blog
News & Updates
SSH Key Backup Guide: How to Safely Migrate Keys When Changing Laptops/PC
Introduction Changing laptops is exciting, but it comes with a critical task: migrating your SSH keys. These keys are your digital identity—they grant you access to servers, GitHub, AWS, and countless other services. Lose them, and you'll be locked out of...
SSH Key Management Best Practices: Why You Should Never Share Private Keys
Introduction Secure Shell (SSH) is the backbone of secure remote server administration. Whether you're managing a single VPS or a fleet of cloud servers, SSH keys provide the cryptographic foundation for authentication. However, one of the most common mistakes I see...
Hardening Ubuntu Servers: A Comprehensive Guide to OpenSCAP and Ubuntu Security Guide (USG)
In today's threat landscape, security compliance isn't optional—it's essential. Whether you're running a single server or managing an enterprise infrastructure, knowing your security posture is the first step toward protecting your systems. Two powerful tools stand...
Your Comprehensive Server Hardening Checklist
You can work through this checklist in phases. The goal is to systematically eliminate vulnerabilities and harden every layer of your server. Phase 1: Foundational Scanning & Vulnerability Assessment Before making changes, you need to know your current security...
Minimize Spam with Bayesian Filtering on Red Hat and Ubuntu Servers
Spam emails are not just annoying—they're a security risk and a drain on server resources. While basic spam filters catch obvious junk, Bayesian filtering provides intelligent, self-learning protection that improves over time. This guide will walk you through...
iRedMail Backup & Disaster Recovery: Don’t Learn This the Hard Way
Here's a scenario no server administrator wants to face 🙂 You wake up to find your email server unresponsive. The disk has failed. Your hosting provider says the last backup is from 6 months ago. Your CEO is asking why no one can send or receive email. What do you...
Get Instant Server Alerts on Your Phone: Setting Up ntfy.sh with Fail2ban
Stop checking logs manually. Get instant push notifications when your server is attacked. Free, no registration, works with Fail2ban, Docker, cron jobs, and scripts. Complete setup guide for iOS and Android. You have fail2ban running. Your firewall is configured. Your...
iRedMail Security Hardening From Default to Production-Ready in 10 Minutes
Default iRedMail installations work but aren't secure. Follow this 10-point checklist to harden your mail server: SSL certificates, fail2ban, SASL authentication, firewall, PHP security, real-time alerts, and more. You've just installed iRedMail. Webmail works. Email...
The Complete iRedMail Upgrade Guide: From 1.7.4 to 1.8.2 on Red Hat, CentOS, Fedora, Rocky Linux 10.1
I recently upgraded two production iRedMail servers from version 1.7.4 to 1.8.2. The official documentation is excellent but assumes a perfect world. In reality, you'll encounter: PHP version mismatches (older OS versions) File permission issues after upgrade...
Step-by-Step Guide: Securing a Rocky Linux 10 KVM Host (SSH + Firewalld + Fail2Ban)
This guide explains how to securely configure a Rocky Linux 10 KVM virtualization host with proper network segmentation, SSH hardening, and intrusion protection using Fail2Ban and firewalld. Before You Start (IMPORTANT SAFETY RULE) Never apply firewall or SSH...
iRedMail Security Hardening: From Default to Production-Ready
Default iRedMail installation is not production-ready. Learn how to harden your mail server with SSL certificates, SASL authentication, firewall rules, fail2ban, root security, rate limiting, and monitoring. Congratulations! You've installed iRedMail. The web...
Securing iRedMail with Fail2ban: Beyond the Default Configuration.
Fail2ban is installed but are you getting alerts? Learn how to configure fail2ban for iRedMail, fix broken jails, and set up real-time notifications via email and Telegram. Your iRedMail server is being attacked. Right now. Open your mail logs and you'll see a...
Why Your iRedMail Emails Go to Spam (or Never Arrive) and How to Fix It!
Emails from your iRedMail server going to Gmail spam folder? Learn how to set up SPF, DKIM, DMARC, PTR records, and warm up your IP address for perfect deliverability. You've set up iRedMail. SSL certificates are working. Authentication is perfect. But there's one...
Apple Mail Cannot Connect to iRedMail? Here’s the Fix
Apple Mail throwing "Unable to verify account name or password" errors with your iRedMail server? Learn the correct settings for IMAP, SMTP, SSL, and authentication that actually work. Suggested Featured Image Prompt: You've followed every tutorial. You've...
Firewalld Says Ports Are Open But Connections Fail: The SMTP Port Mystery
You've opened ports 465 and 587 in firewalld, but connections still fail. Learn why rich rules, zones, and service definitions matter. Fix your email server firewall once and for all. You've run the command. You've double-checked it twice: sudo firewall-cmd...
Remove ‘Untrusted Certificate’ Errors in Apple Mail, Outlook, and Thunderbird for iRedMail
Tired of "untrusted certificate" warnings in your email client? Replace iRedMail's self-signed SSL certificates with free Let's Encrypt certificates. Step-by-step guide for Rocky Linux, Ubuntu, and more. You've just set up iRedMail and created your first email...
Postfix SASL Authentication Failed: Fixing ‘No SASL authentication mechanisms’ in iRedMail
You've just set up iRedMail, configured your domains, and created email accounts. Everything seems perfect until you try to send an email from your desktop client. Instead of a sent confirmation, you're staring at an error message in your mail logs: warning: SASL:...