- Why you need a self-hosted email
- When we talk about “email”
- The Canidates
- Additional Tools
Email is a tricky subject, on one hand, with technology like docker, its easier than ever to set one up, but on the other hand its still a fairly hefty task. Not to talk it up, but it does take a certain degree of technical ability. Which is exactly why email services are such good hunting grounds for big tech. Convenience is where companies prey on those of us with little time or know how. Not everyone wants go through the hassle of setting an email server up. Plus, you could get a free email from pretty much anywhere, why would you want to self-host one?
Why you need a self-hosted email
There are lots of reasons! here are a few of the big ones:
- Privacy (no snooping or farming your data to sell to advertisers)
- You can create disposable emails to feed online forms and for spam!
- Data independence (You own your data and have full control over it)
- Big email services are often targets of cyber attacks and there have been many instances of user data being compromised.
- You can have an email that says whatever you want! if you want firstname.lastname@example.org, go for it!
Sounds like the best thing ever right? It is not without it downsides, however. If you are already in the self-hosting game, you already know what its like to have to keep up with a server; updating, securing, etc—it can be a lot of work, which increases with the added complexities of an email software suite. For example, your emails could get marked as spam or email might fail to deliver, you have to be comfortable with using a variety of tools to troubleshoot your problem. You are on your own IT support! (Don’t worry I’ll provide some tools that have helped me at the end)
When we talk about “email”
Notice I said email suite earlier, this is because an ‘email server’ is not really one piece of software. It’s actually a collection of software working together to get your mail where it needs to go. For the most part, all the software I’m going to list here will use some combination of the following components to do what they need to do.
- MUA (Mail User Agent)—This is your user interface that allows us to manage our email.
- MUAs receive messages through the internet protocols:
- IMAP (Internet Message Access Protocol\POP3(Post Office Protocol).
- SMTP (Simple Mail Transfer Protocol)—which handles sending email.
- MDA (Mail Delivery Agent)—which handles delivering mail to the recipient.
- A properly configured DNS server:
- MX – Mail exchange, which directs email to an email server
- SPF – Sender policy framework, which lets the mail server know that it is authorized to send email
- DKIM – DomainKeys Identified Mail helps prevent spammers from impersonating you.
- DMARC – Domain-based Message Authentication Reporting and Conformance, provides another layer of verification after the SPF and DKIM records, helps prevent spoofing.
- PTR – Pointer records matche the domian name to an IP, used in reverse DNS lookups to verify you are who you say you are.
- FQDN (Fully Qualified Domain Name) – the complete name of your server, which uniquly identifies it on the net, eg: “mail.yourdomain.org”
DNS configuration for an email server on its own could take up an entire article, all those records serve the various parts of the jenga tower that is a email server. Pay special importantanace to SPF, DKIM, & DMARC, and PTR as they ensure mail deliverablity and domain verfication so your emails don’t end up in the SPAM folder of your recepient’s mailbox. It’s a lot, that is why I’ve compiled this list with a few things in mind: 1) Ease of installation, 2) documentation and 3) ease of configuration. I focus on those key criteria because the last thing we need is a complicated installation process. Without further ado, here are our lovely email candidates:
Mailcow is an open source email suite consisting of a host of docker images that serve up the various components needed for a functioning email server. This includes a few email standards like Postfix (Mail Server), Dovecot (IMAP Server), and SOGo groupware (which provides the MUA and Admin interface. Mailcow is really kickass when it comes to installation and their documentation is very clear and laid out well, even detailing the DNS records that you’ll need to have setup before you even pull down its images. On the downside the system requirements are on the high side requiring 1GHz CPU, 6GB of RAM minimum and 20GBs of free disk space without email data, which already prices itself out a the $5 dollar range of VPS offerings, which may matter to some of you out there. Regardless, mailcow comes highly recommended and has a active community and development team with a cute mascot to boot.
