There are a number of discussions on the web about self (or more accurately not self) hosting your own mail server. The main reason is that the configuration issues are considerable.

The task has got more difficult over recent years due ostensibly to increasing spam and phishing attacks and the responses of the major email providers in countering these activities. The fact that their actions makes it more difficult to host your own mail server, and hence more likely to use on of their services, is merely “co-incidental”. Even if one resolves all the issues it can be difficult or near impossible to have one’s mail accepted by the major providers.

Docker containers reduce the administrative burden considerably although the challenges of correctly setting up DNS records and getting your outgoing mail accepted remain. Mailcow is a suite of containers designed to address these first two issues and is reasonably straight forward to instantiate. Mailcow also makes it easy to send your mail through one of several commercial relay providers like mailgun and sendgrid. Using these services will occur a charge if the volume of mail exceeds the upper limits of their free accounts but will almost certainly get your mail through to your recipients even if there are DNS errors.

Docker Mail Server (DMS) is an alternative. It is CLI only but requires half the RAM of mailcow. This may be an issue in cloud environments and consideration should be given to creating a swap file for the VM. Configuration is a little more difficult but it can be progressively fine tuned with web tools like mail-tester.

Light weight docker mail server alternatives may be useful in certain configurations but these have not been explored to date.

I’m starting to trim the fat in my ABN, which includes Google Suite. I want move to self hosted emails now. I’ll investigate these options and report back.

Thanks for links.

My 2c and a bit of a different perspective for your consideration.

I no longer self-host email and haven’t done for some time. As I “host” (read: pay ) for others outside my household under a family domain name, the inconvenience of stuffing something up for someone else is more than I want to deal with, both because I don’t want to be responsible for something critical not being delivered, nor do I want to play unpaid ad-hoc 24x7 tech support. Email is one of those things that has to just work, unlike a lot of the other projects and other activities I get involved with.

Having said that, if I were to self host now days, I’d probably build on top of something like ISPConfig, on a VPS with good back ups, and using a secondary MX service and possibly an outbound SMTP relay service. I’ve not personally used ISPConfig but I do know someone who swears by it. On the surface it looks like an excellent FOSS product. No idea what the security side of things look like either as I’ve never thoroughly looked into it. However, something like that + a VPS with good backups would allow one to treat the DIY email hosting as if I was hosting “customers”, and probably provide a level of robustness to the self-hosted setup than me hand editing things as required. The requirement for VPS provider backup side of things is pretty obvious, and the secondary MX service and outbound SMTP provider may help with reliability and deliverability, respectively.

Of course, it’s definitely not impossible to “roll your own”, and your own requirements may not need that level of robustness at all. In my specific case, a mis-step is not going to stuff up my email, it will stuff up a lot of other people’s mail. By the time I go down the self-hosted route to a level where I’ve got a degree of reliability and availability I’m happy with, I may as well have paid one of the commercial hosting providers to do it all for me.

Just a bit of food for thought!

This is the only way I’d do it, full stop. Given I’m talking about 2-3 domains and a total of about 100 emails per year, using an outbound SMTP relay like Mailgun would probably cost about $5/year! I think that’s worth the effort.

ISPConfig is good, but I dislike those UIs. Although I do use Nginx Proxy Manager, so maybe I need to rethink that idea. Sometimes convenience and a solid foundation our better than sticking to a CLI because it’s slightly more efficient.

As for backups: Proxmox Backup Server is pretty good. As is just copying files to a NAS that then does an encrypted, compressed nightly to Backblaze B2. Emails are just flat files if you configure the sotrage in that way. Super easy to back up.

Another option for backing up those emails is to have your SMTP relay automatically forward them to 1-2 GMail accounts on receipt.

There are Docker based setup that fire up everything these days too.

If you do go down the self-hosted mail route I’d be interested to hear about how you implement it. @zeeclor’s DMS recommendation looks useful, and I’m curious about any other “mail in a box” type projects too (which is where I’ll incorrectly file ISPConfig for the purposes of this discussion).

Occasionally I find it’s handy to spin up a mail server on a separate domain to test something. The latest occasion was only earlier this week, where it would have been useful to have access to an IMAP mailbox to test inbound mail while messing about with n8n. Setting up an IMAP server was way out of scope that morning so I only messed about with the sending side of things. A proof of concept of @jdownie’s LLM-via-email was one of the things that crossed my mind, but without an IMAP server it was a non starter. I also was involved in a project during the latter half of 2024 that ran for a several months and received a lot of transactional type email, where I used a separate [disposable] domain name and server. Again, having a standard mail setup ready to pull off the shelf for those kind of things would be very useful.

Not going to move my (and the family’s) email off to a self-hosted setup, but I’ve talked myself into looking more into DMS and other ways to self-host as it would be handy to have something separate sitting there ready to use. More to add to my HLB Homework list! I’m interested to hear which route you end up going down and which software you use in your implementation, @mcrilly.

