Self-Hosted Email Server Maintenance Checklist

The Maintenance Schedule

Daily (Automated — 0 minutes)

Set up automated monitoring to handle daily checks:

• Server reachable: UptimeRobot or similar (free) monitors port 25/587/443
• Sending working: Automated test email (n8n cron → send test → verify delivery)
• No critical errors: Monitor log output for ERROR/CRITICAL level events
• Disk space: Alert at 80% usage (df alerts via cron)

All of these should be automated with alerting. You only act when something alerts. See our infrastructure monitoring guide for alert thresholds.

Weekly (15 minutes)

• Blacklist check: HetrixTools dashboard (automated alerts) or MXToolbox manual check
• TLS certificate validity: Verify Let's Encrypt auto-renewal is working (certbot status)
• Disk space review: Check mailbox sizes, log sizes, database sizes
• Queue check: Verify no stuck messages in the mail queue
• Review delivered/bounced ratio: Check Postal dashboard or mail logs for anomalies

Monthly (1-2 hours)

• Software updates:
  • Mailcow: cd /opt/mailcow-dockerized && ./update.sh
  • Postal: docker compose pull && docker compose up -d
  • Postfix: apt update && apt upgrade
  • OS security patches: unattended-upgrades or manual
• Reputation review: Check Google Postmaster Tools for domain reputation trend
• Backup verification: Restore a backup to a test environment to verify it works
• Log rotation: Verify logs aren't growing unbounded (logrotate config)
• DNS audit: Spot-check SPF, DKIM, DMARC records are still correct
• Resource usage: Check CPU, RAM, disk trends. Plan upgrades if approaching limits.

Quarterly (2-3 hours)

• Full authentication audit: Verify all DNS records are correct and passing
• DKIM key rotation: Rotate DKIM keys (generate new, publish new DNS, activate)
• Capacity planning: Project volume growth, plan VPS upgrades if needed
• Security audit: Review SSH access, user accounts, firewall rules
• Spam filter tuning: Review Rspamd scores (Mailcow), adjust thresholds if needed
• Backup retention review: Verify backup schedule and retention policy

Monitoring Stack

Free Monitoring Setup

UptimeRobot (free)
├── Monitor port 25 (SMTP) — 5-minute checks
├── Monitor port 443 (HTTPS/admin) — 5-minute checks
└── Alert via email/Slack when down

HetrixTools (free tier)
├── Blacklist monitoring — 32 IPs against 60+ lists
└── Instant email alerts on listing

n8n (self-hosted, same VPS)
├── Daily test email → verify delivery
├── Weekly Postmaster Tools check
└── Monthly disk space and queue report

Total cost: $0 (everything on free tiers or self-hosted).

Mailcow-Specific Maintenance

Updates

cd /opt/mailcow-dockerized
./update.sh

Runs automatically: pulls new container images, applies updates, restarts services. Review release notes before updating.

Backup

cd /opt/mailcow-dockerized
./helper-scripts/backup_and_restore.sh backup

Schedule via cron: 0 2 * * * /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup

Logs

Mailcow logs accessible via:

• Admin panel → Logs
• Docker: docker compose logs -f postfix-mailcow
• Host: /var/log/mail.log (if symlinked)

Health Check

Admin panel → System → System Health shows container status, queue size, and resource usage.

Postal-Specific Maintenance

Updates

cd /opt/postal
docker compose pull
docker compose up -d

Monitoring

Postal's web dashboard shows delivery status, bounce rates, and queue health. Check weekly.

Message Retention

Configure message retention policy to prevent database bloat. Default: keeps all messages. Set to 30-90 days for manageable disk usage.

When to Escalate

Contact your VPS provider if:

• IP address is blacklisted and you didn't cause it (previous tenant issue)
• Port 25 is blocked (provider-level firewall change)
• VPS performance degradation not explained by your usage

Consider managed service if:

• You're spending 5+ hours/month on maintenance
• Incidents are frequent and stressful
• Your business has grown and email is mission-critical
• You don't have someone technical who can handle 2am server issues

The Honest Assessment

Self-hosted email server maintenance is manageable with:

• 1-2 hours/month for routine tasks
• Automated monitoring for daily checks
• A plan for incident response

It becomes unmanageable when:

• Nobody monitors the server regularly
• Updates are skipped for months
• Backups aren't tested
• There's no escalation plan for after-hours issues

Practitioner note: The most common maintenance failure: skipping updates for 6+ months. An unpatched Postfix or Dovecot vulnerability gets exploited, the server sends thousands of spam messages, the IP is blacklisted, and the reputation damage takes weeks to recover. Set a monthly calendar reminder. Update your server.

Practitioner note: The cheapest insurance for self-hosted email: a fallback SMTP provider (Mailgun or SendGrid on pay-per-email). If your server goes down, your application can failover to the backup provider. Cost when not in use: $0. Cost of a critical email outage: potentially thousands in lost business.

If you want self-hosted email set up with proper monitoring and maintenance automation, schedule a consultation.

Sources

• Mailcow: Update Documentation
• Postal: Documentation

---

v1.0 · March 2026