Introduction: Why Self-Host Your Email?

Here is a detailed, step-by-step guide on how to set up your own self-hosted email server using mailcow, based on the provided instructions.

Self-hosting your email provides complete control, privacy, and security over your communications. This guide details the process from start to finish, even for those unfamiliar with server management. We will:

1. Launch a cloud-based Ubuntu Virtual Private Server (VPS).
2. Configure all necessary DNS records for your custom domain.
3. Install Docker and Docker Compose.
4. Set up and configure mailcow, a comprehensive open-source mail server suite.
5. Test and validate email deliverability.

Phase 1: Server and DNS Prerequisites

Before you begin, you must have two things:

1. A Domain Name: You need a domain (e.g., yourdomain.com) purchased from any registrar (like Netim, GoDaddy, Namecheap, etc.).
2. A Cloud VPS: You cannot host this at home, as most Internet Service Providers (ISPs) block Port 25, which is essential for email.
   • Provider: You must use a hosting provider (like Verpex, as mentioned) that explicitly allows Port 25 and lets you set PTR (Pointer) records.
   • System Requirements:
     • Minimum: 6GB RAM, 20GB disk space, 1 CPU.
     • Budget (Not Recommended): 4GB RAM will work, but you must disable the antivirus (ClamAV) component in mailcow, reducing security.
   • Operating System: This guide uses Ubuntu.

Once your VPS is active, locate its public IP Address. This will be used in all following steps.

Phase 2: Initial DNS Record Configuration

This is the most critical step for ensuring your server can be found. Go to your domain registrar's DNS management panel (this might be called "Zone File" or "DNS Settings"). You must create the following six records.

• Replace yourdomain.com with your actual domain.
• Replace [Server IP] with your VPS's public IP address.

Type	Name / Host	Value / Target	Priority	Details
A	@ (or yourdomain.com)	[Server IP]	N/A	Points your root domain to the server.
A	mail (or mail.yourdomain.com)	[Server IP]	N/A	Creates the hostname for the mail server itself.
MX	@ (or yourdomain.com)	mail.yourdomain.com	10	Directs all email for your domain to your new mail server.
CNAME	autodiscover	mail.yourdomain.com	N/A	Helps email clients (like Outlook) automatically find settings.
CNAME	autoconfig	mail.yourdomain.com	N/A	Helps email clients (like Thunderbird) automatically find settings.
SRV	_autodiscover._tcp	mail.yourdomain.com	0 (Prio) 0 (Weight) 443 (Port)	An additional record for auto-discovery services.

After saving, you can use a tool like mxtoolbox.com to do a "DNS Lookup" for mail.yourdomain.com. Verify that it shows your correct server IP address. DNS changes can take time (up to 24 hours) to propagate, but are often fast.

Phase 3: The PTR (Reverse DNS) Record

This record is essential for deliverability and proving you aren't a spammer. It maps your server's IP address back to your domain.

1. You cannot set this record yourself.
2. You must open a support ticket with your hosting provider (e.g., Verpex).
3. Send them a message similar to this:"Hello, please set the PTR (Reverse DNS) record for my server's IP address [Server IP] to point to the hostname mail.yourdomain.com."

The provider should confirm once this is complete.

Phase 4: Server Setup & Docker Installation

Now, we will connect to the server and install the necessary software. Open a Terminal (macOS/Linux) or Command Prompt/PowerShell (Windows).

1. Log in as root:

ssh root@yourdomain.com

(You can also use your server's IP address instead of the domain).
2. Update Your Server:

   apt update  
   apt upgrade \-y

3. Install Dependencies:

   apt install git openssl curl \-y

4. Create a New User (Security Best Practice): Do not run everything as root. Replace tony with your desired username.

   adduser tony

You will be prompted to create a password.
5. Give New User Sudo (Admin) Privileges:

   usermod \-aG sudo tony

6. Switch to Your New User:

   su \- tony

7. Install Docker: This command downloads and runs the official Docker installation script.

   curl \-fsSL \[https://get.docker.com\](https://get.docker.com) \-o get-docker.sh  
   sudo sh get-docker.sh

8. Add Your User to the Docker Group: This allows you to run Docker commands without sudo (this is a major convenience).

   sudo usermod \-aG docker $USER

(Note: The transcript uses tony, but $USER is more generic and correct).
9. Reboot the Server: This is required for the group changes to take full effect.

   sudo reboot

Phase 5: Install & Configure mailcow

1. Log Back In: Wait a minute for the server to reboot, then log back in as your new user (e.g.,

ssh tony@yourdomain.com).  

