Secure, professional corporate email without subscription fees, ads and spam.
A Postfix-based mail server architecture with virtualization and containerization suits organizations with elevated data-security requirements that need confidential messaging, full infrastructure control, and high availability.
The main advantage of this architecture is complete control over mail traffic and processing workflows, eliminating dependence on external providers and enabling implementation of custom security, filtering, and monitoring policies.
The system is built on modern architectural principles such as containerization, centralized user authentication, and automated inbound mail filtering. Docker-based containerization provides strong service isolation, improves system stability, simplifies upgrades, and enables maintenance of individual components without stopping the entire platform.
A browser-based web interface provides convenient access to mail, calendars, and address books without installing additional client software.
A physical host running the Xen hypervisor enables full control and reliability and guarantees performance for mission-critical workloads. This approach is important for meeting security requirements for private infrastructure and keeping sensitive data in-house.
The privileged virtual machine Domain 0 (Dom0) manages the lifecycle of guest VMs and controls network interfaces and block devices. Physical disks are combined using software RAID (MD) to create fault-tolerant storage. LVM (Logical Volume Manager) provides flexible storage management — creating, resizing, and removing logical volumes without rebooting. Block-device replication via DRBD is used to preserve data in case of failures and to ensure high availability.
The mail platform and auxiliary services are deployed inside a dedicated virtual machine and in Docker containers, providing modularity, isolation, and ease of maintenance.
Postfix forms the core of the mail subsystem as the Mail Transfer Agent (MTA) responsible for receiving and sending messages. Dovecot provides IMAP access to mailboxes. Spam and unwanted mail are processed by Rspamd for efficient filtering.
Secure web access to email, calendars, and contacts is provided by SOGo with Nginx as the web server/reverse proxy. Certbot is used to obtain and automatically renew Let’s Encrypt TLS certificates.
Required auxiliary services include a MySQL-compatible database, Redis for caching, an LDAP directory for user accounts, and DNS services (Bind and dnsmasq).
For general questions concerning new client relations, as well as technical questions on administration and web development, please contact us at info@ntchs.com.
