Self-Hosting Mail-in-a-Box: Complete Setup Guide
What Is Mail-in-a-Box?
Mail-in-a-Box is a one-command email server installer that turns a fresh Ubuntu server into a fully functional mail system. It bundles Postfix (SMTP), Dovecot (IMAP), Roundcube (webmail), Nextcloud (contacts and calendar), SpamAssassin, DKIM, SPF, DMARC, DNSSEC, automatic Let’s Encrypt SSL, and a web-based admin panel — all configured to work together out of the box. It replaces Gmail, Outlook, or any commercial email provider for personal and small business use.
Prerequisites
- A dedicated VPS or server running Ubuntu 22.04 LTS 64-bit (no other OS supported)
- 1 GB RAM minimum (512 MB technically works but not recommended)
- A domain name with DNS controlled by your registrar (Mail-in-a-Box will manage DNS itself)
- A static public IP address (most VPS providers include this)
- Port 25 not blocked by your hosting provider (some cloud providers block outbound SMTP — check before purchasing)
- Important: Mail-in-a-Box requires a dedicated server. Do not install it alongside Docker containers, web servers, or other services. It takes over the entire machine.
Installation
Mail-in-a-Box does not use Docker. It’s a bash script installer that configures the bare OS directly.
SSH into your fresh Ubuntu 22.04 server and run:
curl -s https://mailinabox.email/setup.sh | sudo bashOr clone and install from source for a specific version:
git clone https://github.com/mail-in-a-box/mailinabox
cd mailinabox
git checkout v74
sudo setup/start.shThe installer asks three questions:
- Your email address (e.g.,
you@yourdomain.com) - The hostname for the mail server (e.g.,
box.yourdomain.com) - Your country code (for SSL certificate generation)
Installation takes 5-15 minutes depending on server speed. When it finishes, it prints the URL for the admin panel.
Initial Setup
1. Configure DNS
After installation, open the admin panel at https://box.yourdomain.com/admin. Navigate to System → External DNS (or Custom DNS depending on your setup).
Mail-in-a-Box can act as its own DNS server. Point your domain’s nameservers to your box’s IP address, or copy the displayed DNS records to your registrar manually. The required records include:
| Record | Purpose |
|---|---|
| A/AAAA | Points domain to server |
| MX | Tells other servers where to deliver mail |
| TXT (SPF) | Authorizes your server to send mail for the domain |
| TXT (DKIM) | Cryptographic signature for outgoing mail |
| TXT (DMARC) | Policy for handling failed authentication |
| TXT (DANE/TLSA) | Certificate pinning for encrypted delivery |
| SRV | Autodiscovery for email clients |
2. Create User Accounts
In the admin panel, go to Mail → Users and create mailboxes. The first account you created during setup is the admin account.
3. Verify Health
The admin panel includes a System → Status Checks page that verifies all DNS records, SSL certificates, and service health. Fix any yellow or red items before sending mail.
Configuration
Webmail
Roundcube webmail is available at https://box.yourdomain.com/mail. Log in with your full email address and password.
Desktop and Mobile Clients
Mail-in-a-Box supports automatic client configuration. In most email clients, entering your email address and password is sufficient — the SRV DNS records handle server discovery.
| Setting | Value |
|---|---|
| IMAP server | box.yourdomain.com |
| IMAP port | 993 (SSL/TLS) |
| SMTP server | box.yourdomain.com |
| SMTP port | 465 (SSL/TLS) |
| Username | Full email address |
| Exchange ActiveSync | Supported (via z-push) |
Contacts and Calendar
Nextcloud provides CardDAV (contacts) and CalDAV (calendar) sync. Access Nextcloud at https://box.yourdomain.com/cloud or configure your phone/desktop client with the DAV URLs shown in the admin panel.
Aliases and Forwarding
Create email aliases in Mail → Aliases. You can forward mail to external addresses, create catch-all aliases for a domain, or set up distribution lists.
Multiple Domains
Add additional domains in Mail → Custom DNS or by pointing their MX records to your box. Mail-in-a-Box handles SSL certificates and DNS for all configured domains.
Security Features
Mail-in-a-Box configures these automatically — no manual setup required:
| Feature | What It Does |
|---|---|
| SPF | Declares which servers can send mail for your domain |
| DKIM | Signs outgoing mail with a cryptographic key |
| DMARC | Tells receiving servers how to handle failed SPF/DKIM |
| DANE/TLSA | Pins your TLS certificate in DNS via DNSSEC |
| DNSSEC | Cryptographically signs your DNS records |
| fail2ban | Blocks IPs after repeated failed login attempts |
| UFW firewall | Only required ports are open |
| Let’s Encrypt | Automatic SSL certificate renewal |
| Greylisting | Temporarily rejects unknown senders (blocks spam) |
| Two-factor auth | TOTP-based 2FA for admin panel and webmail |
Backup
Mail-in-a-Box includes built-in backup via Duplicity. Configure in System → Backup:
- Local backup: Stored on the server (protects against accidental deletion, not hardware failure)
- S3-compatible: Amazon S3, Backblaze B2, or any S3-compatible storage
- rsync: To a remote server via SSH
Backups are encrypted and run daily by default. Test restoring from backup before relying on it.