2. Set umask: This ensures mailcow files have the correct permissions.

umask 0022

3. Clone mailcow: The official recommendation is to install it in /opt/.

   cd /opt/  
   sudo git clone https://github.com/mailcow/mailcow-dockerized  
   cd mailcow-dockerized/

4. Find Your Timezone: You'll need this for the config. Find your timezone by running:

   timedatectl list-timezones

(To search, you can use timedatectl list-timezones | grep 'New_York').
5. Generate Configuration File:

sudo ./generate-config.sh

You will be asked several questions:
* Mail server hostname (FQDN): Enter mail.yourdomain.com
* Timezone: Enter the timezone you found (e.g., America/New_York).
* Which branch: Choose 1 for the stable master branch.

The script will run and create a mailcow.conf file.

6. Pull & Run mailcow: These commands download all the Docker images and start the entire mail server suite. This may take several minutes.

   sudo docker compose pull  
   sudo docker compose up \-d

7. Verify Installation: Check that all containers are "up" and "healthy".

   sudo docker compose ps

Look at the "Status" column. If anything is "down" or "unhealthy," wait a few minutes and check again.

Phase 6: mailcow Admin & Domain Setup

1. Access mailcow Admin: Go to https://mail.yourdomain.com in your browser. (Note: Use https://). You may get a browser warning about security; this is normal. Proceed anyway.
2. Log In as Admin:
   • Click the "Login as admin" link at the bottom.
   • Username: admin
   • Password: moohoo
3. CRITICAL: Change Admin Password:
   • Go to System > Configuration > Access.
   • Click "Edit" next to the admin user.
   • Generate or enter a new, strong password and Save Changes.
4. Add Your Email Domain: This is the domain you will create email addresses for (e.g., you@yourdomain.com).
   • Go to Email > Configuration > Domains tab.
   • Click Add Domain.
   • Domain: Enter your root domain (e.g., yourdomain.com).
   • Leave other settings as default.
   • Click "Add domain and restart SOGO".
5. Create Your First Mailbox:
   • Go to Mailboxes > Mailboxes.
   • Click Add mailbox.
   • Username: Enter the first part of your email (e.g., tony).
   • Domain: Select yourdomain.com.
   • Enter your name and a strong password.
   • Click Add.

Phase 7: Final DNS Records for Deliverability

Your server is running, but mail will go to spam without these records.

1. In the mailcow admin UI, go to Email > Configuration > Domains tab.
2. Click the "DNS" button next to your domain.
3. This page shows you the exact values you need to add to your DNS. Go back to your domain registrar and add the following records:

Type	Name / Host	Value / Target	Notes
TXT (DKIM)	dkim._domainkey	v=DKIM1; k=rsa; p=[...long string...]	Copy the exact Name and Value from the mailcow DNS page.
TLSA	_25._tcp.mail	3 1 1 [...long hash string...]	Copy the exact Name and Value. Your registrar may have separate fields for Usage (3), Selector (1), and Matching (1).
TXT (SPF)	@	v=spf1 mx a -all	This is a good, strict starting value. It means only your A and MX records are allowed to send mail.
TXT (DMARC)	_dmarc	v=DMARC1; p=none	WAIT! The video recommends waiting 48 hours after setting SPF/DKIM to add this record. p=none means "monitor only" and is the correct starting policy.

4. Enable DNSSEC: In your domain registrar's settings, find the option for DNSSEC and Enable it. This adds a critical layer of security and is required for the TLSA record to function.

Phase 8: Testing Deliverability

1. Log in to Your New Inbox:
   • Go to https://mail.yourdomain.com.
   • Log in as the user you created (e.g., tony@yourdomain.com) with the password you set.
2. Test with Mail-Tester:
   • Go to mail-tester.com.
   • Copy the unique email address it gives you.
   • From your new mailcow inbox, compose a realistic email.
     • Subject: Inquiry about your services (NOT "test")
     • Body: Write a few sentences of real text. (Spam filters flag "test" emails).
   • Send the email to the mail-tester address.
   • Go back to the mail-tester site and check your score. Aim for 10/10. It will tell you if any records (like DMARC) are missing.
3. Test with a Real Provider (Gmail):
   • Compose another realistic email from your mailcow inbox.
   • Send it to a Gmail, Outlook, or Yahoo address you own.
   • Check if it lands in the Inbox. If it goes to spam, double-check all your DNS records.

Phase 9: Critical Next Steps (Maintenance)

Your server is running, but it's not "finished." You must maintain it.

• Email Warm-Up: Do NOT start blasting hundreds of emails. Your new IP address has no reputation. You must "warm it up" by sending a few emails per day, then gradually increasing the volume over weeks.
• Server Security: The video explicitly mentions this. Your server is now a public target. You must harden it.
  • Enable a Firewall (UFW): Block all ports except those needed (SSH, HTTP/S, and mail ports).
  • Harden SSH: Disable password-based login and use SSH keys only. This is the single most important thing you can do to secure your server.
  • Stay Updated: Regularly log in and run sudo apt update && sudo apt upgrade -y to apply security patches.