Last updated: March 16, 2026

Mail-in-a-Box turns a fresh Ubuntu server into a fully functional email host in under 15 minutes. If you have been looking for a way to escape Big Tech email surveillance while maintaining full control over your communication infrastructure, this guide walks you through the complete setup process.

Why Run Your Own Email Server

Commercial email providers scan your messages for advertising purposes. Running your own Mail-in-a-Box instance gives you end-to-end control over your data, custom domain email addresses, and zero algorithmic profiling. For developers managing multiple projects or businesses requiring professional email presence, self-hosting eliminates monthly per-mailbox fees while providing unlimited accounts.

Beyond cost savings, self-hosting puts you squarely in control of retention policies. Gmail keeps deleted messages in trash for 30 days before permanent deletion, your own server purges on whatever schedule you define. You also control spam filtering thresholds, which matters for developers who regularly receive transactional email that commercial providers sometimes misclassify. And when regulators or law enforcement serve a data request to Google or Microsoft, your server receives no such request because you are not on their infrastructure.

Prerequisites

Before beginning the installation, ensure you have:

DigitalOcean, Linode, and Hetzner all offer suitable VPS plans starting at $5/month. For email deliverability, choose a provider with a positive sending reputation. Hetzner’s Falkenstein datacenter is popular among privacy-focused users for its European jurisdiction and competitive pricing, but their new accounts sometimes need to request port 25 unlocking via their support ticket system, do that before starting installation.

One critical prerequisite that trips up most first-time setup attempts: confirm your VPS provider allows outbound port 25. Many providers block port 25 on new accounts to prevent spam. Submit a support ticket before you begin, describing your intent to host personal email. Most providers approve this within a few hours.

Step 1 - Initial Server Setup

Connect to your server via SSH and update the system packages:

ssh root@your-server-ip
apt update && apt upgrade -y

Set your server hostname to your domain name:

hostnamectl set-hostname mail.yourdomain.com

Edit /etc/hosts to reflect the same hostname:

nano /etc/hosts
Ensure this line exists:
your-server-ip  mail.yourdomain.com  mail

Create a non-root user with sudo privileges for daily operations:

adduser admin
usermod -aG sudo admin

Step 2 - Install Mail-in-a-Box

Mail-in-a-Box provides an automated installation script that handles all configuration:

curl -s https://mailinabox.email/setup.sh | sudo bash

During installation, the script prompts for:

The installation takes 10-15 minutes and automatically configures:

If the install script exits with an error about the hostname, verify that your /etc/hosts entry matches the hostname you set. Mail-in-a-Box is strict about this: the hostname must be a fully qualified domain name that resolves to the server’s IP.

Step 3 - DNS Configuration

After installation, Mail-in-a-Box displays the DNS records you need to create. Log into your domain registrar’s DNS management panel and add these records:

MX Record

Type - MX
Host - @
Value - mail.yourdomain.com
Priority - 10

A Record

Type - A
Host - mail
Value - your-server-ip

SPF Record

Type - TXT
Host - @
Value - v=spf1 mx -all

DKIM Record Copy the DKIM key displayed after installation and create a TXT record with selector mail:

Type - TXT
Host - mail._domainkey
Value - v=DKIM1; k=rsa; p=your-dkim-key-here

DMARC Record

Type - TXT
Host - _dmarc
Value - v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

Allow 24-48 hours for DNS propagation before testing email delivery. You can verify propagation with dig MX yourdomain.com from any machine, or use the web-based tool mxtoolbox.com to inspect all records at once. Mail-in-a-Box’s admin panel also runs a self-check that flags any missing or misconfigured DNS records, run it from System > Status Checks.

PTR / Reverse DNS

One record that belongs on your VPS provider’s side rather than your registrar: the PTR record (reverse DNS). Many mail servers reject messages from IPs without a matching PTR record. In DigitalOcean, set it under Networking > Droplets > your droplet > rename the droplet to mail.yourdomain.com. On Hetzner, it is under Servers > your server > Networking > IPv4 > set PTR.

Step 4 - Access Your Email Server

Once DNS propagates, access your Mail-in-a-Box through:

The admin panel lets you create additional mailboxes, configure aliases, and manage DNS settings. Default credentials use the email address and password you specified during installation.

Step 5 - Configure Email Clients

Mail-in-a-Box supports standard IMAP and SMTP protocols for any email client:

IMAP Settings

Server - mail.yourdomain.com
Port - 993
Encryption - SSL/TLS

SMTP Settings

Server - mail.yourdomain.com
Port - 587
Encryption - STARTTLS
Authentication - Normal password

Thunderbird, Apple Mail, and Microsoft Outlook all connect using these settings. Thunderbird’s auto-discovery sometimes picks up the wrong ports, if auto-discovery fails, enter the settings manually. On mobile, FairEmail on Android is an excellent privacy-respecting client that supports IMAP IDLE for push-like notifications without polling.

Step 6 - Hardening Your Mail Server

After basic setup, implement these security improvements:

Enable Two-Factor Authentication Access the admin panel, navigate to Users, and enable 2FA for each mailbox using the TOTP standard. Use any authenticator app, Aegis on Android and Raivo on iOS are privacy-respecting options that avoid cloud backup by default.

