Setting up a mail server: what you need to know

A realistic look at self-hosting email — what it takes to run Postfix, Dovecot, and keep mail out of the spam folder. Includes managed alternatives.

Self-hosting email is often described as either “trivially easy with this Docker image” or “never do it.” Both are wrong. Running your own mail server is genuinely harder than most web services — not because the software is difficult, but because email delivery depends on a reputation system you have to earn from scratch. This guide covers what it actually takes to run a mail server that delivers to inboxes, not spam folders.

Why self-host email?

The honest reasons:

Privacy and control over your data
Unlimited addresses and domains without per-user fees
Cost savings at scale (Google Workspace is $6/user/month)
Learning how email infrastructure works

The wrong reasons:

“I want to save $5/month on email for one domain”
“The Docker Compose file said it was easy”

If you have a single domain with 1-3 addresses, use Migadu ($19/year) or MXroute ($45/year). The time you spend maintaining a mail server is worth more than the subscription.

The three components of a mail server

1. MTA (Mail Transfer Agent) — Postfix

Postfix receives and sends email via SMTP. It handles:

Accepting incoming mail on port 25
Relaying outgoing mail to other servers
Queuing mail when the destination is unavailable

apt install postfix
# Choose "Internet Site" during configuration

Basic Postfix config (/etc/postfix/main.cf):

myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8

# TLS
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_use_tls = yes
smtpd_tls_security_level = may

2. MDA (Mail Delivery Agent) — Dovecot

Dovecot stores mail and serves it to email clients via IMAP/POP3:

apt install dovecot-core dovecot-imapd dovecot-pop3d

Dovecot config (/etc/dovecot/conf.d/10-mail.conf):

mail_location = maildir:~/Maildir

Dovecot also handles SASL authentication — Postfix asks Dovecot to verify credentials when users send mail.

3. MUA (Mail User Agent) — your email client

This is Thunderbird, Apple Mail, Outlook, or a webmail interface like Roundcube. It connects to Dovecot via IMAP and submits outgoing mail to Postfix via SMTP (port 587).

DNS records you need

; MX record — tells the world where your mail server is
example.com.  IN  MX  10  mail.example.com.

; A record for the mail server
mail.example.com.  IN  A  123.123.123.123

; SPF — authorises this server to send mail for your domain
example.com.  IN  TXT  "v=spf1 mx -all"

; DKIM — cryptographic signature that proves mail came from you
; Generate keys:
; opendkim-genkey -d example.com -s default
default._domainkey.example.com.  IN  TXT  "v=DKIM1; k=rsa; p=..."

; DMARC — tells receivers what to do with mail that fails SPF/DKIM
_dmarc.example.com.  IN  TXT  "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"

; PTR record (reverse DNS) — set by your VPS provider
; forward resolves mail.example.com, reverse should match

SPF, DKIM, and DMARC are not optional. Without all three, major providers (Gmail, Outlook) will send your mail to spam or reject it entirely.

Reputation: the hard part

Email delivery depends on reputation. When you set up a new mail server:

Your IP has no reputation. Major providers treat mail from new IPs conservatively.
Warm up the IP. Send small volumes of legitimate mail for 2-4 weeks before sending bulk.
Monitor blocklists. Your IP can end up on Spamhaus or Barracuda if any user reports your mail as spam.

Check your reputation:

# Check common blocklists
dig +short 123.123.123.123.zen.spamhaus.org

# Test deliverability
# Send a test email to https://www.mail-tester.com

The practical decision

Self-host if:

You enjoy systems administration and want to learn
You need unlimited addresses across many domains
You already manage servers and understand DNS, TLS, and security
You are willing to spend a few hours per month on maintenance

Use a managed provider if:

You need reliable delivery with zero maintenance
You only have 1-5 addresses
You do not want to deal with spam filtering setup
You value your time at more than $20/hour

Managed email alternatives

Provider	Starting price	Features
Migadu	$19/year	Unlimited domains/addresses, soft storage limits
MXroute	$45/year	Unlimited domains/addresses, direct delivery focus
Google Workspace	$6/user/month	Gmail interface, Drive, Docs, best deliverability
Fastmail	$5/user/month	Privacy-focused, standards-compliant, excellent webmail
Proton Mail	€4/user/month	End-to-end encryption, Swiss privacy laws

For most people reading a CronDaily guide: use Migadu or MXroute. You get unlimited addresses with minimal cost and no server maintenance.

If you still want to self-host

Use Mailcow or Mailu — these are Docker-based mail server stacks that bundle Postfix, Dovecot, spam filtering, and webmail into a single deployment:

# Mailcow
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
./generate_config.sh
docker compose pull
docker compose up -d

Mailcow includes:

Postfix + Dovecot
Rspamd (spam filtering)
ClamAV (virus scanning)
SOGo (webmail)
Automated DNS wizard
Admin panel

This is the closest thing to “easy email self-hosting” that exists in 2026. But you still need to handle DNS, reputation warming, and ongoing maintenance.

The bottom line

Self-hosting email is a learning experience, not a cost-saving measure. The time investment is significant, and deliverability requires ongoing attention. For business email, use Google Workspace or Fastmail. For personal email with many domains, use Migadu or MXroute. Self-host only if the learning itself is the goal.