|Supports Docker!||High system requirements|
|Supports many email clients|
|Built in antispam via Rspamd|
|Share calendars & email with SOGo|
|Supports encryption with TLS|
Mailu, like mailcow, is another open source docker-based email server. Mailu’s philosophy is to be a “proper mail server” that is easy to maintain, secure, and look good while doing it. Mailu is based heavily on python and has lighter system requirements than Mailcow, and can even be built on a raspberry pi, read about it here. It does have a rather high-ish RAM requirement if you want to enable clamav (a antimalware software) it is 3GB RAM + 1GB swap., but if you run without it, it drops the requirement to 2GB (1GB + 1GB swap). Their website also doubles as their docs which is great, as it holds your hand pretty well. It’s admin panel is robust and the UI is very clean and modern, it also comes with RoundCube as it’s webmail client. Overall I’d say that Mailu is a very full featured email server that is worth checking out.
|Web based admin and mail client||High RAM requirement|
|Auto-configuration for various email clients|
|Built on FOSS principles|
|Scales horizontally with Docker Swarm or Kubernetes|
Mail-in-a-Box is a little different than the previous offerings, it is not docker-focused, instead it opts for script installation method. Mail-in-a-box prefers to run in the cloud, it’s own documents recommending potential users opt for the $10 tier due to its system requirements. (1GB RAM). Mail-in-a-box requires a fresh dedicated machine as it configures the entire system for email purposes. Don’t install this on your sunday web server as it will probably meet an ill configured demise! Setup aside, Mail-in-a-Box uses RoundCube as its webmail front, NextCloud Contacts for contact and calendar synchronization, and it also comes with a admin panel. This is a no nonsense option for those of us who just want to send a damn email without all the frills.
|Works best on a VPS||More involved pre-setup needed|
|Spam protection via Spam Assassin.||Takes over whatever it is installed on.|
|Singular, ‘just works’ solution||Requires a fresh Ubuntu install|
|Built in DNS server with auto-configuration|
|DNSSEC for enhanced email protection|
iRedMail has been sending email since 2007, so you know it has the email game on lock. It supports the big Linux flavors, including REHL, Ubuntu, and FreeBSD. iRedMail uses RoundCube, and SOGo for its webmail and calendar syncing. It also provides LDAP services, and has a configurable installer that lets you choose what components you want to install instead of just installing everything as we’ve seen so far. Their system requirements are pretty standard to what we’ve seen so far, requiring 4GB of ram for a low production email server. There is also a docker-based version of the suite in beta, so the installation process will get even easier in the future. The docs provide information on setting up iRedmail with clients like Mozilla Thunderbird, Outlook, and other email clients. iRedMail also provides a support ticketing system to help solve issues, however, help costs $149 USD per ticket, but the option is there, for those that need it. I can easily recommend this to both to an individual and a small enterprise.
|Customizable install||Paid “easy” managed installer|
|Antispam & antivirus||Not as simple to install as the other options on this list.|
|Email encryption via TLS and SSL||Does not support ARM builds (no raspi emails for you)|
|Active Sync & LDAP support|
Citadel is prehaps the most robust email suite on here as it includes numerous extra bells and whistles like: BBS (forum), wikis, IMs (instant messaging), mailing lists, and multiple domain support. Citadel has a docker install method but the normal ‘easy’ installer works pretty well too. Citadel comes frontended by a UI called WebCit that is user customizable via CSS. Which is really quite a boon because WebCit’s UI leaves much to be desired as I found it to be very cluttered and busy. This is understandable due to the amount of options and features it has, but it really is not that great to navigate through. Looks aside, Citadel is light enough to run on a raspberry pi, touting to be very memory efficient, obviously this goes up with the number of users. Citadel is perfect for those that aren’t simply satisfied with just sending an email but want to have community features as well.
|Simple installer||Does not support catchall email addresses|
|Docker support||UI is dated|
|Low system requirements|
As promised here are some handy online tools you can use to diagnose and troubleshoot anything that may come up.
- https://mxtoolbox.com/ — helps test your DNS records
- https://www.checktls.com/ — test your email’s security
- https://ssl-tools.net/mailservers — check your emails encryption
- https://www.learndmarc.com/ — learning tool for understanding email DNS
- https://multirbl.valli.org/ — to check if your domain is on any BLs (Block lists)
- https://check.spamhaus.org/—Another block list checker
- https://mail-tester.com/— Test if your emails are considered spam
With that I wish you the best in your email server build, hopefully you’ve found a software suite that tickles your fancy and always remember that these things take time, so don’t get discouraged if you hit a snag somewhere.