Host Your Own Email Server with Docker on Ubuntu (2025 Edition)

TIP

Running email is hard. Stick to this checklist and you’ll avoid 90% of deliverability headaches.

Mailu is a modern, open-source mail server stack (Postfix, Dovecot, Rspamd, Roundcube) packaged as Docker services. In under 30 minutes you can have:

IMAP / SMTP (SSL) for mail.yourdomain.com.
Webmail and admin panel.
Automatic Let’s Encrypt certificates.
Spam filtering with Rspamd.
DKIM, SPF, DMARC records for high deliverability.
Incremental backups with Restic.

Table of Contents
1. Prerequisites & Terminology
2. Set Up DNS Records First (Crucial!)
3. Install Docker & Compose
4. Generate Mailu Configuration
5. Launch the Stack
6. Obtain SSL Certificates (Auto)
7. Enable DKIM & DMARC
8. Test Deliverability
9. Daily Backups with Restic
10. Upgrade Mailu Safely
11. Troubleshooting Cheat-Sheet
12. Alternatives
13. Security Checklist
14. Conclusion

1. Prerequisites & Terminology

Ubuntu 22.04 LTS server (2 vCPU, 4 GB RAM recommended).
Root or sudo access.
DNS control for yourdomain.com.
Docker 25+ and Docker Compose v2 (apt install docker.io docker-compose-plugin).

Term	Meaning
MTA	Mail Transfer Agent (Postfix)
IMAPS / SMTPS	Encrypted email protocols on ports 993 / 465
DKIM	Cryptographic signature proving message origin

2. Set Up DNS Records First (Crucial!)

Record	Name	Value
A	`mail`	your server IP
MX	`@`	`mail.yourdomain.com` (prio 10)
TXT	`@`	`v=spf1 mx ~all`

Leave DKIM/DMARC for later—they depend on keys generated by Mailu.

3. Install Docker & Compose

sudo apt update && sudo apt upgrade -y
sudo apt install docker.io docker-compose-plugin -y
sudo usermod -aG docker $USER # re-login

4. Generate Mailu Configuration

mkdir -p ~/mailu && cd ~/mailu
curl -L https://setup.mailu.io/master/generate.py | python3 -

Answer prompts:

Mailu version: 1.10
Hostname: mail.yourdomain.com
Domain: yourdomain.com
TLS certificate: Let’s Encrypt
Initial admin user/password

Script outputs docker-compose.yml and .env.

5. Launch the Stack

docker compose -p mailu up -d

Containers:

front – Nginx proxy (ports 80/443, 110, 143, 993, 995, 465, 587)
postfix – SMTP
dovecot – IMAP/POP3
rspamd – spam filter
admin – Web UI on https://mail.yourdomain.com/admin
redis, clamav, roundcube (optional)

Access admin UI to create mailboxes & aliases.

6. Obtain SSL Certificates (Auto)

The front service requests Let’s Encrypt certs on first run. Check logs:

docker compose logs -f front | grep -i letsencrypt

Once issued, test with SSL Labs.

7. Enable DKIM & DMARC

Admin UI → Settings / DKIM Keys → generate for yourdomain.com.

Add DNS TXT record:

mail._domainkey  IN  TXT  "v=DKIM1; k=rsa; p=MIIBIjANBgkqhki..."

DMARC record:

_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com"

Check with https://dmarcian.com/dkim-inspector/.

8. Test Deliverability

Send email to mail-tester.com and Google Postmaster. Aim for ≥ 9/10 score.

Common fixes:

Reverse DNS must map IP → mail.yourdomain.com (set via hosting panel).
IPv6 AAAA record if server has IPv6.

9. Daily Backups with Restic

sudo apt install restic -y
export RESTIC_REPOSITORY=/root/backups/restic
export RESTIC_PASSWORD=supersecret
restic init

Create cron job /etc/cron.d/mailu-backup:

0 2 * * * root docker exec $(docker compose ps -q postgres) pg_dumpall -U postgres | restic backup --stdin --stdin-filename mailu.sql
0 3 * * * root restic forget --keep-daily 7 --keep-weekly 4 --prune

Store repository off-site (S3, Backblaze) with restic -r s3:s3.amazonaws.com/bucket.

10. Upgrade Mailu Safely

cd ~/mailu
git pull origin master
docker compose pull
docker compose down
docker compose up -d

Mail data lives in named volumes—containers are stateless.

11. Troubleshooting Cheat-Sheet

| Symptom | Command | Fix | | --------------------- | ---------------------------- | ------------------------------------------------- | ---------------------------- | | Ports not listening | ss -tulpn | grep 25 | UFW allow 25 465 587 143 993 | | Mail rejected as spam | Check rspamd UI (:11334) | Tune score, train ham | | Cert renewal failed | docker compose logs front | Ensure port 80 open, renew via certbot fallback |

12. Alternatives

Mailcow – heavier, UI-rich.
Modoboa – Python/Django stack.
Postal – Focused on outgoing bulk mail.

13. Security Checklist

✅ Fail2ban on Postfix & Dovecot.
✅ Unattended-upgrades enabled.
✅ Regular backups tested.
✅ Use UFW: only mail + SSH ports open.
✅ Strong admin password & 2FA (Mailu 1.10 supports TOTP).

14. Conclusion

Congratulations—you now own your email infrastructure! 🎉 With Mailu on Docker you get modern features, automated certificates, and straightforward upgrades while keeping full control over your data and costs.

Table of Contents