๐Ÿ“ง Your Own Email Server

Stop letting corporations read your mail โ€” own your inbox with Mailcow

โฌคโฌค Intermediate ~3โ€“4 hours โ‚ฌ5โ€“10/month VPS
โš  Prerequisites: This tutorial assumes you are already comfortable with the basics from the self-host a website tutorial โ€” specifically SSH, basic Linux commands, and DNS. If those are new to you, do that tutorial first.
๐Ÿ“‹ Table of Contents
  1. Why run your own email server?
  2. Requirements and warnings
  3. Step 1 โ€” Prepare your VPS
  4. Step 2 โ€” Set up DNS records (critical)
  5. Step 3 โ€” Install Mailcow
  6. Step 4 โ€” Configure your first mailbox
  7. Step 5 โ€” Test your mail setup
  8. Step 6 โ€” Connect with any email client
  9. Step 7 โ€” Maintenance and monitoring
  10. Alternative โ€” Not ready to self-host? Use Proton or Tuta
?
Why run your own email server?

Email is your digital identity. Every service you sign up for uses it. Password resets, bank notifications, contracts โ€” all of it flows through your inbox. And if that inbox lives on Gmail or Outlook, Google and Microsoft can read every word.

When you self-host email on your own domain:

  • No corporation can read your mail โ€” it lives on your server, in your control
  • You own your email address โ€” you@yourdomain.com is yours forever, even if you change providers
  • No vendor lock-in โ€” switch email software anytime without losing your address
  • Complete privacy โ€” no ad targeting, no data harvesting, no scanning
๐Ÿ’ก Intermediate complexity: Email servers involve more DNS configuration than a basic website. It's not difficult, but it does require careful attention to detail โ€” especially the DNS records. Follow each step and you'll be fine.
!
Requirements and Important Warnings

You will need:

  • A VPS with at least 2 vCPU and 4GB RAM (Mailcow is more resource-heavy than a static site โ€” Hetzner CX22 or equivalent)
  • A dedicated domain name or subdomain for mail (e.g. mail.yourdomain.com)
  • Port 25 (SMTP) unblocked by your VPS provider โ€” ask them if you're unsure. Many block it by default to prevent spam; you need it for email delivery.
โš  Port 25 Warning: Many VPS providers block outbound port 25 (used for sending email to other mail servers) by default. Before starting this tutorial, contact your VPS provider's support and ask them to unblock outbound port 25. Hetzner does this on request. If they won't unblock it, use a different provider or a SMTP relay service like Brevo (free tier) for sending.
โš  IP Reputation: Fresh VPS IP addresses are sometimes on spam blacklists. Check yours at MXToolbox Blacklist Check before you start. If your IP is blacklisted, contact your VPS provider to get a different IP.
1
Prepare Your VPS

Start with a fresh Debian 12 VPS. If you've done the website tutorial, the basic security hardening (firewall, fail2ban, SSH key) is already done. Additionally open these ports for email:

alice@mail-server:~$
# Open the ports Mailcow needs sudo ufw allow 25/tcp # SMTP (mail delivery between servers) sudo ufw allow 465/tcp # SMTPS (submission with TLS) sudo ufw allow 587/tcp # SMTP submission (for email clients) sudo ufw allow 110/tcp # POP3 (optional) sudo ufw allow 143/tcp # IMAP sudo ufw allow 993/tcp # IMAPS (IMAP with TLS) sudo ufw allow 995/tcp # POP3S (optional) sudo ufw allow 80/tcp # HTTP (for Let's Encrypt challenge) sudo ufw allow 443/tcp # HTTPS (webmail) sudo ufw reload # Install Docker curl -fsSL https://get.docker.com | sh sudo usermod -aG docker alice Log out and back in for the group change to take effect. # Set a proper hostname (replace with your mail subdomain) sudo hostnamectl set-hostname mail.yourdomain.com
๐Ÿ’ก Separate server: It's best practice to run your mail server on a separate VPS from your website. Mail servers are long-running, resource-intensive services that benefit from isolation.
2
Set Up DNS Records (Critical โ€” Read Carefully)

Email DNS configuration is the most important and most often misconfigured part of running a mail server. Get this right and deliverability will be good. Get it wrong and your email goes to spam โ€” or doesn't arrive at all.