I’ve been hosting my own email (and my business email before I retired) for over 20 years. Back in the day the choice was not between Google or Microsoft but between email and no email so the choice was obvious. (Admittedly ISPs offered email but I went off that option when I discovered my ISP was reading my email.)

As we have discussed in the parsedmarc thread, security has increased over the years. These security features were progressively implemented by the qmail mail server that we used as part of the SME server suite. During those years I never had a problem with email.

Setting up an email server is easy. Receiving and more particularly sending the email is the hard part. Receiving is fairly straight forward if you have the correct DNS records in place. Your main task is to filter out the spam and the phish. The docker options mentioned above automate that.

Sending has caused most of my headaches. In recent years Telstra has touted its security. I think it implements a Microsoft solution, which is the most aggressive for spam filtering among the big email providers. Google is the best at sorting spam from ham but that does not help much as you will occasionally need to send emails to MS recipients and never know whether your email has got there.

If you run an email server in the cloud, as HLB does, you may finish up in a “MS bad block”. This happens when Microsoft identities a spammer in a block of IP addresses and then drops all email from IPs in that block. On your own there is very little you can do about that but running your mail through a commercial relay mail provider can help. HLB uses Mailgun and they moved us to a new block when we being filtered by Microsoft and that resolved our problem.

I haven’t been back to Mailgun plans for a while but initially I was paying $30 per month but later realised I could send a small volume of email on their free tier. Currently all my personal and HLB emails are going out via the free account. I haven’t looked to see how close we are getting to our limit.

The other advantage of Mailgun is you can access their web interface and API to see if your mail is getting through. This was clear for each mail to Microsoft recipients when we were being filtered.

If you have a solid backup (and restore ) process in place there is no harm in firing up DMS or Mailcow. HLB uses DMS and I use Mailcow at home. Mailcow is the “heavier” of the two but provides a web interface and you will only need a reverse proxy like Nginx if you want to use webmail.

Both DMS and mailcow can host multiple domains and once you have set up your base domain you can easily add others.

That’s a brief overview of my journey with email and running docker mail servers. I think it’s feasible for your scenario and you have the added advantage of not having “the big boys” collate all your mail for “other” purposes.

Thanks everyone.

I’m not quite that old yet… but “back in my day! shakes fist at the kids on his lawn" it was Hotmail, AOL, Yahoo! and those other annoying arseholes. Here’s a funny story about Hotmail you might enjoy: https://youtu.be/VscdPA6sUkc?si=AoelDfupKzqLu_2f&t=2033 (time stamp: 33m 53s)

I just PAYG at the minute. Costs us barely anything. Maybe $1,50 for about 300 emails?

That’s what I was thinking too. This is a nice to have, for sure.

Thanks again.

Hey @zeeclor , can i get your presentation slides from our last meeting?

I’m hoping to get some time with @Grim one night soon to help me dump a 14 year old hosting plan that has crept up from $40/year to ~$150/year while i wasn’t watching.

The only part i care about these days is DNS, but i am going to want to set up some email addresses. It’s a great excuse to have a go at some of the stuff that you talked about.

I can tidy it up and send it later but as you know the majority of the talk was about why I think having your own email server is still valuable.

Here is a modififed version of my compose.yaml file.

services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    container_name: mailserver
    restart: always
    # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
    hostname: mail.homelabbrisbane.com.au # must match your FQDN
    ports:
      - "25:25"
      - "465:465"
      - "588:587"
      - "993:993"
    volumes:
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/ # Used to inject site specific configuration variables indo DMS
      - /etc/localtime:/etc/localtime:ro
      # - /etc/letsencrypt:/etc/letsencrypt:ro
    environment:
      - ENABLE_RSPAMD=1
      - ENABLE_CLAMAV=0 # if low on RAM else 1 
      - ENABLE_FAIL2BAN=1
      - SSL_TYPE=letsencrypt # manual
      - RELAY_HOST=smtp.mailgun.org
      - RELAY_PORT=587
      - RELAY_USER=${RELAY_USER}
      - RELAY_PASSWORD=${RELAY_PASSWORD}     
      - DMS_DEBUG=1
    # Optional: healthcheck
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 5
      start_period: 10s
              
    cap_add:
      - NET_ADMIN # Required for Fail2Ban (iptables manipulation)
#    networks:
#      - labnet

#networks:
#  labnet:
#    external: true  

As I mentioned I use caddy for my certificates but if it’s standalone letsencrypt “natively” is better.

My compose file has relay details that can be found in the .env file. If you have your domain and DNS records ready to go setting up for receiving email is pretty easy.

I also asked OpenRouter how to do it and this is their more concise reply and goes into the details of dkim, spf and _dmarc.

