wesley. The safest way is to have your own hardware, albeit there are some other options.
Perhaps we can have a quick talk in the evening. My phone number: on Signal: +447511244961 Kind regards, André On Tue, 2019-11-26 at 14:36 +0800, Wesley Peng wrote: > That look interesting. Do you provide a hosting plan Andre? > > regards > > on 2019/11/26 14:31, André Rodier wrote: > > Hello, Bill. > > > > I had the same concern a few years ago. > > > > I have been self-hosting for more than a decade, and more recently, > > I > > built this: > > > > https://github.com/progmaticltd/homebox > > > > This is oriented towards security and privacy, and include defence > > mechanisms against remote and physical intrusion. > > > > - All daemons are protected by AppArmor. > > - The main drive is fully encrypted using LUKS, unlock with a > > Yubikey > > locally or remotely using SSH. > > - Implementation of latest standards, like DNSSEC, SSHFP, MTA-STS, > > etc... > > - Encrypted remote or local backups with borg, with jabber alerts. > > - Everything coming from Debian repositories. > > - Some bonus features, like Jabber, RoundCube, Zabbix, SOGo, gogs, > > transmission, etc. > > > > One feature you may find particularly useful, is a monthly report > > with > > all the accesses, by country, ISP, hours: > > > > https://homebox.readthedocs.io/en/dev/access-reports/ > > > > > > Real time alerts and/or blocking if you connect from a blacklisted > > IP > > and various parameters. > > > > Everything is tested using continuous integration with a Jenkins > > server. > > > > It is on Debian Stretch for now, but we will provide a buster > > version > > next year. > > > > I am currently working on a way to provide static IP address if you > > do > > not have one... > > > > Enjoy! > > > > Kind regards, > > André > > > > On Tue, 2019-11-26 at 00:48 -0500, Bill Cole wrote: > > > On 25 Nov 2019, at 22:53, lists wrote: > > > > > > > Security is privacy. > > > > > > More precisely: Security includes privacy. Privacy is an > > > essential > > > *PART > > > OF* security. > > > > > > The remit requested by the OP is really too broad to answer on a > > > public > > > mailing list intended for discussion of a specific MTA (even > > > though > > > Postfix would be a likely component...) because it could have > > > very > > > different answers depending on the specific needs of a site and > > > issues > > > like scale, threat model, risk tolerances, and available > > > resources. > > >
