Running your own mail server gives you full control over email delivery, privacy, and cost. It's complex to set up but not mysterious. Here's the complete guide.
Prerequisites
- Ubuntu 22.04 VPS with dedicated IP
- Domain with DNS control
- Port 25 unblocked (most cloud providers block it by default)
- Reverse DNS (PTR) record set for your server IP
DNS Records Required
; MX record
@ IN MX 10 mail.yourdomain.com.
; A record for mail subdomain
mail IN A YOUR_SERVER_IP
; SPF
@ IN TXT "v=spf1 ip4:YOUR_SERVER_IP ~all"
; DKIM (add after generating key)
; PTR - set with your hosting providerInstall Postfix (SMTP)
apt update && apt install postfix mailutils -y
# Choose "Internet Site" during setup
# Set system mail name to yourdomain.comConfigure /etc/postfix/main.cf:
myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain, localhost
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.yourdomain.com/privkey.pemInstall Dovecot (IMAP)
apt install dovecot-core dovecot-imapd -yConfigure /etc/dovecot/dovecot.conf to enable IMAP on port 993 with SSL.
Install OpenDKIM
apt install opendkim opendkim-tools -y
opendkim-genkey -t -s default -d yourdomain.comCopy the public key from default.txt to your DNS DKIM record. Configure Postfix to sign via OpenDKIM milter.
SSL with Let's Encrypt
apt install certbot
certbot certonly --standalone -d mail.yourdomain.com
# Add to cron: certbot renew --quietTesting
echo "Test" | mail -s "Test email" test@gmail.com
# Check logs: tail -f /var/log/mail.logCommon Problems
- Port 25 blocked: Contact your VPS provider to unblock it (most do for business requests)
- DKIM fail: Check key format, DNS propagation (can take 24h)
- Rejected by Gmail: Ensure PTR record matches mail.yourdomain.com
For a managed alternative, use ZeroPhantom's email infrastructure →