diff --git a/nodes/rx300.py b/nodes/rx300.py
index f3b2995..0bb601b 100644
--- a/nodes/rx300.py
+++ b/nodes/rx300.py
@@ -8,6 +8,7 @@ nodes['rx300'] = {
     'hostname': '31.47.232.106',
     'bundles': {
         'check-mail-received',
+        #'dovecot',
         'element-web',
         'gitea',
         'jenkins-ci',
@@ -15,7 +16,12 @@ nodes['rx300'] = {
         'miniflux',
         'nodejs',
         'php',
+        #'postfixadmin',
         'postgresql',
+        'redis',
+        # does not yet have packages for bullseye, buster version depends
+        # on libicu63, which does not exist in bullseye (but libicu67)
+        #'rspamd',
         'smartd',
         'travelynx',
         'vmhost',
@@ -231,6 +237,12 @@ nodes['rx300'] = {
                     'ssl': '_.franzi.business',
                     'extras': True,
                 },
+                'postfixadmin': {
+                    'domain': 'postfixadmin.franzi.business',
+                    'ssl': '_.franzi.business',
+                    'webroot': '/opt/postfixadmin/public/',
+                    'php': True,
+                },
                 'unicornsden-redirect': {
                     'domain': 'unicornsden.franzi.business',
                     'ssl': '_.franzi.business',
@@ -275,9 +287,53 @@ nodes['rx300'] = {
                 'xml',
             },
         },
+        'postfix': {
+            'message_size_limit_mb': 50,
+            'mynetworks': {
+                'ovh',
+            },
+        },
+        'postfixadmin': {
+            'version': '3.3.9',
+            'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='),
+        },
         'postgresql': {
             'version': '13',
         },
+        'rspamd': {
+            'ignore_spam_check_for_ips': {
+                # entropia
+                ## hetzner (legacy)
+                '188.40.158.213',
+                '188.40.158.214',
+                '188.40.158.218',
+                '2a01:4f8:221:2f83:2130::2',
+                '2a01:4f8:221:2f83:2140::2',
+                '2a01:4f8:221:2f83:2180::2',
+                # yolocolo
+                '45.140.180.32/27', # Entropia e. V.
+                '45.140.180.112/28', # MicroPOC
+                '2a0e:c5c0:0:201::/64', # Entropia e. V.
+                '2a0e:c5c0:0:307::/64', # MicroPOC
+
+                # ccc
+                '212.12.55.65',
+                '212.12.55.67',
+                '2a00:14b0:4200:3000:23:55:0:65',
+
+                # IN-Berlin mailman
+                '130.133.8.35',
+                '192.109.42.28',
+                '192.109.42.122',
+                '193.29.188.9',
+                '217.197.80.23',
+                '217.197.80.134',
+                '2001:bf0:c000:a::2:134',
+            },
+            # TODO change this
+            'password': bwpass.password('rspamd.mx0.kunbox.net'),
+            'dkim': 'uO4aNejDvVdw8BKne3KJIqAvCQMJ0416',
+        },
         'smartd': {
             'disks': {
                 '/dev/nvme0',