.test internal domain, own postfix SMTP+dovecot IMAP server.
The IMAP server is accessible from WAN via IMAPS (HAproxy+SSL/letsencrypt certificate).
As per securing against brute force attacks:
-
Dovecot has a listener process configured to talk the HAproxy’s specific PROXY protocol which passes the original client IP to Dovecot, so the latter can apply its own authentication penalty algorithm
-
Crowdsec is installed with the HAproxy plugin, so client IPs can also be banned after authentication errors, albeit I’m not sure this works with HAproxy’s PROXY protocol
Exos X18 series are CMR drives for the enterprise server segment. They come with a 5 year warranty. They are perfectly fine in a NAS.