For broader backup strategies, see Backup Strategy.
Troubleshooting
Mail Not Being Delivered to Recipients
Symptom: You send email but it never arrives at Gmail, Outlook, or other providers. Fix: Check the admin panel’s Status Checks for DNS issues. Verify your VPS provider doesn’t block port 25 outbound. Check your IP against blacklists at mxtoolbox.com. New mail server IPs often need a few days to build reputation — send test emails to your own accounts first.
SSL Certificate Not Renewing
Symptom: Browser shows certificate warnings when accessing webmail.
Fix: Run sudo mailinabox to re-run the setup, which triggers certificate renewal. Ensure port 80 is accessible from the internet (Let’s Encrypt needs it for HTTP-01 validation).
Spam Not Being Filtered
Symptom: Inbox fills with spam despite SpamAssassin being active.
Fix: SpamAssassin and greylisting are enabled by default. Check that postgrey is running (systemctl status postgrey). For persistent spam from specific senders, add them to the Roundcube blocklist or create Sieve filters.
”Connection Refused” on Port 25
Symptom: Other mail servers can’t deliver to you. Fix: Many cloud providers (AWS, GCP, Azure, Oracle Cloud) block inbound port 25 by default. You may need to request port 25 access from your provider. Hetzner, OVH, and Linode generally allow port 25 without restrictions.
Resource Requirements
- RAM: ~400 MB idle, 600-800 MB under moderate load
- CPU: Low (single core handles hundreds of users)
- Disk: 10 GB for the system, plus ~1 GB per user (highly variable based on email volume and attachments)
Verdict
Mail-in-a-Box is the best self-hosted email solution for people who want email to just work without learning Postfix configuration. The one-command install and automatic DNS/DKIM/DMARC setup is unmatched — what takes hours to configure manually in mailcow or Mailu is handled automatically. The trade-off is zero customization: you can’t tweak individual components, choose alternative webmail clients, or run it alongside other services on the same server. Choose mailcow if you need Docker, multiple admin accounts, or SOGo groupware. Choose Mailu for a containerized setup with more flexibility. Choose Mail-in-a-Box if simplicity is your top priority.
FAQ
Can I run Mail-in-a-Box alongside Docker containers?
No. Mail-in-a-Box requires a dedicated server — it configures Nginx, Postfix, Dovecot, and other services directly on the OS. Running Docker containers alongside it will cause port conflicts and configuration issues. Use a separate VPS for Mail-in-a-Box.
Which VPS providers work with Mail-in-a-Box?
Hetzner, OVH, Linode, and Vultr allow port 25 without restrictions. AWS, GCP, Azure, and Oracle Cloud block port 25 by default and require special requests (often denied for new accounts). Always verify port 25 availability before purchasing a VPS for email.
Can I migrate from Gmail to Mail-in-a-Box?
Yes. After setup, use imapsync to transfer all existing Gmail messages to your new server via IMAP. Update your DNS MX records to point to Mail-in-a-Box, and Gmail will stop receiving new mail for your domain. Set up forwarding in Gmail for the transition period.
How does Mail-in-a-Box compare to mailcow?
Mail-in-a-Box is a one-command bare-metal installer with zero customization — it works out of the box but you can’t change components. mailcow is a Docker-based suite with SOGo groupware, a web admin panel, and more flexibility at the cost of higher resource usage (~1.5 GB RAM vs ~400 MB). See Mail-in-a-Box vs mailcow.
Does Mail-in-a-Box support multiple domains?
Yes. Add additional domains through the admin panel. Each domain gets its own MX, SPF, DKIM, and DMARC records. Mail-in-a-Box manages DNS automatically if you point your domain’s nameservers to the box.
Can I update Mail-in-a-Box without losing data?
Yes. SSH into the server and run sudo mailinabox — it re-runs the setup script, applying updates while preserving your data, accounts, and settings. Always take a backup first via the admin panel’s Backup page.
Related
- Mail-in-a-Box vs mailcow: Easy vs Flexible
- Mailu vs Mail-in-a-Box: Docker vs Bare Metal
- Self-Hosting mailcow with Docker Compose
- Self-Hosting Mailu with Docker Compose
- Mailu vs mailcow
- Best Self-Hosted Email Servers
- Self-Hosted Alternatives to Gmail
- Self-Hosted Alternatives to Outlook
- Docker Compose Basics
- Backup Strategy
Get self-hosting tips in your inbox
Get the Docker Compose configs, hardware picks, and setup shortcuts we don't put in articles. Weekly. No spam.
Comments