Configure Fail2Ban Mail-in-a-Box includes Fail2Ban by default, which blocks brute force attempts against SMTP and IMAP login forms. Verify it is active:

sudo fail2ban-client status
sudo fail2ban-client status postfix

You should see active jails for postfix and dovecot. If a jail shows zero active filters, restart fail2ban:

sudo systemctl restart fail2ban

Restrict SSH Access Modify /etc/ssh/sshd_config to disable password authentication and permit only key-based login:

PasswordAuthentication no
PermitRootLogin no

Restart the SSH service after making changes. Before restarting, verify your public key is in /home/admin/.ssh/authorized_keys, locking yourself out of SSH on a remote server requires a console rescue session through your VPS provider’s dashboard.

Set Up Backup Mail-in-a-Box includes automated backup to external storage. Configure S3-compatible storage in the admin panel under System > Backup. Backblaze B2 works as a S3-compatible target and costs a fraction of Amazon S3 for small volumes. The backup process encrypts archives with a passphrase you set, store this passphrase in a password manager, not on the server itself.

Firewall Review

Check the UFW firewall rules Mail-in-a-Box configured:

sudo ufw status verbose

Ports 25 (SMTP), 587 (submission), 993 (IMAPS), 80 (HTTP for Let’s Encrypt), and 443 (HTTPS for webmail/admin) should be open. Close any other ports that appear in the list.

Troubleshooting Common Issues

Email Not Delivering to Gmail or Outlook Check your sender reputation at mail-tester.com. Ensure SPF, DKIM, and DMARC all pass. Gmail requires postmaster@yourdomain.com to exist, create this alias in the admin panel. Use mail-tester.com by sending a test message to their generated address and reviewing the score. A score of 9/10 or above indicates good deliverability.

SSL Certificate Errors Force certificate renewal:

sudo mailinabox ssl letsencrypt

IMAP Connection Timeouts Verify your firewall allows ports 993 and 587:

sudo ufw status

Low Spam Score or Deliverability Problems Register your domain with Google Postmaster Tools (postmaster.google.com) and Microsoft SNDS (sendersupport.olc.protection.outlook.com). Both services show reputation metrics specific to Gmail and Outlook delivery, invaluable for diagnosing why messages land in spam at those destinations.

Step 7 - Adding Secondary Domains

To host email for additional domains, navigate to Mail > External Domains in the admin panel. Enter the new domain and follow the DNS configuration steps. Mail-in-a-Box handles virtual aliasing automatically.

Step 8 - Automation with the API

Mail-in-a-Box exposes a REST API for programmatic management. Generate an API key in the admin panel under System > API Keys:

curl -X POST https://mail.yourdomain.com/admin/mail/users \
  -H "Authorization: Bearer your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"email": "newuser@yourdomain.com", "password": "secure-password"}'

Use this for provisioning accounts in scripts or integrating with user management systems. The API also supports listing users, deleting accounts, and managing aliases, making it practical for headless administration pipelines.

Step 9 - Perform Maintenance and Updates

Mail-in-a-Box includes an automated update mechanism. Check for updates through the admin panel or via command line:

sudo mailinabox version
sudo mailinabox update

Monitor disk space and memory usage regularly, email servers with active mailboxes consume resources quickly. A server hosting five active mailboxes with normal usage will accumulate several gigabytes of stored mail within a few months. Set up disk usage alerts via your VPS provider’s monitoring, or use a simple cron job:

Alert if disk usage exceeds 80%
0 8 * * * df / | awk 'NR==2 {if ($5+0 > 80) print "Disk at "$5}' | mail -s "Disk Warning" admin@yourdomain.com

Review the Let’s Encrypt certificate renewal logs monthly. Mail-in-a-Box renews automatically, but the renewal can fail silently if port 80 becomes blocked after a firewall rule change. The admin panel’s Status Checks page surfaces certificate expiry warnings before they become outages.

Running your own email server requires ongoing attention but provides unmatched privacy and control. Mail-in-a-Box reduces the complexity significantly while remaining fully customizable for advanced use cases.

Frequently Asked Questions

Who is this article written for?

This article is written for developers, technical professionals, and power users who want practical guidance. Whether you are evaluating options or implementing a solution, the information here focuses on real-world applicability rather than theoretical overviews.

How current is the information in this article?

We update articles regularly to reflect the latest changes. However, tools and platforms evolve quickly. Always verify specific feature availability and pricing directly on the official website before making purchasing decisions.

Are there free alternatives available?

Free alternatives exist for most tool categories, though they typically come with limitations on features, usage volume, or support. Open-source options can fill some gaps if you are willing to handle setup and maintenance yourself. Evaluate whether the time savings from a paid tool justify the cost for your situation.

Can I trust these tools with sensitive data?

Review each tool’s privacy policy, data handling practices, and security certifications before using it with sensitive data. Look for SOC 2 compliance, encryption in transit and at rest, and clear data retention policies. Enterprise tiers often include stronger privacy guarantees.

What is the learning curve like?

Most tools discussed here can be used productively within a few hours. Mastering advanced features takes 1-2 weeks of regular use. Focus on the 20% of features that cover 80% of your needs first, then explore advanced capabilities as specific needs arise.

Related Articles

Built by theluckystrike. More at zovo.one