Self-Host Your Email with Mailcow: Complete 2026 Guide

Self-Host Your Email with Mailcow: Complete 2026 Guide

Email is hard to self-host. Mailcow makes it bearable. Here's how I run my own mail server (and why you might want to).

#email #mailcow #self-hosting #vps #tutorial
đź’ˇ Disclosure: This article contains affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. This helps support the site and keeps the content free.

Self-Host Your Email with Mailcow: Complete 2026 Guide

Let’s Address the Elephant in the Room

Everyone says “don’t self-host email.” It’s too hard. Gmail exists. You’ll end up in spam folders. Your server will crash and you’ll lose important messages.

They’re not wrong.

Self-hosting email is objectively harder than hosting a blog or a file server. But here’s the thing: it’s not that hard in 2026, and if you care about privacy and control, it’s worth it.

I’ve been running my own mail server for 2 years. No regrets.

Why I Self-Host Email (And Why You Might Not Want To)

Let me be upfront about my motivations:

Why I do it:

  • I don’t trust Google/Microsoft with all my email
  • I wanted a custom domain that I fully control
  • I like knowing my data sits on my VPS, not in someone’s data lake
  • It’s a learning experience (masochistic? maybe)

Why you might NOT want to do it:

  • It’s more expensive than Gmail (VPS costs money)
  • You become the sysadmin—no support team to call
  • Deliverability requires effort (SPF, DKIM, DMARC)
  • If your server goes down, email stops flowing

If you just want email that works, stick with ProtonMail or Tutanota. Seriously. This guide is for people who want the control and are willing to put in the work.

Why Mailcow?

There are a few options for self-hosted email:

Mail-in-a-Box is beginner-friendly but opinionated. It takes over your entire VPS. If you want to run other services (Nextcloud, blog, etc.), you’re out of luck.

iRedMail works but feels dated. The web interface is clunky.

Mailcow is the Goldilocks option. It’s Docker-based, modular, and has a modern web UI. You can run it alongside other services. The docs are solid. The community is active.

I tried Mail-in-a-Box first, hated that it monopolized my VPS, then switched to Mailcow. Never looked back.

What You’ll Need

This isn’t a $3/month project. Here’s the minimum:

VPS Requirements:

  • 2 vCPU
  • 6GB RAM (8GB if you run ClamAV antivirus)
  • 40GB disk space
  • Ubuntu 22.04 or Debian 11
  • A static IP address

Other Requirements:

  • A domain name (I use Cloudflare for DNS)
  • Patience (setup takes 1-2 hours)
  • Basic Linux skills

For VPS, I recommend Hetzner CPX31 (3 vCPU, 8GB RAM, ~$14/month) or DigitalOcean’s $18/month droplet. Cheaper VPS options exist, but email servers need resources. Don’t cheap out here.

Important: Some VPS providers block SMTP ports (25, 587) by default to prevent spam. Hetzner and DigitalOcean allow it, but you may need to request it. Check before you buy.

DNS Setup (Do This First)

Email servers are picky about DNS. Set this up before installing Mailcow.

You need these records:

A Record:

mail.yourdomain.com → your-vps-ip

MX Record:

yourdomain.com → mail.yourdomain.com (priority 10)

PTR Record (Reverse DNS):

your-vps-ip → mail.yourdomain.com

PTR records are set in your VPS provider’s control panel, not your DNS registrar. For Hetzner, it’s under “Networking → Reverse DNS.” For DigitalOcean, it’s in the droplet settings.

Why PTR matters: Gmail and Outlook check reverse DNS. If it’s missing or wrong, your emails go straight to spam.

Wait 30 minutes for DNS propagation, then test:

dig mail.yourdomain.com
dig -x your-vps-ip

Both should return the correct values. If not, fix it now before proceeding.

Installing Mailcow

SSH into your VPS and update the system:

apt update && apt upgrade -y

Install Docker (if you haven’t already):

curl -fsSL https://get.docker.com | sh

Clone the Mailcow repository:

cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized

Run the setup script:

./generate_config.sh

It’ll ask for your hostname. Use your mail subdomain: mail.yourdomain.com

This generates a mailcow.conf file. Edit it:

nano mailcow.conf

Key settings to review:

  • MAILCOW_HOSTNAME — Should be mail.yourdomain.com
  • MAILCOW_PASS_SCHEME — Leave as BLF-CRYPT (secure)
  • HTTP_PORT / HTTPS_PORT — Default is 80/443 (fine if Mailcow is alone)

If you’re running other web services (Nextcloud, etc.), you’ll need a reverse proxy. I use Traefik. It’s beyond this guide, but Google “Mailcow Traefik” and you’ll find tutorials.

