How to Install Your Own Email Server (Honest Edition)

I get asked to spin up self-hosted mail servers regularly. The technical install is the easy part — modern stacks like Mailcow and Mail-in-a-Box have it down to a few hours. The hard part is running the server in a way that maintains deliverability over months and years. This guide is the honest version of what's involved.

If you're considering self-hosting for cost savings, do the math first: managed transactional services like Postmark or Amazon SES are $0.20-$1 per thousand messages. Unless you're sending millions per month, your time will cost more than the SaaS bill.

If you're self-hosting for control, privacy, or specific use cases (gateway, archival, internal-only), the calculus is different.

Three install paths

Approach	Best for	Time to install	Maintenance
Mailcow	Most users, Docker comfort	2-4 hours	Low (containers update cleanly)
Mail-in-a-Box	Single Ubuntu server, simplest	1-2 hours	Medium
Postfix + Dovecot manual	Full control, custom integration	4-8 hours	High

I recommend Mailcow for most self-hosting cases. It bundles Postfix, Dovecot, Rspamd, SOGo, ACME (Let's Encrypt), and a clean admin UI. The Docker model isolates components and makes upgrades predictable.

See Mailcow setup guide for the full Mailcow installation.

Prerequisites for any path

Before installing anything, line up:

1. A Linux VPS with a static IPv4 (and ideally IPv6). Reputable providers: Hetzner, OVH, DigitalOcean, Vultr, Scaleway. Avoid AWS EC2, Google Cloud, and Azure for sending — their IP reputation is often poor.
2. Reverse DNS (PTR) capability. Your VPS provider must let you set the PTR record to your mail hostname. Verify this before signing up.
3. A domain name with control over DNS. You'll publish A, AAAA, MX, SPF, DKIM, DMARC, and possibly MTA-STS records.
4. Outbound port 25 unblocked. Many cloud providers (AWS especially) block outbound 25 by default. Confirm in the provider's policy or by testing nc -zv smtp.gmail.com 25 from the host.
5. Time for warmup. Even with everything configured correctly, a fresh IP and domain start with neutral reputation. Plan 2 to 4 weeks of careful sending before high volume.

The best VPS for email server comparison goes into more detail on hosting choices.

Install with Mailcow (recommended path)

Mailcow runs as a Docker Compose stack. Prerequisites: Ubuntu 22.04 or Debian 12, Docker, Docker Compose.

High-level steps:

# Install Docker
curl -sSL https://get.docker.com/ | sh

# Clone Mailcow
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized

# Generate config (set your mail hostname)
./generate_config.sh

# Pull and start
docker compose pull
docker compose up -d

Then access the admin UI at https://mail.yourdomain.com/admin and configure:

• Add your domain
• Create user mailboxes
• Generate DKIM keys
• Note the public DKIM record to publish in DNS

Add DNS records (A, MX, SPF, DKIM, DMARC, optionally MTA-STS). See DNS records for email for the full reference.

Install with Mail-in-a-Box

Mail-in-a-Box is opinionated and only supports a single fresh Ubuntu 22.04 VPS. It's the simplest path for someone who wants a single-mailbox setup with no Docker experience.

curl -s https://mailinabox.email/setup.sh | sudo -E bash

Follow the interactive prompts. The installer handles Postfix, Dovecot, OpenDKIM, Z-Push (ActiveSync), Roundcube, Nextcloud, and DNS for you if you delegate.

Tradeoff: less flexibility, fewer integrations. Best for personal or family mail, not business sending.

Install manually with Postfix + Dovecot

For full control, install Postfix (SMTP) and Dovecot (IMAP) directly:

sudo apt update
sudo apt install postfix dovecot-core dovecot-imapd dovecot-pop3d opendkim opendkim-tools

Configure /etc/postfix/main.cf for hostname, network, TLS, SASL, and DKIM milter integration. Configure Dovecot for mailbox storage, authentication, and TLS. Set up OpenDKIM for signing.

This is significantly more involved. See Postfix Dovecot setup guide for the canonical step-by-step.

