Skip to main content

Miscellaneous

📄️ Halon configuration deployment and clustering with Ansible

Halon provides built-in configuration clustering using pre-made Ansible roles and although there are alternative approaches to managing this aspect, our usual recommendation is Ansible, particularly for users without established processes for configuration deployment and clustering. The built-in clustering provides both configuration deployment and, if needed, advanced replacement of settings using so-called "overlays" on a per-host basis.

📄️ How to implement recipient filtering

Recipient filtering is a crucial part of modern e-mail filtering. All edge (fronting) mail gateways should be aware of all e-mail accounts inside the organization in order to prevent back scatter. That is not to say that you should not prevent dictionary harvesting attacks (if that is important to protect your users). Back scatter is when messages to unknown recipients aren't rejected in the edge server, so bounces (DSN) has to be generated on the backend server, which will result in "unnecessary" DSN messages being sent, and also you may be subject to sending DSN spam.

📄️ Create Data Loss Prevention policies

The Halon platform features a Data Loss Prevention (DLP) engine, that you can use to comply with DLP policy requirements. Our engine operate on a level that is called "data in motion", that is on data (e-mail) that is in-transit between two endpoints (clients and/or mail servers). It features different techniques in order to detect policy violations (all covered below). Once a violation is detected, the administrator may choose an appropriate action such as quarantine, log or reject the message.

📄️ Configuration versioning

All our YAML configuration files (e.g., smtpd.yaml, smtpd-app.yaml) include a "version" property. This property ensures backward compatibility when upgrading to newer software versions. Later versions of the configuration may introduce new features, syntax changes, and/or updates to default behaviors; these changes are documented in the release notes for each version. If you use a newer software version with an older configuration file version, the specific configuration version will always maintain consistent behavior.