I have been trying to host all my own services, from email to web servers, also Asterisk and lots of other examples, as written on my personal blog I also see some good points about hosting your own email server. If you want to host your own email server, Mailcow is one of the best options available today. It runs entirely on Docker, it gives you SMTP, IMAP, webmail, anti-spam, anti-virus, and a clean web admin panel, all in one.
Requirements
Before you start, you need:
- A VPS running Ubuntu 22.04 LTS or Debian 12
- At least 4 GB of RAM (6 GB is better for production)
- A domain name you control
- Port 25 open on your VPS
That last point is critical. Many cloud providers block outbound port 25 by default. Hetzner opens it after account verification. DigitalOcean and Vultr block it but will unblock it if you request it. AWS and Google Cloud make it very difficult. Check with your provider before you spend time on setup.
Set the hostname
Your server's hostname must match the mail server name you will use. Set it before anything else:
hostnamectl set-hostname mail.yourdomain.com
Then verify /etc/hosts has a line like this:
your.server.ip mail.yourdomain.com
DNS: what to set before installation
You need one record in place before you install Mailcow, because it will request a Let's Encrypt certificate on startup:
- A record:
mail.yourdomain.com→ your server IP
Also add your MX record now:
- MX record:
yourdomain.comMX 10 →mail.yourdomain.com
You will add SPF, DKIM, and DMARC after installation. Do not skip them — without those records, your emails will land in spam.
Install Docker
Mailcow runs on Docker. The fastest way to install it:
curl -fsSL https://get.docker.com | sh
Once installed, make sure the service is running:
systemctl enable docker
systemctl start docker
Install Mailcow
Clone the Mailcow repository and run the configuration script:
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
./generate_config.sh
The script will ask for two things: your mail server hostname (mail.yourdomain.com) and your timezone. Use the standard timezone format, for example America/New_York or Europe/Berlin.
This creates a mailcow.conf file. You can review it, but the defaults are fine for most setups.
Start Mailcow
Pull the Docker images and bring everything up:
docker compose pull
docker compose up -d
This will take a few minutes the first time. Mailcow also handles SSL certificates automatically via Let's Encrypt, so your A record must already be pointing to the server.
To check that everything is running:
docker compose ps
You should see all containers with status Up.
Access the admin panel
Open your browser and go to https://mail.yourdomain.com.
Default credentials are:
- Username:
admin - Password:
moohoo
Change the password immediately.
Add your domain
Go to Configuration → Mail Setup → Domains and add your domain. Mailcow will show you the DNS records you need to configure.
Add a mailbox
Go to Configuration → Mail Setup → Mailboxes and create your first mailbox. You can create as many as you need.
DNS: SPF, DKIM, and DMARC
These three records are what separates email that gets delivered from email that gets marked as spam.
SPF
Add a TXT record for your domain:
v=spf1 mx -all
This tells receiving servers that only your MX server is allowed to send email for your domain.
DKIM
Go to Configuration → Configuration & Details → ARC/DKIM Keys. Select your domain and generate a key. Mailcow will show you the full TXT record to add to DNS. It looks something like this:
v=DKIM1; k=rsa; t=s; s=email; p=MIIBIjANBgkqhk...
Copy it exactly and add it as a TXT record at dkim._domainkey.yourdomain.com.
DMARC
Add a TXT record at _dmarc.yourdomain.com:
v=DMARC1; p=none; rua=mailto:[email protected]
Start with p=none so you can monitor what is happening without rejecting legitimate mail. Once you are confident everything is working, change it to p=quarantine or p=reject.
Reverse DNS (PTR)
This one you cannot set yourself. You need to ask your VPS provider to add a PTR record so that your server IP resolves back to mail.yourdomain.com. Most providers let you do this from the control panel, look for "reverse DNS" in your server settings.
If the PTR record is missing or wrong, many servers will reject your mail outright.
Test
Once DNS has propagated, send a test email using mail-tester.com. It will give you a score and tell you exactly what is misconfigured.
You can also check your DNS setup with MXToolbox.
A perfect score on mail-tester means SPF, DKIM, and DMARC are all set up correctly and your IP has no reputation problems.
Connect your email client
Mailcow supports both IMAP and SMTP. Use these settings in your email client:
Incoming (IMAP):
| Setting | Value | |---------|-------| | Server | mail.yourdomain.com | | Port | 993 | | Encryption | SSL/TLS |
Outgoing (SMTP):
| Setting | Value | |---------|-------| | Server | mail.yourdomain.com | | Port | 587 | | Encryption | STARTTLS |
Mailcow also comes with Roundcube webmail built in, accessible at https://mail.yourdomain.com.
Updates
Keep Mailcow updated. New versions come out regularly and include security patches. To update:
cd /opt/mailcow-dockerized
./update.sh
That is all it takes. Now that we have gone through the process it may be too late to ask yourself if it is worth the hassle. If you run a big business you may be better with a Microsoft solution, if you run a small site/business you may be better with Migadu. But, as sysadmins we have to agree that the fun of running it by yourself is priceless, for anything else you have Mastercard ;).