Self-hosting your email provides complete control, privacy, and security over your communications. This guide details the process from start to finish, even for those unfamiliar with server management.

Reference Video: How to Self-Host Email the Right Way (to avoid the spam folder)

1. Launch a cloud-based Ubuntu Virtual Private Server (VPS).
2. Configure all necessary DNS records for your custom domain.
3. Install Docker and Docker Compose.
4. Set up and configure mailcow, a comprehensive open-source mail server suite.
5. Test and validate email deliverability.

---

Before you begin, you must have two things:

You need a domain (e.g., yourdomain.com) purchased from any registrar (like Netim, GoDaddy, Namecheap, etc.).

You cannot host this at home, as most Internet Service Providers (ISPs) block Port 25, which is essential for email.

• Provider: You must use a hosting provider (like Verpex) that explicitly allows Port 25 and lets you set PTR (Pointer) records.
• System Requirements:
  • Minimum: 6GB RAM, 20GB disk space, 1 CPU.
  • Budget (Not Recommended): 4GB RAM will work, but you must disable the antivirus (ClamAV) component in mailcow, reducing security.
• Operating System: This guide uses Ubuntu.

Once your VPS is active, locate its public IP Address. This will be used in all following steps.

---

This is the most critical step for ensuring your server can be found. Go to your domain registrar's DNS management panel.

Replace yourdomain.com with your actual domain. Replace [Server IP] with your VPS's public IP address.

Type	Name / Host	Value / Target	Priority	Details
A	@ (or yourdomain.com)	[Server IP]	N/A	Points your root domain to the server.
A	mail (or mail.yourdomain.com)	[Server IP]	N/A	Creates the hostname for the mail server itself.
MX	@ (or yourdomain.com)	mail.yourdomain.com	10	Directs all email for your domain to your new mail server.
CNAME	autodiscover	mail.yourdomain.com	N/A	Helps email clients (like Outlook) automatically find settings.
CNAME	autoconfig	mail.yourdomain.com	N/A	Helps email clients (like Thunderbird) automatically find settings.
SRV	_autodiscover._tcp	mail.yourdomain.com	0 (Prio) 0 (Weight) 443 (Port)	An additional record for auto-discovery services.

After saving, use mxtoolbox.com to do a "DNS Lookup" for mail.yourdomain.com and verify your server IP. DNS propagation can take up to 24 hours.

---

This record is essential for deliverability and proving you aren't a spammer. It maps your server's IP address back to your domain.

1. You cannot set this record yourself.
2. You must open a support ticket with your hosting provider.
3. Send them a message like: Hello, please set the PTR (Reverse DNS) record for my server's IP address [Server IP] to point to the hostname mail.yourdomain.com.

---

Open a Terminal (macOS/Linux) or Command Prompt/PowerShell (Windows).

1. Log in as root:

ssh root@yourdomain.com

1. Update Your Server:

apt update
apt upgrade -y

1. Install Dependencies:

apt install git openssl curl -y

1. Create a New User (Security Best Practice — replace tony with your username):

adduser tony

1. Give New User Sudo Privileges:

usermod -aG sudo tony

1. Switch to Your New User:

su - tony

1. Install Docker:

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

1. Add Your User to the Docker Group:

sudo usermod -aG docker $USER

1. Reboot the Server:

sudo reboot

---

1. Log Back In after reboot as your new user (e.g., ssh tony@yourdomain.com).

1. Set umask:

umask 0022

1. Clone mailcow (install in /opt/):

cd /opt/
sudo git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized/

1. Find Your Timezone:

timedatectl list-timezones

To search: timedatectl list-timezones | grep 'New_York'

1. Generate Configuration File:

sudo ./generate-config.sh

You will be asked:

1. • Mail server hostname (FQDN): Enter mail.yourdomain.com
   • Timezone: Enter your timezone (e.g., America/New_York)
   • Which branch: Choose 1 for stable master branch

1. Pull & Run mailcow:

sudo docker compose pull
sudo docker compose up -d

1. Verify Installation:

sudo docker compose ps

Check the "Status" column. If anything is "down" or "unhealthy," wait a few minutes and check again.

---

1. Access mailcow Admin: Go to https://mail.yourdomain.com in your browser.
2. Log In as Admin:
   • Click the "Login as admin" link at the bottom.
   • Username: admin
   • Password: moohoo
3. CRITICAL: Change Admin Password:
   • Go to System > Configuration > Access.
   • Click Edit next to the admin user, enter a strong password, and Save Changes.
4. Add Your Email Domain:
   • Go to Email > Configuration > Domains tab.
   • Click Add Domain.
   • Domain: Enter your root domain (e.g., yourdomain.com).
   • Leave other settings as default.
   • Click "Add domain and restart SOGO".
5. Create Your First Mailbox:
   • Go to Mailboxes > Mailboxes.
   • Click Add mailbox.
   • Username: Enter the first part of your email (e.g., tony).
   • Domain: Select yourdomain.com.
   • Enter your name and a strong password.
   • Click Add.

---

1. In mailcow admin, go to Email > Configuration > Domains tab.
2. Click the "DNS" button next to your domain.
3. Add the following records to your domain registrar:

Type	Name / Host	Value / Target	Notes
TXT (DKIM)	dkim._domainkey	v=DKIM1; k=rsa; p=[...long string...]	Copy the exact Name and Value from the mailcow DNS page.
TLSA	_25._tcp.mail	3 1 1 [...long hash string...]	Copy the exact Name and Value. Your registrar may have separate fields for Usage (3), Selector (1), and Matching (1).
TXT (SPF)	@	v=spf1 mx a -all	Strict starting value — only your A and MX records are allowed to send mail.
TXT (DMARC)	_dmarc	v=DMARC1; p=none	WAIT! Add this only 48 hours after SPF/DKIM are set. p=none means "monitor only."

4. Enable DNSSEC: In your domain registrar's settings, find DNSSEC and Enable it. Required for the TLSA record to function.

---

1. Log in to Your New Inbox:
   • Go to https://mail.yourdomain.com.
   • Log in as your user (e.g., tony@yourdomain.com).
2. Test with Mail-Tester:
   • Go to mail-tester.com.
   • Copy the unique email address provided.
   • Compose a realistic email (subject: Inquiry about your services, body: a few real sentences — not "test").
   • Send to the mail-tester address and check your score. Aim for 10/10.
3. Test with a Real Provider (Gmail):
   • Send a realistic email to a Gmail, Outlook, or Yahoo address you own.
   • Check if it lands in the Inbox. If it goes to spam, double-check all DNS records.

---

• Email Warm-Up: Do NOT start blasting hundreds of emails. Your new IP has no reputation. Send a few emails per day and gradually increase volume over weeks.
• Server Security:
  • Enable a Firewall (UFW): Block all ports except those needed (SSH, HTTP/S, and mail ports).
  • Harden SSH: Disable password-based login and use SSH keys only. This is the single most important security measure.
  • Stay Updated: Regularly run sudo apt update && sudo apt upgrade -y to apply security patches.