Production Ready · Self-Hosted Infrastructure

Self-Hosted
Mail Server
From Scratch

A fully operational email server built on a VPS using Mailcow Dockerized — handling send, receive, spam filtering, and webmail with a perfect deliverability score.

10/10
Mail-Tester Score
18
Docker Containers
0
3rd Party Services
100%
Self-Owned
10/10

Perfect Deliverability Score

Verified by mail-tester.com — industry standard for email server health

SPF Pass
DKIM Valid
DMARC Pass
rDNS Match
Not Blacklisted
// System Architecture
How It All Connects
📱
Client
Gmail / Browser
IMAP/SMTP
☁️
Cloudflare
DNS · MX · SPF
DNS Only
🔒
Nginx Proxy
SSL · Port 443
:8443
🐄
Mailcow
mail.domael.site
Internal
🗄️
Mailboxes
info@domael.site
// Setup Process
Step-by-Step Breakdown
STEP 01

VPS Preparation

Configured Ubuntu 22.04 VPS on Datalix with proper hostname set to mail.domael.site. Requested port 25 unblock from provider. Opened all required mail ports on UFW firewall.

Ubuntu 22.04 UFW Port 25
STEP 02

DNS Configuration

Added all required DNS records on Cloudflare: A record for mail subdomain, MX record pointing to mail server, SPF TXT record, and DMARC policy record. All set to DNS Only (no proxy).

Cloudflare MX Record SPF DMARC
STEP 03

Mailcow Installation

Cloned Mailcow Dockerized, ran the config generator, configured HTTP/HTTPS ports to 8080/8443 to avoid conflict with existing Nginx Proxy Manager. Pulled and started all 18 Docker containers.

Docker Mailcow 18 Containers
STEP 04

Reverse Proxy Setup

Added Mailcow as a proxy host in Nginx Proxy Manager using HTTPS scheme forwarding to internal port 8443. Enabled Let's Encrypt SSL certificate with Force SSL and HTTP/2 support.

NPM Let's Encrypt SSL/TLS
STEP 05

Domain & Mailbox Setup

Logged into Mailcow admin panel, added domael.site as a mail domain, created info@domael.site mailbox. Generated DKIM keypair and added the public key as a TXT record in Cloudflare DNS.

DKIM Mailbox SOGo Webmail
STEP 06

Deliverability Tuning

Configured reverse DNS (PTR record) via Datalix panel to match sending IP to mail.domael.site. Disabled IPv6 sending to prevent unverified IPv6 address rejections by Gmail and other providers.

rDNS / PTR IPv4 Only 10/10 Score
// Technology Stack
What's Running Under the Hood
📮
Postfix
SMTP Server
📥
Dovecot
IMAP / POP3
🌐
SOGo
Webmail UI
🛡️
Rspamd
Spam Filter
🔍
ClamAV
Virus Scanner
🗃️
MariaDB
Database
Redis
Cache
🐋
Docker
Container Runtime
🔒
Let's Encrypt
SSL Certificates
☁️
Cloudflare
DNS Management
// DNS Configuration
Cloudflare DNS Records
Type Name Value Purpose Status
A mail 176.100.37.12 Mail server IP Active
MX @ mail.domael.site (10) Incoming mail routing Active
TXT @ v=spf1 mx ~all SPF — authorized senders Active
TXT _dmarc v=DMARC1; p=none; rua=... DMARC policy Active
TXT dkim._domainkey v=DKIM1; k=rsa; p=... DKIM email signing Active
// Network Configuration
Open Mail Ports
25
SMTP
Receiving mail
465
SMTPS
Send via SSL
587
Submission
Send via STARTTLS
143
IMAP
Read mail
993
IMAPS
Read via SSL
443
HTTPS
Webmail UI
// Deployment
Key Commands Used
root@mail.domael.site — SSH
# Set server hostname root@mail:~# hostnamectl set-hostname mail.domael.site   # Open mail ports on firewall root@mail:~# ufw allow 25/tcp && ufw allow 465/tcp && ufw allow 587/tcp && ufw allow 993/tcp   # Clone and configure Mailcow root@mail:~# cd /opt && git clone https://github.com/mailcow/mailcow-dockerized mailcow root@mail:/opt/mailcow# ./generate_config.sh Mail server hostname: mail.domael.site Timezone: Asia/Karachi   # Pull all 18 Docker images and start root@mail:/opt/mailcow# docker compose pull && docker compose up -d ✔ Container mailcowdockerized-postfix-mailcow-1 Started ✔ Container mailcowdockerized-dovecot-mailcow-1 Started ✔ Container mailcowdockerized-rspamd-mailcow-1 Started ✔ Container mailcowdockerized-nginx-mailcow-1 Started ✔ 18/18 containers running   # Verify port 25 is live root@mail:/opt/mailcow# nc -zv 176.100.37.12 25 Connection to 176.100.37.12 25 port [tcp/smtp] succeeded!
// Verification Results
All Checks Passing

Authentication

SPF Record
Authorized
DKIM Signature
Valid
DMARC Policy
Passed
Reverse DNS (PTR)
Matched

Deliverability

Spam Blacklists
Not Listed
Gmail Delivery
Inbox
SSL Certificate
Let's Encrypt
Mail-Tester Score
10 / 10