pez-infra/docs/hosts/nuremberg-a.md

nuremberg-a

Dedicated mail server. One job, does it well.

Overview

Location	Hetzner Cloud (Nuremberg)
OS	Debian
Tailscale IP	100.70.180.24
Role	Mail server (poste.io)
Provider	Hetzner Cloud VPS

Services

Service	Ports	Deployment
poste.io	25, 587, 993, 443	Docker

poste.io is a batteries-included mail server that bundles postfix, dovecot, rspamd, and webmail into a single Docker container. No juggling separate containers for each mail component.

Why a separate server

Mail lives on its own VPS to isolate its IP reputation. If the IP gets flagged for any reason, it doesn't affect the rest of the infrastructure. And if something else gets flagged, it doesn't affect mail deliverability.

DNS

Mail-related DNS records are managed via Cloudflare (Terraform):

• MX record for inbound mail routing
• SPF for sender verification
• DKIM for message signing
• DMARC for policy enforcement

Firewall

Managed by Hetzner Cloud firewall rules (Terraform). Mail ports are exposed via Docker port mappings in ansible/services/poste-io/docker-compose.yml.