Mail Servers
Postfix, Dovecot, and the protocols that hold email together.
Self-hosted email infrastructure: Postfix and Dovecot architecture, SMTP/IMAP/POP3 internals, mail storage formats, CVE history, and real-world hardening.
All Articles (7)
Postfix and Dovecot Misconfigurations That Will Bite You in 2026
Most successful attacks against self-hosted mail aren't CVEs — they're config-file mistakes. Here are the eight misconfigurations that show up over and over, with the exact lines that fix each one.
25 Years of Email Server CVEs: Why the Same Bugs Keep Coming Back
Mail server vulnerabilities aren't a random walk. Look at twenty-five years of Postfix, Dovecot, Sendmail, and Exim CVEs and four bug classes account for almost everything. Here's why those classes keep recurring.
mbox vs Maildir vs Database: How Mail Actually Sits on Disk
Where your messages physically live shapes everything from backup strategy to incident response. Here's mbox at the byte level, Maildir's atomic delivery, and why the storage layer is where forensics actually happens.
SMTP, IMAP, and POP3 at the Byte Level
Email protocols are old, text-based, and quietly fascinating. Open Wireshark, run tcpdump, and watch what your mail server actually says on the wire — including the parser disagreement that made SMTP smuggling possible in 2023.
Dovecot Architecture: From Login to Maildir
Dovecot won the IMAP server wars in the 2010s for a reason — its architecture treats every login as untrusted code execution waiting to happen. Here's how it's actually structured, with the C source as the reference.
Postfix Architecture: Reading the Source to Understand the Surface
Most Postfix articles tell you what to put in main.cf. This one opens the C source, traces a message through the queue with strace, and maps the attack surface of every process in the pipeline.
So You Decided to Host Your Own Email Server (Or Update One)
Self-hosting email is one of those decisions that looks reasonable at 11 PM and terrifying at 9 AM. Before you type a single config line, here's what running your own mail in 2026 actually means.