Lots of little things have been happening and I am still deciding if I want/like the new network split as I have added a VLAN for the Internet services to take them off our primary LAN. But, I have configured the servers to be dual hosted on both the LAN and Internet VLAN so have I really gained anything? From an IPv6 perspective I have a different set of addresses so the firewall rules are significantly easier and I am happier to not be exposing the internal LAN address subnet.
Earlier in the week I configured the EdgeOS DDNS for Google in case our IPv4 address changes. Unfortunately it took me hours to get what should have taken ten minutes….
I have continued to tinker with rspamd as I could not verify all of the modules were working as desired. I ended up taking rspamd back down to almost default settings (renaming the files in local.d) and reading through what each modules does and how to enable and configure them. Yes, I should have done this in the beginning. Everything appears to be working as expected but clamav since it does not add any header tags if the eMail is clean.
Our eMail relay host has been continuing to attempt to resend unknown users and domains because our Postfix configuration was set to respond with 450 (retry) instead of 55x (reject). I tweaked only the two return codes I needed for now and will continue to monitor.
With the rspamd and Postfix changes our spam has significantly dropped and is almost non-existent (for the time being).
Finally, I am still working through the firewall rules but I believe IPv4 to be working as desired (significantly simplified) and now I need to repeat with IPv6 (blocking our VLANs from our LAN).