When you get stuck AI will assist with what to put in /tmp/docker-mailsever and its subdirectories.

HTH.

docker mail server docker-compose.yaml

User - –

docker mail server docker-compose.yaml

Assistant - –

Here is a comprehensive docker-compose.yaml (also called compose.yaml) for docker-mailserver — the most popular, production-ready, fully-featured self-hosted mail server. It uses Postfix + Dovecot + Rspamd + ClamAV + Fail2Ban + OpenDKIM/DMARC.

Project Structure

mailserver/
├── compose.yaml
├── mailserver.env
└── docker-data/
    └── dms/
        ├── mail-data/        # Mailboxes (Dovecot)
        ├── mail-state/       # State (Fail2Ban, Postgrey DB, etc.)
        ├── mail-logs/        # Mail logs
        └── config/           # DMS config (accounts, DKIM, aliases, etc.)

compose.yaml — Full Production Setup

services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    container_name: mailserver

    # -------------------------------------------------------
    # Replace with your actual FQDN (must match your MX record)
    # -------------------------------------------------------
    hostname: mail.example.com

    ports:
      - "25:25"       # SMTP  — Inbound mail (MTA-to-MTA)
      - "143:143"     # IMAP  — StartTLS
      - "465:465"     # ESMTP — Implicit TLS (SMTPS)
      - "587:587"     # SMTP  — Submission (StartTLS, for mail clients)
      - "993:993"     # IMAPS — Implicit TLS

    volumes:
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro
      # Uncomment if using Let's Encrypt certificates:
      # - /etc/letsencrypt:/etc/letsencrypt:ro

    env_file:
      - mailserver.env

    environment:
      # --- General ---
      - OVERRIDE_HOSTNAME=mail.example.com   # Set if hostname above is not FQDN

      # --- Security ---
      - ENABLE_FAIL2BAN=1
      - SPOOF_PROTECTION=1

      # --- TLS ---
      - SSL_TYPE=letsencrypt                 # Options: letsencrypt | manual | self-signed | off

      # --- Anti-Spam ---
      - ENABLE_RSPAMD=1                      # Modern spam filter (recommended)
      - ENABLE_SPAMASSASSIN=0                # Legacy — disable if using Rspamd
      - ENABLE_POSTGREY=0                    # Greylisting (optional)

      # --- Anti-Virus ---
      - ENABLE_CLAMAV=1                      # Set to 0 if low on RAM (<2 GB)

      # --- Docker networking ---
      - PERMIT_DOCKER=network                # Allows other containers to send mail
                                             # WARNING: Don't use on open internet without firewall

      # --- IMAP/POP3 ---
      - ENABLE_POP3=0                        # Enable if you need POP3 access

    cap_add:
      - NET_ADMIN   # Required for Fail2Ban (iptables manipulation)
      - SYS_PTRACE  # Optional: needed for some debugging tools

    ulimits:
      nofile:
        soft: 65536
        hard: 65536

    restart: always

    # Optional: healthcheck
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 5
      start_period: 10s

mailserver.env — Environment Variables File

# General
OVERRIDE_HOSTNAME=mail.example.com
POSTMASTER_ADDRESS=postmaster@example.com

# TLS
SSL_TYPE=letsencrypt

# Security
SPOOF_PROTECTION=1
ENABLE_FAIL2BAN=1

# Anti-Spam
ENABLE_RSPAMD=1
ENABLE_SPAMASSASSIN=0
ENABLE_POSTGREY=0

# Anti-Virus (disable if <2GB RAM)
ENABLE_CLAMAV=1

# Protocols
ENABLE_IMAP=1
ENABLE_POP3=0

# Docker Network
PERMIT_DOCKER=network

Note: Do not quote values in .env files for DMS — it doesn’t support quoted values.

Initial Setup & First Run

DMS_URL="https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master"
wget "${DMS_URL}/compose.yaml"
wget "${DMS_URL}/mailserver.env"

# Add email accounts
docker exec -it mailserver setup email add admin@example.com yourpassword
docker exec -it mailserver setup email add user@example.com yourpassword

# List accounts
docker exec -it mailserver setup email list

docker exec -it mailserver setup config dkim

./docker-data/dms/config/opendkim/keys/example.com/mail.txt

# Foreground (for debugging)
docker compose up

# Background (production)
docker compose up -d

# View logs
docker compose logs -f mailserver

Required DNS Records

Key Notes

• Ports 25 & 465/587 must be open in your firewall. Many VPS providers block port 25 by default — request it to be unblocked.
• RAM: ClamAV alone uses ~500MB+. Minimum 2 GB RAM recommended; 4 GB for full stack.
• SSL: Use Certbot for Let’s Encrypt. DMS auto-reads certs from /etc/letsencrypt/.
• Image: ghcr.io/docker-mailserver/docker-mailserver:latest (latest is v15.1.0 as of 2025).