Mailcow: Setting up a full featured self hosted mail server
Setting up a full featured mail server is an actual **PAIN** for a system admin, you have to interconnect many software pieces and a lot of testing espacially security and spam if you plan to use it for your company … In this Post i will take you in my journey of setting up a full featured mail server, i was searching a lot on the internet and i didn’t get a sweetable answer to move on .. but finally i successfully made it ! .. It works with multiple domains, secure and no spam problems !
For the reader
I assume you have knowledge about how email works, Mail DNS records, linux, docker and SSL of course. This guide is not for beginners.
If you dont have enough knowledge, take a seat and take a look here :
Mailcow
Mailcow is a free, open source software project. A Mailcow server is a collection of Docker containers running different mail server applications, SOGo, Postfix, Dovecot etc. Mailcow provides a modern and easy to use web interface to create and manage email accounts. You can visit the official documentation
I ill not make a comparison about different opensource self hosted mail servers, rather then that i will give you a great repo that includes owesome softwares marked as self hosted, you can check the Email section come here
If you want some thoughts about mailcow from real users check this reddit discussions : come here and here
Server Requirements
The recommended OS to run mailcow is `ubuntu 18.04`, also don’t use cento7 packages on cento8 because the maintainers said :
Do not use CentOS 8 with Centos 7 Docker packages. You may create an open relay.
For the resources i bought a VPS from OVH cloud provider with :
2 VCPU
4 GB of RAM
80 GB storage
Docker installed :
curl -sSL https://get.docker.com/ | CHANNEL=stable sh
systemctl enable docker.service
systemctl start docker.service`Docker-compose installed :
curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-composeIf you have a firewall, you should allow those ports :
netstat -tulpn | grep -E -w ‘25|80|110|143|443|465|587|993|995|4190’Note : you must have a clean server means no other applications or a reverse proxy becaue mailcow has every thing in place.
Okay now every thing is good ! but there is another thing to verify which is our IP !!! we have to test it if it is blacklisted, if yes it’s a huge problem … we can’t proceed anymore because your mails will not be delivered, it’s all about your host reputation!.
We can check it with an online service called mxtoolbox by visiting this url mxtoolbox.
Basic DNS configuration
Before we proceed we have to get a domain name from any provider, i got one from OVH , and i delegated to AZURE DNS SERVICE, it dosen’t matter actually, we will have the same configuration in any provider.
I pretend that i have :
Root Domain name : mymailserver.com
Server IP address : 1.2.3.4
Let’s get started !
Create an A record
In your provider DNS pannel add an `A` record like this
Name : mail
Type : A
TTL : default
Value : 1.2.3.4
You can confirm with the dig command :
dig mail.mymailserver.com +noall +answerCreate the CNAME records
In your provider DNS pannel add a CNAME record for the autoconfig like this
Name : autoconfig
Type : CNAME
TTL : default
Alias : mail.mymailserver.com
Test it with :
dig autoconfig.mymailserver.com +noall +answerAdd another CNAMErecord for the autodiscoverlike this :
Name : autodiscover
Type : CNAME
TTL : default
Alias : mail.mymailserver.com
Test it with :
dig autodiscover.mymailserver.com +noall +answerCreate the an MX record
In your root domain add an MX domain to point to your mail server domain :
Name : @/empty
Type : MX
TTL : default
Prefenerence/periorty : 10 or 0
Mail Exchange : mail.mymailserver.com
rDNS configuration
Get more information about rDNS here
You can configure your rDNS on the provider of your `server` and change the generated `domain name` to your mail domain `mail.mymailserver.com`
and test it with `dig -x 1.2.3.4 +noall +answer`, should get `mail.mymailserver.com` as responce.
# Security DNS Records
Authenticate your mail server and protect it from Fake identities and Domain spoofing attacks we have to setup those records
SPF record
In your root domain add a `TXT` record like this :
Name : @/empty
Type : TXT
TTL : default
value : v=spf1 ip4:1.2.3.4 -all
Test it with `
dig mymailserver.com TXT DKIM record
Setting up the dkim record needs a public key to be inserted in the record here but we can’t now because we have to install mailcow and get the public key given by our mail server, we will leave it empty for now.
