A few technical questions on the capabilities of Helm

I have been running my own ‘family/SoHo’ mail server for 25-30 years now. Started with sendmail on NeXTSTEP with local delivery on the machine into Mail.app accounts (yes, I’m that experienced = old :wink:), then moved to postfix on NeXTSTEP (ported it myself), then used Mac OS X Server for as long as it supported mail services, and I am now running a mail server setup using postfix, dovecot, rspamd, clamav, solr8, dovecot-sieve via MacPorts on macOS with some geofencing added at low level IP. (Internally, I also run nginx, MinIO, unbound/nsd (in a split DNS-setting). Because so far I am able to keep on renewing my APNS certificates, I also have push notifications running to the Apple devices that make use of my server.

I have been eying Helm for a few years as a possible replacement to see if that would reduce my workload in keeping everything running, up to date, and secure. I have a few questions which I have been unable to find out about:

  • What technology does Helm use for email protection? I have rspamd/solr8/clamav integrated and it works pretty good. The move from spam assassin to rspamd a while back really improved spam filtering a lot. It did require a specific DNS setup in unbound, though, to make sure requests from rspamd were not routed via my main upstream DNS (Cloud9).
  • There is a dovecot extension one can use to send Apple Push Notifications. It requires that you still have access to a APNS certificate that you can renew (I do). Is Helm capable of this on its own using its own APNS certificates (like Gmail, Mircosoft and other medium/big players can)? If not, will it get this in the future? Without push, your devices need to poll and that is bad for device battery life.
  • How configurable is the postfix server? I.e. I have canonical maps, client connection count & rate limits (to stop noise and attacks), I use postscreen settings to quickly drop a lot of spammers/scammers/breakin attempts, greylisting (currently running without), extensive use of mail aliases, virtual domains and addresses. There will be limitations in what I can manage on a Helm, so the default settings become interesting.

I can’t answer all of your questions but it uses Spam Assasin for spam filtering and the results are not great in my experience so far and the learning features seems quite slow to catch on.

I’ve had to turn the sensitivity up quite high and this has resulted in a fair number of false positives where the slow (honestly can’t tell if it’s even working) learning stuff is frustrating.

There’s no official method of running a blacklist but you can do it using a Sieve client.

Because of when the. Sieve stuff runs it doesn’t appear you can use it as a Whitelist as well.