Pull the Docker images:

docker compose pull

Start Mailcow:

docker compose up -d

This takes 5-10 minutes. Docker pulls ~20 containers (Postfix, Dovecot, SOGo, Redis, etc.). Grab a coffee.

Check if it’s running:

docker compose ps

Everything should say “Up.” If something’s crashed, check logs:

docker compose logs [service-name]

Initial Configuration

Visit https://mail.yourdomain.com in your browser.

You’ll get a self-signed certificate warning. That’s normal—we’ll fix it in a minute with Let’s Encrypt.

Login:

  • Username: admin
  • Password: moohoo (yes, really)

First thing: Change the admin password. Go to System → Configuration → Admin and set a strong password.

Setting Up Let’s Encrypt (HTTPS)

Mailcow has Let’s Encrypt built-in. Enable it:

  1. Go to System → Configuration → Let’s Encrypt
  2. Check “Enable Let’s Encrypt”
  3. Enter your email
  4. Save

Wait 30 seconds. Mailcow will request a certificate. If it fails, check:

  • DNS is pointing to your server
  • Ports 80 and 443 are open
  • You’re not behind Cloudflare’s proxy (orange cloud must be gray)

Once it works, reload the page. The certificate warning should be gone.

Creating Your First Mailbox

Go to Mailboxes → Add mailbox.

Fill in:

  • Domain: yourdomain.com
  • Username: you (becomes [email protected])
  • Name: Your actual name
  • Password: Strong password
  • Quota: 5GB (or whatever you want)

Click Add.

You now have an email address. Test it by logging into webmail:

https://mail.yourdomain.com/SOGo

Send yourself a test email from Gmail. If it arrives, you’re 90% there.

Configuring SPF, DKIM, and DMARC (Critical!)

This is what keeps you out of spam folders. Don’t skip it.

SPF (Sender Policy Framework)

Add this TXT record to your DNS:

yourdomain.com → "v=spf1 mx ~all"

This tells other mail servers: “Only my MX record can send mail for this domain.”

DKIM (DomainKeys Identified Mail)

In Mailcow, go to Configuration → Configuration & Details → DKIM.

Click DKIM Keys and generate a key for your domain.

Copy the TXT record (it’s long, like 250+ characters) and add it to your DNS:

dkim._domainkey.yourdomain.com → [paste the key]

DMARC (Domain-based Message Authentication)

Add another TXT record:

_dmarc.yourdomain.com → "v=DMARC1; p=quarantine; rua=mailto:[email protected]"

This says: “If SPF/DKIM fail, quarantine the message and send me a report.”

Wait 15 minutes for DNS propagation, then test everything:

Go to https://mxtoolbox.com and run:

  • SPF check
  • DKIM check
  • DMARC check

All three should pass. If not, double-check your DNS records.

Testing Deliverability

Send test emails to:

  • Gmail
  • Outlook
  • Yahoo
  • ProtonMail

Check if they land in inbox or spam. If they’re in spam, run your server through https://mail-tester.com. It’ll tell you what’s wrong.

Common issues:

  • PTR record missing or wrong
  • SPF/DKIM/DMARC not set up correctly
  • Your IP is on a blacklist (check mxtoolbox.com/blacklists)

If your IP is blacklisted, contact your VPS provider. Sometimes fresh IPs have bad reputations from previous users.

Day-to-Day Usage

Email Clients

You can use webmail (SOGo), but I prefer Thunderbird on desktop and K-9 Mail on Android.

IMAP settings:

  • Server: mail.yourdomain.com
  • Port: 993
  • Security: SSL/TLS
  • Username: [email protected]
  • Password: Your password

SMTP settings:

  • Server: mail.yourdomain.com
  • Port: 587
  • Security: STARTTLS
  • Username: [email protected]
  • Password: Your password

It just works.

Aliases

Mailcow lets you create unlimited aliases. Go to Mailboxes → Add alias.

I have:

  • contact@ → forwards to my main inbox
  • spam@ → goes to a junk folder
  • receipts@ → auto-filters into a receipts folder

This is one of the best parts of self-hosting. You control everything.

Sieve Rules (Filters)

SOGo has a built-in filter editor. Go to Preferences → Mail Filters.

You can auto-sort, auto-reply, or forward based on sender, subject, etc. It’s like Gmail filters but more powerful.

What I Learned the Hard Way

1. Backups are non-negotiable

I back up the entire /opt/mailcow-dockerized folder daily. I use a simple cron job that tarballs it and sends it to S3.

Email data lives in /var/lib/docker/volumes/mailcowdockerized_*. Back that up too.

Losing email is not fun. Ask me how I know.

2. RAM matters more than CPU

Mailcow idles at ~3GB RAM with all services running. Add ClamAV (antivirus) and it jumps to 5GB. CPU usage is low unless you’re processing thousands of emails per hour.

