How do I host & maintain my own mail?

Requirements

• A vps ($5USD/month or higher is enough)
• Docker and docker compose installed on the vps
• A hosted domain name
• DNS access for the domain (to add A, MX, and TXT records)
• Open ports: 25, 587, 993, and one HTTPS port for webmail preferrably 8443
• TLS certificates (I use Let’s Encrypt )

Stack

• Mail server: docker-mailserver
• Webmail: Roundcube (currently not in active use)
• Mail clients: MS Outlook (primary), Thunderbird (tested)
• Reverse proxy: Nginx

All services are defined in docker compose configuration file.

docker-mailserver provides default environment variables for configuration.

Layout

• docker-mailserver: handles SMTP and IMAP

  • Port 25: incoming mail
  • Port 587: authenticated SMTP submission
  • Port 993: IMAP(S, secure)

• Roundcube: webmail interface

  • Port 80 (internal)

• Nginx: HTTPS termination

  • Port 8443 (external)

Authentication

SMTP authentication is handled through Dovecot.

Postfix is configured to authenticate users via a shared socket:

• smtpd_sasl_type = dovecot
• smtpd_sasl_path = /dev/shm/sasl-auth.sock

If sending mail fails while receiving works, this is the first place to check.

DNS Records

The following records are required:

• A: mail.domain.com → server IP
• A: webmail.domain.com → server IP
• MX: domain.com → mail.domain.com
• TXT: SPF record allowing the mail server IP
• TXT: DKIM record generated by docker-mailserver on the host server

  docker compose exec mailserver setup config dkim
  
  docker compose exec mailserver cat /tmp/docker-mailserver/opendkim/keys/domain.com/mail.txt
  

• TXT: DMARC policy record

Without SPF, DKIM, and DMARC, mail to other mail providers like Gmail will likely land in spam.

Access Points

• Webmail: https://webmail.domain.com:8443
• IMAP: mail.domain.com:993 (SSL/TLS)
• SMTP: mail.domain.com:587 (STARTTLS)

Client Configuration

Standard settings work:

• IMAP: mail.domain.com, port 993, SSL/TLS
• SMTP: mail.domain.com, port 587, STARTTLS
• Username: full email address
• Password: Generated on the server:

  docker compose exec mailserver setup email add user@domain.com "password"
  

Current State

• Mail can be sent and received
• New accounts can be created from the command line
• MS Outlook is used as the primary mail client (it just works)
• Webmail (Roundcube) authentication issues exist on the server

Planned Changes

• Return to self-hosted webmail after resolving authentication and session issues
• Add a self-hosted calendar service using CalDAV

I will be adding a comprehensive tutorial covering the whole process.

You can contact me on this mail: me@israelmanzi.com