Exos X18 series are CMR drives for the enterprise server segment. They come with a 5 year warranty. They are perfectly fine in a NAS.

.test internal domain, own postfix SMTP+dovecot IMAP server.

The IMAP server is accessible from WAN via IMAPS (HAproxy+SSL/letsencrypt certificate).

As per securing against brute force attacks:

• Dovecot has a listener process configured to talk the HAproxy's specific PROXY protocol which passes the original client IP to Dovecot, so the latter can apply its own authentication penalty algorithm

• Crowdsec is installed with the HAproxy plugin, so client IPs can also be banned after authentication errors, albeit I'm not sure this works with HAproxy's PROXY protocol

Main fiber link with one ISP and cable modem with a different ISP. I'm lucky enough to live at an intersection where both options are available - and the two links are literally buried under two different roads.