Is Self-hosting mail servers recommended?

[steley]

Hi,

What should I do, if I wanna self-host a server?

[cyberanchor]

Is self-hosting a mail server recommended?

If you want a practical, modern, “works out of the box” self-hosted setup, Mailcow (Dockerized) is a solid choice.

---

Self-hosted mail server (Debian/Ubuntu) — step-by-step

0) What you need (before you start)

• A VPS with a clean IP (preferably with rDNS/PTR support).
• A domain you control (example: email.xyz).
• A DNS provider (example: Cloudflare).
• Time to maintain it (updates, monitoring, backups).

Important: Many providers block port 25 by default. Choose a VPS/provider where outbound SMTP (25) is allowed or can be unblocked.

---

1) Buy a VPS

Minimum practical:

• 2 vCPU / 2–4 GB RAM / 20+ GB SSD
• Debian 12 or Ubuntu 22.04/24.04
• Public IPv4 (IPv6 recommended)

Record:

• Server IP: 203.0.113.10
• Hostname: mail.email.xyz

---

2) Buy a domain

Example domain: email.xyz

You will use:

• Mail host: mail.email.xyz
• Sender addresses: you@email.xyz

---

3) DNS: move nameservers to Cloudflare

1. Add email.xyz to Cloudflare.
2. Change the domain registrar’s nameservers to Cloudflare’s NS (given in Cloudflare panel).
3. Wait until status is “Active”.

---

4) Set PTR / rDNS (critical)

In your VPS provider panel, set PTR (Reverse DNS) for your server IP:

• 203.0.113.10 → mail.email.xyz

Also ensure forward DNS matches:

• mail.email.xyz → 203.0.113.10

---

5) Cloudflare DNS records to create (mail-related)

In Cloudflare → DNS create:

A / AAAA (mail host)

• A: mail → 203.0.113.10 (DNS only, not proxied)
• AAAA (optional): mail → IPv6 (DNS only)

MX (mail exchanger)

• MX: email.xyz → mail.email.xyz priority 10

SPF (basic)

• TXT: email.xyz
  Value:

v=spf1 mx -all

DKIM (Mailcow will generate this; you add it later)

• TXT: dkim._domainkey → (value from Mailcow UI)

DMARC (start with monitoring, then tighten)

• TXT: _dmarc
  Value:

v=DMARC1; p=none; rua=mailto:dmarc@email.xyz; adkim=s; aspf=s

Autodiscover / Autoconfig (optional convenience)

• CNAME: autodiscover → mail.email.xyz (DNS only)
• CNAME: autoconfig → mail.email.xyz (DNS only)

Cloudflare must be “DNS only” for mail records. Do NOT proxy SMTP/IMAP.

---

6) Prepare the server (Debian/Ubuntu)

Update system

sudo apt update && sudo apt -y upgrade
sudo reboot

Set hostname

sudo hostnamectl set-hostname mail.email.xyz

Install dependencies

sudo apt update
sudo apt -y install \
  ca-certificates curl gnupg lsb-release ufw git

---

7) Install Docker + Docker Compose (plugin)

Docker repo + install

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg \
  | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
  https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
  $(lsb_release -cs) stable" \
  | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update
sudo apt -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Enable Docker

sudo systemctl enable --now docker

(Optional) run docker without sudo:

sudo usermod -aG docker "$USER"
newgrp docker

---

8) Firewall (UFW)

Open only what you need:

sudo ufw default deny incoming
sudo ufw default allow outgoing

sudo ufw allow OpenSSH

# SMTP
sudo ufw allow 25/tcp
sudo ufw allow 465/tcp
sudo ufw allow 587/tcp

# IMAP
sudo ufw allow 143/tcp
sudo ufw allow 993/tcp

# HTTP/HTTPS for webmail/admin + ACME
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

sudo ufw enable
sudo ufw status

---

9) Install Mailcow (Dockerized)

Clone Mailcow

cd ~
git clone https://github.com/mailcow/mailcow-dockerized.git
cd mailcow-dockerized

Generate config

./generate_config.sh

When prompted:

• Mail server hostname: mail.email.xyz

Start Mailcow

sudo docker compose pull
sudo docker compose up -d

Check status:

sudo docker compose ps

---

10) Initial Mailcow setup

Access web UI

Open in browser:

• https://mail.email.xyz

(If TLS is not ready yet, give it a minute and ensure ports 80/443 are reachable.)

Login / admin

Mailcow provides initial credentials in setup docs/UI.
Immediately:

• change admin password
• create your first mailbox: you@email.xyz

---

11) Add DKIM + verify DNS

In Mailcow UI:

• Go to Configuration → ARC/DKIM keys
• Enable DKIM for email.xyz
• Copy the DKIM TXT record value

Then in Cloudflare DNS add:

• TXT: dkim._domainkey → (Mailcow-provided DKIM value)

---

12) Verify everything (deliverability basics checklist)

DNS should be consistent

• A mail.email.xyz -> your IP
• PTR your IP -> mail.email.xyz
• MX email.xyz -> mail.email.xyz

SPF/DKIM/DMARC present

• SPF at root email.xyz
• DKIM at dkim._domainkey.email.xyz
• DMARC at _dmarc.email.xyz

---

Practical notes (important)

Provider restrictions

• If outbound port 25 is blocked, mail delivery will fail.
• If your IP has bad reputation, you’ll land in spam.
• Prefer providers that support rDNS/PTR.

Backups

At minimum back up:

• Mailcow volumes (/var/lib/docker/volumes/...)
• Mailcow config directory

Updates

Mail servers must be patched frequently.
Mailcow provides an update mechanism (check their docs), but you still need to:

• update OS
• monitor disks/RAM
• watch logs / blocked IPs

---

If you want “simpler than Mailcow”

Mailcow is “simple for a full stack”, but still heavy.
If you want ultra-minimal:

• SMTP relay + mailbox elsewhere (best deliverability)
• or use a managed provider (Proton/Tuta/others)

---

Summary (fast path)

1. Buy VPS with SMTP allowed + rDNS
2. Buy domain
3. Cloudflare DNS (A/MX/SPF/DMARC + later DKIM)
4. Set PTR -> mail.email.xyz
5. Install Docker
6. Install Mailcow
7. Add DKIM record
8. Test send/receive