How to Make an Email Server with a VPS

Hey, I’m Vex, happy to be back! It’s been a while, hasn’t it? Today, let’s discuss something that’s both challenging and incredibly rewarding—building your own email server on a Virtual Private Server (VPS). If you’ve ever wanted complete control over your email communications or are concerned about privacy, this guide is for you.

Running your own email server means no more relying on Gmail, Yahoo, or other third-party services that scan your emails for advertising purposes. You’ll have full control over your data, enhanced privacy, and the satisfaction of managing your own digital communications infrastructure.

What You’ll Need Before Starting

Before diving into the technical setup, let’s make sure you have everything required:

• A VPS from a reputable provider (Linode, DigitalOcean, Vultr, etc.)
• A domain name registered with DNS access
• Basic Linux command-line knowledge
• About 1-2 hours of uninterrupted time
• A cup of coffee (seriously, this helps!)

Remember, setting up an email server isn’t exactly a walk in the park, but with this guide, you’ll be able to navigate the process smoothly.

Choosing the Right VPS for Your Email Server

Not all VPS offerings are created equal, especially when it comes to hosting email services. Here’s what to look for:

VPS Requirements

Your email server VPS should ideally have:

• At least 1GB RAM (2GB recommended)
• 20GB+ storage (emails can accumulate quickly)
• A provider that doesn’t block outgoing SMTP traffic
• Clean IP address (not blacklisted)

Recommended VPS Providers

I’ve had great experiences with the following providers for email servers:

1. Linode – Their $5/month Nanode works for small personal email servers
2. DigitalOcean – Basic droplets are reliable and email-friendly
3. Hetzner – Excellent price-to-performance ratio for European servers
4. Vultr – Good global presence if you need servers in specific regions

Pro tip: Before purchasing, check with the provider if they allow self-hosted email servers. Some providers restrict or discourage email hosting due to spam concerns.

Setting Up Your VPS: The Foundation

Now that you’ve got your VPS, let’s build the foundation for your email server.

Initial Server Setup

First things first, secure your server:

1. Update your system: apt update && apt upgrade -y
2. Create a non-root user: adduser emailadmin usermod -aG sudo emailadmin
3. Set up SSH key authentication (much more secure than passwords)
4. Configure basic firewall: ufw allow OpenSSH ufw allow 25/tcp ufw allow 143/tcp ufw allow 587/tcp ufw allow 993/tcp ufw allow 465/tcp ufw allow 110/tcp ufw allow 995/tcp ufw enable

Configuring DNS Records

Your email server needs proper DNS records to function correctly. Log into your domain registrar or DNS provider and add these records:

1. A record: mail.yourdomain.com pointing to your VPS IP address
2. MX record: yourdomain.com pointing to mail.yourdomain.com with priority 10
3. PTR record: Reverse DNS for your IP (usually set through your VPS provider)
4. SPF record: yourdomain.com TXT record with v=spf1 mx ip4:YOUR_SERVER_IP ~all
5. DKIM records: (We’ll generate these during the setup process)
6. DMARC record: _dmarc.yourdomain.com TXT record with v=DMARC1; p=none; rua=mailto:admin@yourdomain.com

DNS records can take several hours to propagate, so it’s good to set these up before proceeding with the email server installation.

Installing the Mail Transfer Agent: Postfix

Postfix is our Mail Transfer Agent (MTA) of choice—it’s robust, secure, and widely used in production environments.

Basic Postfix Installation

1. Install Postfix: apt install postfix -y During installation, select “Internet Site” and enter your domain name when prompted.
2. Open the main Postfix configuration file: nano /etc/postfix/main.cf
3. Configure the following parameters: myhostname = mail.yourdomain.com mydomain = yourdomain.com myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, $mydomain mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 home_mailbox = Maildir/ mailbox_command = smtpd_banner = $myhostname ESMTP $mail_name smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level = may smtp_tls_security_level = may smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
4. Restart Postfix: systemctl restart postfix

Configuring SASL Authentication

To allow users to send email through your server, set up SASL authentication:

1. Install required packages: apt install libsasl2-modules -y
2. Create password file: nano /etc/postfix/sasl_passwd Add your authentication information.
3. Generate the hash database: postmap /etc/postfix/sasl_passwd
4. Secure the files: chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Setting Up Dovecot: The Mail Delivery Agent

Dovecot will handle IMAP and POP3 services, allowing you to access your email from clients like Thunderbird, Outlook, or mobile apps.

