Running your own email server puts you fully in control of your communications — no provider scanning your inbox, no data mining, no terms of service changes to worry about. Mailcow Dockerized is the most approachable full-featured self-hosted email stack available, bundling Postfix, Dovecot, Rspamd, SOGo webmail, and Let’s Encrypt SSL into a Docker Compose setup. This guide walks through a complete setup on a VPS.
Is Self-Hosting Email Right for You?
Before starting, be realistic about the trade-offs:
Advantages:
- Full data sovereignty — no provider has access to your emails
- Custom domain (
you@yourdomain.com) - No storage limits beyond your VPS disk
- You control retention, backup, and encryption policies
Disadvantages:
- Requires ongoing maintenance (updates, monitoring)
- Email deliverability requires proper DNS records and reputation management
- If your server goes down, you lose email temporarily
- Getting off spam blacklists if your IP has history takes effort
For most people, Proton Mail or Fastmail is a better privacy choice. Self-hosting is for those who want complete control and are willing to manage the infrastructure.
VPS Requirements
Mailcow requires minimum 6 GB RAM (8 GB recommended). Good VPS options:
- Hetzner (EU, privacy-friendly) — CPX21 (4 vCPU, 8 GB RAM, ~€5.77/mo)
- DigitalOcean — 8 GB droplet (~$48/mo)
- Vultr — 8 GB instance (~$40/mo)
Important: Check that your VPS provider allows mail server use and doesn’t block port 25 (SMTP). Many providers block port 25 by default — open a ticket to unblock it.
Choose a VPS IP that isn’t on spam blacklists. Check mxtoolbox.com/blacklists.aspx before committing.
DNS Records You’ll Need
Before installing Mailcow, prepare these DNS records in your domain registrar:
mail.yourdomain.com A → Your VPS IP
yourdomain.com MX → mail.yourdomain.com (priority 10)
yourdomain.com TXT → v=spf1 mx ~allAfter setup, you’ll also add:
- DKIM TXT record (generated by Mailcow)
- DMARC TXT record:
v=DMARC1; p=none; rua=mailto:admin@yourdomain.com
Installing Mailcow
Prerequisites
sudo apt update && sudo apt install -y curl git
# Install Docker
curl -fsSL https://get.docker.com | bash
sudo usermod -aG docker $USER
newgrp dockerVerify Docker:
docker --version
docker compose versionClone Mailcow
cd /opt
sudo git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerizedGenerate Configuration
sudo ./generate_config.shEnter your FQDN (fully qualified domain name) when prompted: mail.yourdomain.com
Choose your timezone (e.g., Europe/Berlin or America/New_York).
The script creates mailcow.conf with your settings.
Configure mailcow.conf
Edit /opt/mailcow-dockerized/mailcow.conf:
# Key settings to verify/change
MAILCOW_HOSTNAME=mail.yourdomain.com
TZ=America/New_York
HTTP_PORT=80
HTTPS_PORT=443
HTTP_BIND=0.0.0.0
HTTPS_BIND=0.0.0.0Start Mailcow
cd /opt/mailcow-dockerized
sudo docker compose pull
sudo docker compose up -dThis pulls all Docker images (Postfix, Dovecot, Rspamd, SOGo, etc.) and starts the stack. First start takes 5–10 minutes.
Check status:
sudo docker compose psAll containers should show Up.
Accessing the Admin Panel
Navigate to https://mail.yourdomain.com in your browser. Accept the SSL certificate (it’s self-signed until Let’s Encrypt kicks in).
Default login:
- Username: admin
- Password: moohoo (change this immediately)
Go to Configuration → Edit → change admin password.
Configuring Let’s Encrypt SSL
In the admin panel: Configuration → Configuration & Details → Enable Let’s Encrypt
Mailcow automatically requests and renews certificates via Let’s Encrypt using the ACME protocol. Your FQDN must resolve to your VPS IP for this to work.
After enabling, restart the SSL container:
sudo docker compose restart acme-mailcowCreating Your First Mailbox
-
E-Mail → Domains → Add domain
- Domain:
yourdomain.com - Leave other settings as defaults
- Domain:
-
E-Mail → Mailboxes → Add mailbox
- Username:
pat - Domain:
yourdomain.com - Password: (strong password)
- Username:
Your new address is pat@yourdomain.com.
Adding DKIM Signing
DKIM (DomainKeys Identified Mail) cryptographically signs outgoing emails, massively improving deliverability:
- In admin panel → Configuration → ARC/DKIM keys
- Select your domain → click Generate (2048 bits)
- Copy the generated public key
- Add it to DNS:
dkim._domainkey.yourdomain.com TXT "v=DKIM1; k=rsa; p=[YOUR_PUBLIC_KEY]"
Wait for DNS propagation (up to 24 hours), then test at mail-tester.com.
Connecting an Email Client
IMAP Settings:
- Server:
mail.yourdomain.com - Port: 993 (SSL/TLS)
- Username:
pat@yourdomain.com
SMTP Settings:
- Server:
mail.yourdomain.com - Port: 587 (STARTTLS)
- Username:
pat@yourdomain.com
Works with Thunderbird, Apple Mail, Outlook, and any standard IMAP/SMTP client.
Updating Mailcow
cd /opt/mailcow-dockerized
sudo ./update.shMailcow releases updates regularly — run this monthly.
Backup Strategy
Back up these critical components:
# Backup mail data and configuration
sudo tar -czf /backup/mailcow-$(date +%Y%m%d).tar.gz \
/opt/mailcow-dockerized/mailcow.conf \
/opt/mailcow-dockerized/data/
# Backup MySQL database
docker exec mailcowdockerized-mysql-mailcow-1 mysqldump -u root \
--password=$(grep DBROOT /opt/mailcow-dockerized/mailcow.conf | cut -d= -f2) \
mailcow > /backup/mailcow-db-$(date +%Y%m%d).sqlStore backups offsite (Backblaze B2, Wasabi, or encrypted Filen storage).
Running your own mail server on Mailcow is a meaningful step toward digital sovereignty. Once configured properly, it’s largely maintenance-free and gives you email infrastructure entirely under your control.