In an era of mass surveillance and data harvesting, self-hosting your email server gives you complete control over your communications. No third-party provider reading your emails for ad targeting. No arbitrary storage limits. No risk of losing access because a provider changed their terms.
Mailcow is the gold standard for self-hosted email. It bundles everything you need: IMAP/SMTP/POP3, a beautiful SOGo webmail interface, anti-spam with Rspamd, anti-virus with ClamAV, calendar and contacts via CalDAV/CardDAV, and automatic SSL certificate management.
Requirements
Before you begin, you need:
- A VPS with at least 4GB RAM and 2 vCPUs — ZentisLabs Mailcow Starter plan ($50/mo) is ideal
- A domain name pointing to your server IP
- Clean IP address — not on any email blacklists
- Ports 25, 80, 443, 587, 993 open and not blocked by your provider
Step 1: Deploy Your VPS
Sign up at zentislabs.com and deploy a Basic VPS (2 cores, 4GB RAM, 80GB SSD) in your preferred location. We recommend Frankfurt or Amsterdam for European email delivery, or New York/Chicago for US-based operations.
SSH into your server and update the system:
apt update && apt upgrade -y
apt install -y curl git docker.io docker-composeStep 2: Install Mailcow
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
./generate_config.shEnter your mail domain (e.g., mail.yourdomain.com) when prompted. Then edit mailcow.conf to set your timezone and adjust memory limits if needed.
docker-compose pull
docker-compose up -dStep 3: DNS Configuration
This is the most critical step. Set these DNS records:
# A Record
mail.yourdomain.com -> YOUR_SERVER_IP
# MX Record
yourdomain.com -> mail.yourdomain.com (priority 10)
# SPF (TXT)
yourdomain.com -> v=spf1 a mx ip4:YOUR_SERVER_IP ~all
# DKIM (TXT) -- get from Mailcow admin panel
# DMARC (TXT)
_dmarc.yourdomain.com -> v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.comUse ZentisLabs DNS management dashboard to configure all records in one place.
Step 4: Security Hardening
Install fail2ban to protect against brute force attacks, configure UFW firewall to only allow necessary ports, and ensure SSL certificates auto-renew via Let's Encrypt (Mailcow handles this automatically).
apt install -y fail2ban
ufw allow 22,25,80,443,587,993/tcp
ufw enableStep 5: First Login & Mailbox Setup
Navigate to https://mail.yourdomain.com in your browser. Default credentials are admin/moohoo — change them immediately. Add your domain, create mailboxes, and configure DKIM from the admin panel. Mailcow will automatically handle TLS certificates via Let's Encrypt.
📧 Pro tip: After setup, test your email deliverability at mail-tester.com. A score of 9/10 or higher means your configuration is production-ready. Most issues come from missing DKIM or DMARC records.