In your domain registrar's DNS panel, add these records. Replace yourdomain.com with your domain and MAIL_SERVER_IP with your VPS IP address:

TypeName / HostValueWhy
AmailMAIL_SERVER_IPPoints mail.yourdomain.com to your server
MX@mail.yourdomain.com (priority 10)Tells the internet where to send email for @yourdomain.com
TXT@v=spf1 mx ~allSPF โ€” authorises your mail server to send on behalf of your domain
TXT_dmarcv=DMARC1; p=quarantine; rua=mailto:postmaster@yourdomain.comDMARC โ€” tells receivers what to do with email that fails SPF/DKIM
PTR(Reverse DNS)mail.yourdomain.comReverse DNS โ€” set in your VPS provider's control panel, not your registrar
๐Ÿ’ก DKIM: Mailcow generates the DKIM key for you during setup. After installation, you will copy a TXT record value from the Mailcow admin panel and add it to your DNS. We cover this in Step 4.
โš  Reverse DNS (PTR record): This is set in your VPS provider's control panel, not your domain registrar. Look for "Reverse DNS" or "PTR" settings in your Hetzner/OVH dashboard. Set it to mail.yourdomain.com. Without this, many mail servers will reject your email as spam.

Wait for DNS to propagate (5โ€“30 minutes) before proceeding. Verify with:

your-computer:~$
dig MX yourdomain.com +short 10 mail.yourdomain.com. dig A mail.yourdomain.com +short MAIL_SERVER_IP
3
Install Mailcow

Mailcow is a complete email server suite โ€” it handles SMTP, IMAP, spam filtering, webmail (SOGo), and provides a clean admin interface. It runs entirely in Docker containers.

alice@mail-server:~$
# Clone Mailcow cd /opt && sudo git clone https://github.com/mailcow/mailcow-dockerized.git sudo chown -R alice:alice /opt/mailcow-dockerized cd /opt/mailcow-dockerized # Run the configuration script ./generate_config.sh Mail server hostname (FQDN): mail.yourdomain.com Timezone: Europe/Luxembourg โœ“ mailcow.conf generated # Start Mailcow (first start takes a while โ€” it downloads all containers) docker compose pull docker compose up -d ... (downloads containers, takes 5โ€“10 minutes) ... โœ“ All containers started # Verify all containers are running docker compose ps NAME STATUS mailcow-rspamd-mailcow-1 running mailcow-dovecot-mailcow-1 running mailcow-postfix-mailcow-1 running mailcow-nginx-mailcow-1 running mailcow-mysql-mailcow-1 running ... (all should show "running")

Mailcow's web admin panel is now accessible at https://mail.yourdomain.com (once DNS resolves). The default credentials are:

Mailcow Admin Panel โ€” Default Credentials
Username: admin Password: moohoo โš  CHANGE THESE IMMEDIATELY after first login!
4
Configure Your First Mailbox and DKIM

Log into the Mailcow admin panel at https://mail.yourdomain.com. Here's what to do first:

  1. Change admin password: Go to Access โ†’ Edit admin credentials
  2. Add your domain: Configuration โ†’ Mail Setup โ†’ Domains โ†’ Add domain โ†’ enter yourdomain.com
  3. Get your DKIM record: Configuration โ†’ Mail Setup โ†’ Domains โ†’ click your domain โ†’ DKIM. Copy the TXT record value shown.
  4. Add DKIM to DNS: In your domain registrar, add this TXT record:
TypeName / HostValue
TXTdkim._domainkey(the long key value from Mailcow โ€” starts with v=DKIM1; k=rsa; p=)
  1. Create your mailbox: Configuration โ†’ Mail Setup โ†’ Mailboxes โ†’ Add mailbox
Mailbox configuration
Username: you (becomes you@yourdomain.com) Domain: yourdomain.com Password: [use a strong, unique password] Quota: 5120 MB (5GB โ€” adjust to your disk space) โ†’ Mailbox created: you@yourdomain.com
๐Ÿ’ก Aliases: Create aliases like admin@yourdomain.com, webmaster@yourdomain.com, and postmaster@yourdomain.com in the Aliases section. Postmaster especially is expected by mail standards.
5
Test Your Mail Setup

