Mailcow Dockerized Mail Server Installation
Mailcow is a full-featured, dockerized mail server suite combining Postfix, Dovecot, SOGo webmail, rspamd anti-spam, and a modern web admin UI. This guide covers deploying Mailcow on Linux, configuring domains and mailboxes, setting up DKIM/DMARC, and keeping it updated.
Prerequisites
- Ubuntu 20.04+/Debian 11+ (recommended) or CentOS 8+
- Minimum 6 GB RAM, 20 GB disk space
- Docker and Docker Compose installed
- A domain name with DNS control
- Ports 25, 80, 110, 143, 443, 465, 587, 993, 995 accessible
- Root or sudo access
Ensure no other mail services are running:
systemctl stop postfix exim sendmail 2>/dev/null
systemctl disable postfix exim sendmail 2>/dev/null
DNS Configuration
Before installing, configure DNS records for your mail domain:
| Type | Name | Value | TTL |
|---|---|---|---|
| A | mail.yourdomain.com | YOUR_SERVER_IP | 300 |
| MX | yourdomain.com | mail.yourdomain.com | 300 |
| TXT | yourdomain.com | v=spf1 mx ~all | 300 |
| PTR | YOUR_SERVER_IP | mail.yourdomain.com | - |
Set the reverse DNS (PTR record) through your VPS control panel.
Installing Mailcow
# Install required dependencies
apt update && apt install -y git curl
# Clone Mailcow
git clone https://github.com/mailcow/mailcow-dockerized /opt/mailcow
cd /opt/mailcow
# Generate configuration
./generate_config.sh
# Enter your mail hostname when prompted: mail.yourdomain.com
# Select timezone
# Review generated config
cat mailcow.conf
Key settings in mailcow.conf:
# /opt/mailcow/mailcow.conf (auto-generated, review these)
MAILCOW_HOSTNAME=mail.yourdomain.com
TZ=Europe/Berlin
HTTP_PORT=80
HTTPS_PORT=443
# SKIP_LETS_ENCRYPT=n # Set to 'y' if using an existing cert
Start Mailcow:
cd /opt/mailcow
docker compose pull
docker compose up -d
# Monitor startup (takes 2-3 minutes)
docker compose logs -f
Check all containers are running:
docker compose ps
# All services should show "Up"
Initial Configuration
Access the admin panel at https://mail.yourdomain.com (or the IP during initial setup):
- Default login:
admin/moohoo - Change the admin password immediately
The web UI auto-configures Let's Encrypt SSL for your hostname. Wait for SSL to provision before sending/receiving mail.
Configure firewall rules:
# UFW example
ufw allow 25/tcp # SMTP
ufw allow 80/tcp # HTTP (Let's Encrypt)
ufw allow 443/tcp # HTTPS admin/webmail
ufw allow 587/tcp # SMTP submission
ufw allow 465/tcp # SMTPS
ufw allow 993/tcp # IMAPS
ufw allow 995/tcp # POP3S
ufw allow 110/tcp # POP3
ufw allow 143/tcp # IMAP
Domain and Mailbox Management
Add a mail domain:
- Admin panel > Configuration > Mail Setup > Domains
- Click Add domain
- Enter your domain and adjust limits if needed
Add mailboxes:
- Mail Setup > Mailboxes > Add Mailbox
- Enter local part (e.g.,
alice), domain, full name, and password
Via API:
# Get an API key from Admin > Configuration > API
API_KEY="your_api_key"
# Add a domain
curl -X POST "https://mail.yourdomain.com/api/v1/add/domain" \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d '{"domain": "example.com", "active": 1}'
# Add a mailbox
curl -X POST "https://mail.yourdomain.com/api/v1/add/mailbox" \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"local_part": "alice",
"domain": "example.com",
"password": "StrongPassword123!",
"password2": "StrongPassword123!",
"active": 1
}'
DKIM and DMARC Setup
Generate DKIM keys in the admin panel:
- Mail Setup > Domains > Select domain > DKIM
- Set key length to 2048
- Click Add - Mailcow generates the key pair
Copy the displayed DKIM public key and add a DNS TXT record:
Name: dkim._domainkey.yourdomain.com
Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9...
Add a DMARC policy:
Name: _dmarc.yourdomain.com
Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100
Verify email authentication:
# Send a test email and check headers
# Or use mail-tester.com / MXToolbox
docker compose exec postfix-mailcow postfix check
SOGo Webmail
SOGo provides webmail at https://mail.yourdomain.com/SOGo/.
Users log in with their full email address and mailbox password. SOGo supports:
- CalDAV calendar sync (mobile/desktop clients)
- CardDAV contact sync
- Vacation auto-reply (under Settings > Mail)
Client autoconfiguration is available at https://mail.yourdomain.com/autodiscover/autodiscover.xml for Outlook, and https://mail.yourdomain.com/.well-known/autoconfig/mail/config-v1.1.xml for Thunderbird.
Rspamd Anti-Spam
Access the rspamd web UI at https://mail.yourdomain.com/rspamd:
- Default password: see
docker compose exec rspamd-mailcow cat /etc/rspamd/local.d/worker-controller.inc
Key rspamd operations:
# Check rspamd status
docker compose exec rspamd-mailcow rspamc stat
# Manually train spam (from a mailbox)
# Mark messages as spam in SOGo to train Bayes automatically
# View rspamd logs
docker compose logs rspamd-mailcow -f
# Test a message against rspamd
cat /path/to/email.eml | docker compose exec -T rspamd-mailcow rspamc check
Configure rspamd overrides in /opt/mailcow/data/etc/rspamd/override.d/:
# Whitelist a domain
echo 'sender_whitelist { "trusted.domain.com" }' \
> /opt/mailcow/data/etc/rspamd/override.d/whitelist.conf
docker compose restart rspamd-mailcow
Backup and Updates
# Official backup script
cd /opt/mailcow
./helper-scripts/backup_and_restore.sh backup all
# Restore from backup
./helper-scripts/backup_and_restore.sh restore
# Update Mailcow
cd /opt/mailcow
./update.sh
# Or manually pull latest images
git pull
docker compose pull
docker compose up -d
Schedule automated backups:
crontab -e
# Add:
# 0 3 * * * cd /opt/mailcow && ./helper-scripts/backup_and_restore.sh backup all
Troubleshooting
Mail not being received (port 25 blocked):
# Test from an external server
telnet mail.yourdomain.com 25
# Check if ISP/VPS provider blocks port 25 (common on residential/shared)
# Many VPS providers require a support ticket to unblock port 25
SSL certificate not generating:
# Check acme-mailcow logs
docker compose logs acme-mailcow
# Verify DNS is pointing to this server
dig mail.yourdomain.com
Emails going to spam:
# Check SPF, DKIM, DMARC are all passing
# Use mail-tester.com for a comprehensive check
# Verify PTR record is set correctly
dig -x YOUR_SERVER_IP
Container keeps restarting:
docker compose ps
docker compose logs failing-container-name -n 50
Conclusion
Mailcow provides a complete, production-ready mail server stack in Docker with minimal manual configuration. Its web admin interface, API, SOGo webmail, and integrated rspamd make it suitable for hosting multiple domains and hundreds of mailboxes. Always configure DKIM, SPF, and DMARC before sending any mail to ensure deliverability, and test regularly with mail-tester.com.