Don’t run this on a 2GB VPS. It’ll swap like crazy.

3. Gmail is stricter than you think

Even with perfect SPF/DKIM/DMARC, Gmail may quarantine your emails for the first few weeks. It’s building reputation. Be patient.

I solved this by gradually sending emails to Gmail addresses. After a month, deliverability was 100%.

4. Updates are easy but mandatory

Mailcow releases updates frequently. Updating is simple:

cd /opt/mailcow-dockerized
./update.sh

Do this monthly. Security patches matter when you’re running a mail server.

5. Spam filtering needs tuning

Mailcow uses Rspamd for spam filtering. It’s aggressive by default. I had to whitelist a few newsletters that kept getting flagged.

Go to Configuration → Rspamd to adjust settings.

Is It Worth It?

Two years in, here’s my take:

Pros:

  • Full control over my email
  • No one’s data-mining my inbox
  • Unlimited aliases and domains
  • Learned a ton about email infrastructure

Cons:

  • Costs $14/month (more than Gmail’s $0)
  • I’m responsible when something breaks
  • Initial setup took me 3 hours (with mistakes)

Would I recommend it? Only if you’re the kind of person who self-hosts for fun.

If you’re doing it purely for privacy, ProtonMail is easier. If you’re doing it for control and learning, Mailcow is fantastic.

Alternatives to Mailcow

If Mailcow isn’t your vibe:

Mail-in-a-Box: Easiest setup, but monopolizes your VPS. Good if you want a dedicated mail server.

Docker-Mailserver: Lighter than Mailcow but less beginner-friendly. For advanced users.

Stalwart Mail Server: New kid on the block. Rust-based, fast, but less mature than Mailcow.

I stuck with Mailcow because it strikes the best balance between features and usability.

Security Considerations

Firewall rules:

Open only what’s needed:

  • 25 (SMTP)
  • 587 (Submission)
  • 993 (IMAPS)
  • 443 (HTTPS)

Close everything else.

Fail2ban is built-in. Mailcow will auto-ban IPs after failed login attempts. No extra config needed.

Two-factor authentication: Enable it in SOGo settings. Use an app like Aegis or Authy.

Admin panel access: I restrict the Mailcow admin panel to my home IP using Traefik middlewares. You can also use a VPN.

Final Thoughts

Self-hosting email isn’t for everyone. But if you’re reading this blog, you’re probably the kind of person who wants to own their data.

Mailcow made it feasible. It’s not effortless, but it’s manageable. After the initial setup, it runs itself. I check on it maybe once a month.

The biggest reward? When I send an email from [email protected], I know it’s mine. Not Google’s. Not Microsoft’s. Mine.

If that resonates with you, go for it. The internet needs more independent mail servers.

FAQ

Q: Will my emails end up in spam?

Not if you configure SPF/DKIM/DMARC correctly and your IP isn’t blacklisted. Reputation builds over time. After a month, deliverability should be excellent.

Q: Can I use this for a business?

Yes, but be aware: you’re the support team. If email goes down, customers notice. I’d only do this for a small business where you can handle the responsibility.

Q: What about antivirus scanning?

Mailcow includes ClamAV, but it’s disabled by default (uses 2GB extra RAM). I enable it. Better safe than sorry.

Q: Can I migrate existing email?

Yes. Mailcow has import tools for IMAP. You can migrate from Gmail, Outlook, etc. It’s a bit tedious but doable.

Q: What happens if my VPS provider dies?

Your email goes down. Have backups. Consider a secondary MX record pointing to a backup server (advanced setup).

Q: Is 6GB RAM enough?

For personal use (1-5 mailboxes), yes. For 10+ users or heavy traffic, bump to 8GB+.

Q: Can I use Cloudflare’s proxy (orange cloud)?

Not for the mail subdomain. Cloudflare doesn’t proxy SMTP/IMAP traffic. Keep your mail. subdomain DNS-only (gray cloud).

Q: What about push notifications on mobile?

SOGo doesn’t have native push. Use an email app with IMAP IDLE (like K-9 Mail on Android or Apple Mail on iOS).

Q: Can I run multiple domains?

Absolutely. Mailcow is multi-tenant. Add as many domains as you want. I run 3 domains on one instance.

Related Articles:

Written from my self-hosted mail server, running Mailcow on a Hetzner CPX31, handling 3 domains and ~500 emails/month with 99.9% uptime.

Stay in the loop 📬

Get self-hosting tutorials, tool reviews, and infrastructure tips delivered to your inbox. No spam, unsubscribe anytime.

Join 0 self-hosters. Free forever.

#email #mailcow #self-hosting #vps #tutorial