Before declaring victory, test everything. A mail server that silently drops email is worse than no mail server.

your-computer:~$
# Check your DNS configuration is complete dig MX yourdomain.com +short 10 mail.yourdomain.com. dig TXT yourdomain.com +short "v=spf1 mx ~all" dig TXT dkim._domainkey.yourdomain.com +short "v=DKIM1; k=rsa; p=MIIBIjANBgkq..."

Run a full diagnostic: Visit MXToolbox SuperTool and enter your domain. It will check MX, SPF, DKIM, DMARC, and blacklists in one go.

Test sending: Visit mail-tester.com โ€” it gives you a temporary address to send a test email to and then scores your setup out of 10. Aim for 9โ€“10/10 before calling it done.

Send a test email from Mailcow webmail: Open https://mail.yourdomain.com in a browser, log in with your new mailbox credentials, and send an email to a Gmail or Proton address you control. Check that it arrives and isn't in spam.

๐Ÿ’ก If email lands in spam: Check your PTR record (reverse DNS) is set correctly in your VPS control panel. This is the most common cause of deliverability problems.
6
Connect with Any Email Client

Mailcow is fully compatible with any standard email client (Thunderbird, Apple Mail, K-9 Mail on Android, etc.). Use these settings:

Email Client Settings
โ”€โ”€ Incoming mail (IMAP) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ Server: mail.yourdomain.com Port: 993 Security: SSL/TLS Username: you@yourdomain.com โ”€โ”€ Outgoing mail (SMTP) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ Server: mail.yourdomain.com Port: 587 Security: STARTTLS Username: you@yourdomain.com

Recommended open source email clients:

  • Thunderbird (Desktop โ€” Windows/Linux/macOS) โ€” mature, full-featured, open source
  • K-9 Mail (Android) โ€” open source, Thunderbird's mobile sibling
  • Mimestream (macOS) โ€” fast native client
  • SOGo Webmail โ€” already built into Mailcow, accessible from your browser
7
Maintenance and Monitoring

A mail server is a long-running service. These maintenance tasks keep it healthy:

alice@mail-server:~$
# Update Mailcow containers (run monthly) cd /opt/mailcow-dockerized ./update.sh # Check logs for errors docker compose logs --tail=50 postfix-mailcow docker compose logs --tail=50 dovecot-mailcow # Check disk usage (mail storage can grow quickly) df -h du -sh /opt/mailcow-dockerized/volumes/ # Backup Mailcow data (critical โ€” do this regularly) sudo bash /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
โš  Monitor your blacklist status monthly. Visit MXToolbox Blacklist Check. If your IP gets listed (usually because someone else on your VPS's subnet was a spammer), contact your provider for a new IP and submit a delisting request.
๐Ÿ’ก Automatic updates: Set up unattended-upgrades for security patches: sudo apt install unattended-upgrades -y. Your OS stays patched even when you're not watching.
โ†’
Not Ready Yet? Use Proton Mail or Tuta First

Running your own email server is genuinely more complex than a basic website. If you're not comfortable yet, that's completely fine. The right first step is a privacy-first hosted provider โ€” you still ditch Gmail and get end-to-end encryption, without the operational overhead.

  • Proton Mail โ€” Swiss-based, zero-access encryption, supports custom domains on paid plans. The best Gmail alternative for most people.
  • Tuta (Tutanota) โ€” German, fully open source, encrypts even subject lines. Excellent privacy track record.

You can bring your own domain (you@yourdomain.com) on both platforms' paid plans, so switching to self-hosting later doesn't require changing your email address.

โ†’ Full comparison: Private Messaging & Email Providers Guide

๐ŸŽ‰ Your Inbox Is Sovereign โ€” What's Next?

โ†’ Secure your messaging: Signal, Matrix, SimpleX โ† Back: Self-host your own website โ†’ Mailcow official documentation โ†’ r/selfhosted โ€” community support โ†’ More services to self-host