Name : dkim._domainkey
Type : TXT
TTL : default
value : v=DKIM1;k=rsa;t=s;s=email;p=<private-key>
DMARC record
The best thing you can do for dmarc is to make a free account on dmarcian, it will give you a record like this :
v=DMARC1; p=reject; rua=mailto:<dmarc email1>; ruf=<dmarc email2>Just add it to your domain DNS pannel like this :
Name : _dmarc
TTL : default
value : v=DMARC1; p=reject; rua=mailto: dmarc email1 ; ruf=dmarc email2
Test is with :
dig _dmarc.mymailserver.com TXTThat’s it for the DNS configurations, all records are in place execpt the dkim value we ill add it later
Install mailcow
You need `git` installed to clone the repo in your server :
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerizedYour in the repo now, so run the script ./generate_config.sh
to generate your config, for the hostname add mail.mymailserver.com, it will request a certificate from Let's Encryptautomatically.
To run your mail server just use this command :
docker-compose pull
docker-compose up -d You need to wait some time to download all the containers, run them and provision a SSL certificate.
The default credentials to access are admin & moohoo (you must change it with your own)
Verify that all containers are healthy with the green iconlike this :
Well done ! Let’s proceed to add domains and mailboxes
Configure Mailcow
Our mail server is working now but there is neither domains or mailboxs configured. in this section we will go step by step .. let’s GO !
Add your domain
Login to your mailcow admin panel :
Select `configuration` on the top bar then select `mail setup`
Click on `add domain` then add your root domain `mymailserver.com` and click on `Add domain and restart SoGo`
Select `configuration` again then click on `configuration & details`
In the hosizontal menu click `configuration` and click on `ARC/DKIM keys`
Scroll to bottom and fill the `domain/s` form with your domain `mymailserver.com`
On the selector type `dkim`
Select `2048` on the `DKIM key length` and click `add`
Copy the generated public key that starts with `v=DKIM1;k=rsa;t=s;s=email;p= …`
Go to your DNS pannel and modify the `TXT` record with the generated value
Wait until your DNS modification propagate
You can validate your configuration for `SPF`, `DKIM` and `DMARC` with this site, you should get result like this (don’t forget to put `dkim` as a selector` :
Create a Mailbox for mymailserver.com
By default mailcow give `10GB` of storage to every domain and every mailbox under that domain has `3GB` of storage .. so feel free to modify them to your needs,
To create a mailbox folow those steps :
Under `configuration` on the to bar click `mail setup` and select mailboxes`
Click `add mailbox`
Choose a `username` , your domain (it will be loaded automatically) and then add a password and click `add`
On the top bar click `apps` and then `webmail`, you will be redirected to the `SoGo` UI , login wiyh your newly created mail and password
On the bottom click on the green icon, you will get an interface of sending a mail
In your browser open another tab and go to this site : mail-tester.com and copy the mail address.
Return to your `SoGo` interface and send a mail with that mail, on the body make sure to add some text with a least two paragraphs.
Wait 10 seconds and go the mail-tester.com and click on `then check your score`
And BOOM you should get this result You Can Send :
Feel free to send a mail to your friends and your own Gmail address, don’t worry Gmail still don’t know your mail server, so he will placed as spam, just `unspam` it !, try to send it to zoho mail for example. The test again with other tools i suggest to use :
Mxtoolbox SuperTool and select test mail server
Dkimvalidator and send an email to the given address, make sure that all tests are oassed like the dmarcian.com tests.
Add another domain to mailcow
I assume we have a second domain : myseconddomain.com. I will not repeat the same steps it’s quite easy so let’s go :
Create A record : `mail.myseconddomain.com` that points to your Host `1.2.3.4`
Create a CNAME record : `autoconfig` that points to `mail.myseconddomain.com`
Create a CNAME record : `autodiscover` that points to `mail.myseconddomain.com`
Create an MX record: on the root domain add `10` as periority and `mail.myseconddomain.com` as target
Create SPF record like we did earlier
Create DMARC record as we did earlier
Create DKIM record and in the same time add your new domain as we did earlier and copy the generated `DKIM key` to your `DKIM` record.
Validate your records
Add a mailbox under your new domain and send an email to mail-tester.com and dkimvalidator.com, you should get 10/10 sweetheart :)
Final thoughts
Don’t send a lot of mails directly you will be blocked ! … so start step by step by sending 20 mails per day for the first week then try sending 80 the next week … after 2 months you can send a lot of mails like 1000 mails, but take in mind that you need to add the `list unsubscribe headers` to your postfix to allow users to unsubscribe against your newsletters/subscriptions.
Last updated
Was this helpful?