Practitioner note: If you're new to self-hosted mail, do not start with the manual Postfix install. Use Mailcow or Mail-in-a-Box for your first server. You'll learn the configuration vocabulary faster from a working setup than from trying to assemble one from scratch.

DNS configuration

Regardless of install path, you need:

mail.example.com.       A      203.0.113.10
mail.example.com.       AAAA   2001:db8::10
example.com.            MX  10 mail.example.com.
example.com.            TXT    "v=spf1 mx ~all"
mailcow._domainkey.example.com.  TXT  "v=DKIM1; k=rsa; p=..."
_dmarc.example.com.     TXT    "v=DMARC1; p=none; rua=mailto:[email protected];"

And reverse DNS (set at your VPS provider, not your DNS host):

10.113.0.203.in-addr.arpa.  PTR  mail.example.com.

Reverse DNS that doesn't match your forward hostname is one of the top reasons self-hosted mail gets filtered to spam. Verify with:

dig -x 203.0.113.10

The result should be mail.example.com..

TLS certificates

Use Let's Encrypt for free certs:

• Mailcow handles this automatically via ACME
• Mail-in-a-Box handles this automatically
• Manual installs: install certbot and run it for your mail hostname

Configure both Postfix (for SMTP TLS) and Dovecot (for IMAP TLS) to use the certificate. Auto-renewal must work — expired TLS certs break mail flow silently for some configurations.

Reputation warmup

Fresh IPs have no reputation. Mailbox providers treat them with suspicion until they see consistent, low-complaint sending.

For a new server:

Week	Daily volume (Gmail)	Daily volume (Microsoft)
1	25-50	25-50
2	100-250	100-250
3	500-1,000	500-1,000
4	1,500-3,000	1,500-3,000
5-8	Continue doubling cautiously	Continue doubling cautiously

Send to engaged recipients only during warmup. Any high complaint rate during warmup permanently damages the new IP's reputation curve.

Practitioner note: Don't warm up by sending to your team's mailboxes — that signal is too clean and doesn't reflect real recipient behavior. Use a mix of your warmest existing list (high open rate, low complaint) and gradually expand from there.

What goes wrong with self-hosted mail

The failure modes I see most:

• IP arrived pre-blocklisted. Some cloud IP ranges are on Spamhaus by default. Check before committing.
• Reverse DNS not configured. Mail rejected by Gmail and Microsoft for missing or mismatched PTR.
• DKIM not signing. OpenDKIM misconfiguration causes mail to ship unsigned, fails DMARC alignment.
• Outbound port 25 blocked. Cloud provider didn't allow port 25, server can never deliver to MX.
• No retries on temporary failures. Default Postfix retries work; misconfigurations can break them.
• Lack of monitoring. Sender is unaware of blocklist hits, complaint rate spikes, or queue buildup.

See self-hosted email goes to spam for the deliverability troubleshooting tree specific to self-hosted setups.

When NOT to self-host

Self-hosting is the wrong answer if:

• You're sending more than 100K messages/month and don't have dedicated ops time
• You need 99.99% uptime and aren't running redundant infrastructure
• You're sending marketing/promotional content (reputation work compounds the difficulty)
• You're doing cold outreach (the warmup work is significant and ongoing)
• Cost savings is your only motivation (managed services are cheap at most scales)

Self-hosting works well for:

• Internal company mail (low volume, controlled list)
• Personal/family mail (handful of mailboxes)
• Specific compliance requirements (data residency, custom retention)
• Custom routing or integration that managed services don't support

If you're evaluating whether to self-host or want help installing and warming up a server correctly, book a consultation. I install and tune self-hosted mail stacks for clients regularly and can save you the learning-curve weeks.

Sources

• Postfix Documentation
• Dovecot Documentation
• Mailcow Documentation
• Mail-in-a-Box Documentation
• M3AAWG Sender Best Common Practices v3
• Google — Sender Guidelines for Bulk Senders

---

v1.0 · May 2026