Specs & Technology

The infrastructure behind your peace of mind.

We are not mass-market hosting resellers. We have engineered a robust, high-performance, and enterprise-grade secure environment tailored for mission-critical projects that cannot afford downtime.

PRIMARY NODE: ONLINE
100% NVMe RAID
1 Gbps Port Speed
99.9% SLA Uptime
ubuntu@catcom-srv01:~$ systemctl status nginx security-waf ● nginx.service - Active (running) ● waf-mitigation.service - Active (running - 0 packets dropped)
Infrastructure

Hardware specifications and connectivity.

Blazing load times and consistent performance for your users, regardless of concurrent traffic.

Performance & Infrastructure

Ultra-Fast NVMe Storage

Enterprise-grade solid-state drives configured in RAID. Enjoy read and write speeds up to 7 times faster than conventional SSDs, optimizing database queries and initial file loading.

1 Gbps Dedicated Public Port

A dedicated public network port in the data center for each server node. Ensures fluid transfers, rapid downloads, and prevents bottlenecks during peak traffic hours.

Unlimited Monthly Traffic

We never charge for bandwidth overages or suspend your service if your business goes viral. Your visitors can browse without monthly data limits.

Edge CDN Distribution

Content Delivery Network (CDN) integration to cache and serve your static web assets from the server geographically closest to each visitor.

HTTP/3 & Brotli Compression

Modern transport protocols built over UDP that minimize initial latency on mobile networks. Brotli optimizes text compression (HTML, CSS, JS) up to 25% better than classic Gzip.

Global & Local Data Centers

Our infrastructure is physically deployed in premier data centers located in the United States, the Netherlands, and Argentina, ensuring global redundancy and low regional latency.

Advanced Security

Unmetered DDoS Protection

Automated Layer 3, 4, and 7 mitigation against distributed denial-of-service attacks. Malicious traffic is filtered and neutralized before it ever reaches CATCOM servers.

Web Application Firewall (WAF)

A web application layer filter that inspects incoming requests to neutralize known exploits, SQL injections, XSS attacks, and threats targeted at WordPress.

Bot & Scraper Mitigation

Identification of malicious signatures and automated patterns. We block scraping bots, brute-force attacks, and unauthorized vulnerability scanners.

Client-Side Security & Script Monitoring

Active monitoring of third-party scripts executing in the user's browser, alerting and blocking malicious code injections to prevent data theft (Magecart).

API Schema Validation

Strict control over transit APIs and requests. Incoming data is validated against defined schemas to prevent data leaks and block malicious payloads.

Data Protection & DNS

Automated Daily Backups

Incremental automated backups stored on a physically isolated external server. We keep a 30-day retention log with free, instant restores.

DNSSEC Cryptographic Signing

Protection against cache poisoning and DNS spoofing. Cryptographic signatures ensure that your emails and clients are always routed to the correct IPs.

Anycast DNS Hosting

DNS servers geographically distributed across an Anycast network. Resolve domain lookups up to 50% faster than standard DNS and offer exceptional resilience against outages.

Permanent Free SSL Certificates

Automatic emission and renewal of TLS/SSL certificates at no extra cost. Your site always runs securely under HTTPS, boosting trust and search engine optimization.

Premium Email Service

Architecture details, functional features, and security/performance measures implemented in CATCOM's boutique multi-domain email server.

1. Functional Features (User Experience)

Multi-Device Access

Native support for secure IMAPS (port 993) and POP3S (port 995) protocols for seamless synchronization with desktop clients (Outlook, Thunderbird, Apple Mail) and mobile devices.

Next-Generation Webmail (Roundcube)

Responsive, fast, and elegant web interface, configured under HTTPS and fully white-labeled under the CATCOM brand.

Security Self-Service

Users can change their passwords directly from the Webmail control panel via a secure, encrypted channel.

Filtering Rules & Autoresponders (Sieve)

Server-side filtering engine to automatically sort emails by sender or subject, and configure "Out of Office" (vacation) autoresponders.

Two-Factor Authentication (2FA)

Integrated support for Two-Factor Authentication via Google Authenticator, Authy, or similar apps, protecting accounts from password theft.

End-to-End PGP Encryption (Enigma)

Native integration allowing users to sign and encrypt confidential emails directly from their browser securely.

Rich Interaction

Right-click context menu within the web interface for rapid navigation (reply, archive, mark as SPAM).

Efficient Attachment Downloads

Feature to package and download all email attachments into a single ZIP file with just one click.

2. Technical Specifications (Software Stack)

Component Software Role / Function
MTA (Mail Transfer Agent) Postfix Secure routing and management of incoming/outgoing mail (SMTP/SMTPS/Submission).
MDA (Mail Delivery Agent) Dovecot Local storage, local delivery (LMTP), and IMAP/POP3 server.
Anti-Spam Filter SpamAssassin Heuristic analysis and content filtering for unwanted emails (SPAM).
Cryptographic Signer OpenDKIM Automatic injection of digital signatures in outgoing emails.
Webmail App Roundcube PHP webmail interface (PHP 8.1 FPM) running under Nginx.
SSL / TLS Certificate Let's Encrypt World-class auto-renewable wildcard SSL certificates.

3. Enterprise-Grade Security

Mandatory SSL/TLS Encryption

All plain-text password and content traffic is blocked. Connections (SMTP, IMAP, POP3, and Webmail) are strictly forced to use TLSv1.2 and TLSv1.3 with high-grade cryptographic cipher suites.

Anti-Spoofing Protection (SPF, DKIM, DMARC)

Comprehensive configuration of SPF (sender authorization), DKIM (2048-bit cryptographic signing), and DMARC to actively prevent phishing and ensure high deliverability to Gmail/Yahoo.

High-Security Credential Encryption

Email account passwords are stored using Dovecot's advanced key derivation algorithms (SHA512-CRYPT), avoiding vulnerable algorithms or plain-text storage.

System Isolation & Permissions

The Webmail process (www-data) has no direct access to user databases or Dovecot system files. Password changes are performed via a dedicated wrapper restricted in sudoers.

4. Boutique Performance & Optimization

Efficient Virtual Storage

Email accounts do not correspond to physical OS users, reducing attack vectors. A virtualized system managed by Dovecot stores data under indexed Maildir structures.

Local LMTP Integration

Email delivery is handled via LMTP, decreasing CPU overhead and executing Sieve filtering rules ultra-efficiently before writing to disk.

SpamAssassin as a Milter

SpamAssassin connects directly to Postfix during transmission via fast UNIX sockets, discarding or flagging spam before it ever writes to disk.

Self-Learning Anti-Spam

When a user clicks "Mark as SPAM" in Roundcube, the server runs background training commands (sa-learn) to automatically adjust filtering rules for the entire domain.

PHP-FPM & Nginx Session Caching

Webmail is optimized for load times under 1 second using PHP 8.1 FPM and efficient internal socket management for databases and local servers.

Want to hand over the technical complexity to us?

We manage the infrastructure, configure active security, and handle the technical details. You focus on selling and scaling your brand.

Questions? Chat with us on WhatsApp