Installing Dovecot

1. Install Dovecot: apt install dovecot-core dovecot-imapd dovecot-pop3d -y
2. Configure Dovecot: nano /etc/dovecot/dovecot.conf Uncomment and set: protocols = imap pop3
3. Configure mail location: nano /etc/dovecot/conf.d/10-mail.conf Set: mail_location = maildir:~/Maildir
4. Configure authentication: nano /etc/dovecot/conf.d/10-auth.conf Set: disable_plaintext_auth = yes auth_mechanisms = plain login
5. Configure SSL/TLS: nano /etc/dovecot/conf.d/10-ssl.conf Set: ssl = required ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
6. Restart Dovecot: systemctl restart dovecot

Enhancing Security with Let’s Encrypt SSL

Those snakeoil certificates we’re using temporarily aren’t secure. Let’s replace them with real SSL certificates from Let’s Encrypt:

1. Install Certbot: apt install certbot -y
2. Obtain certificates: certbot certonly --standalone -d mail.yourdomain.com
3. Update Postfix configuration: nano /etc/postfix/main.cf Change: smtpd_tls_cert_file = /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
4. Update Dovecot configuration: nano /etc/dovecot/conf.d/10-ssl.conf Change: ssl_cert = </etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
5. Restart services: systemctl restart postfix dovecot

Implementing Anti-Spam Measures: SpamAssassin

Nobody wants a server that gets flooded with spam. Let’s add SpamAssassin to filter unwanted messages:

1. Install SpamAssassin: apt install spamassassin spamc -y
2. Enable the service: systemctl enable spamassassin systemctl start spamassassin
3. Configure Postfix to use SpamAssassin: Add to /etc/postfix/master.cf: smtp inet n - - - - smtpd -o content_filter=spamassassin spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
4. Restart Postfix: systemctl restart postfix

Setting Up DKIM for Better Email Authentication

DKIM (DomainKeys Identified Mail) adds a digital signature to your outgoing emails, improving deliverability:

1. Install OpenDKIM: apt install opendkim opendkim-tools -y
2. Configure OpenDKIM: nano /etc/opendkim.conf Set the appropriate parameters.
3. Generate keys: mkdir -p /etc/opendkim/keys/yourdomain.com cd /etc/opendkim/keys/yourdomain.com opendkim-genkey -d yourdomain.com -s default
4. Add the public key to your DNS as a TXT record.
5. Configure Postfix integration and restart services.

Creating Email Accounts

Now that our server is ready, let’s create email accounts:

1. Add a system user: adduser user1
2. Set up the Maildir format: mkdir -p /home/user1/Maildir/{cur,new,tmp} chown -R user1:user1 /home/user1/Maildir
3. Create as many accounts as needed by repeating these steps.

Configuring Email Clients

Your server is now ready to use with email clients! Here are the settings you’ll need:

General IMAP Settings:

• Incoming Mail Server: mail.yourdomain.com
• Protocol: IMAP
• Port: 993
• Security: SSL/TLS
• Username: your full email address
• Password: your account password

Outgoing SMTP Settings:

• Outgoing Mail Server: mail.yourdomain.com
• Protocol: SMTP
• Port: 587
• Security: STARTTLS
• Authentication: Required
• Username: your full email address
• Password: your account password

Monitoring and Maintaining Your Email Server

Running an email server is an ongoing responsibility. Here’s how to keep it running smoothly:

Regular Maintenance Tasks

1. Update your system regularly for security patches: apt update && apt upgrade -y
2. Monitor log files for unusual activity: tail -f /var/log/mail.log
3. Check blacklists to ensure your IP address remains clean.
4. Back up your email data regularly.

Troubleshooting Common Issues

1. Emails not being delivered: Check your MX records and server firewall.
2. Authentication failures: Verify your SASL configuration.
3. SSL/TLS errors: Ensure certificates are valid and properly configured.
4. Spam filtering too aggressive: Adjust SpamAssassin settings.

Advanced Configurations

Once you’re comfortable with your basic setup, consider these advanced configurations:

Virtual Domains and Users

If you want to host multiple domains or have more flexible user management:

1. Install and configure Postfix Admin for web-based management.
2. Set up MySQL or PostgreSQL for user database storage.
3. Modify Postfix and Dovecot to use virtual users instead of system users.

Webmail Interface

Add a webmail interface to access emails through a browser:

1. Install Apache or Nginx web server.
2. Set up Roundcube, Squirrelmail, or Rainloop webmail application.
3. Configure SSL for secure webmail access.

Conclusion: Is Self-Hosting Email Worth It?

After going through this guide, you might be wondering if all this effort is worth it. Here’s my honest take:

Self-hosting email gives you unmatched privacy and control, but it comes with responsibility. You’ll need to monitor for issues, maintain security updates, and ensure your server remains properly configured.

For individuals with technical backgrounds or small organizations wanting complete control over their communications, self-hosted email can be extremely rewarding. For others, managed email services might be a better fit.

If you’ve followed this guide all the way through, congratulations! You now have your own email server and the knowledge to maintain it. Your digital communications are now truly yours.

Remember that email server administration is a continuous learning process. As security practices evolve and new threats emerge, stay informed and adapt your configuration accordingly.

Have questions or ran into issues? Drop a comment below, and I’ll do my best to help!