Email Infrastructure — High-Concurrency Self-Hosted MTA
A bare-metal, high-concurrency self-hosted email platform on Hetzner — a hardened Postfix and Mautic stack with containerised single-tenant environments and correct reverse DNS across a full /28 subnet.
This is a self-hosted, high-concurrency email infrastructure platform built on a bare-metal Hetzner server. A hardened Postfix mail-transport layer handles delivery, Mautic manages campaigns, and Netplan routes a full /28 subnet with correct per-IP reverse DNS — the details that decide whether self-hosted mail actually delivers or lands in spam.
Each tenant runs in an isolated container, and the entire setup ships with a comprehensive operations runbook so the client can run and grow the cluster themselves. The build secured a first-try Port 25 unblock, was delivered ahead of schedule, and earned a five-star review for precision and communication.
Case Study
The Problem
The client needed a bulletproof, high-throughput self-hosted email platform built on a bare-metal Hetzner node, not a managed sending service. That meant getting outbound Port 25 unblocked (blocked by default at Hetzner), configuring clean reverse DNS across an entire /28 subnet, and isolating tenants from one another — all on open-source components, with the whole thing documented well enough to operate and scale later.
The Approach
Built a minimalist open-source mail-transport stack: hardened Postfix for delivery and Mautic for campaign management, with Netplan handling /28 subnet routing and per-IP reverse DNS. Each tenant runs in its own containerised single-tenant environment for isolation. Secured the Port 25 unblock with Hetzner, configured rDNS across the full /28, and delivered a comprehensive operations runbook so the client could run and extend the cluster. Source merged to the client's repository at handover.
The Outcome
Port 25 unblock secured on the first try, flawless reverse DNS across the /28, containerised single-tenant delivery, and a complete runbook — delivered ahead of schedule. The client left a five-star review and engaged again afterwards for further hardening of the node.
“Helgi is an absolute master of enterprise mail infrastructure. He secured our Port 25 unblock on the first try, configured flawless rDNS across a /28 subnet, and delivered containerized single-tenant environments with a comprehensive Runbook. Will definitely hire again for future clusters!”
— murtazind