Best Self-Hosted Email Servers 2026: Mailcow vs Mail-in-a-Box vs Docker Mailserver

Self-hosting email is the final boss of self-hosting. You can run your own password manager in an afternoon. You can set up a media server before dinner. But email? Email is a multi-headed beast of DNS records, spam filtering, IP reputation, DKIM signing, DMARC policies, and a dozen other acronyms that exist because the original email protocol was designed in 1982 when the internet had about 200 hosts and everyone trusted each other.

And yet, in 2026, there are real reasons to do it. Google reads your email to train AI models. Microsoft locks you into an ecosystem that costs more every year. ProtonMail is fine until you need IMAP access or want to use your own domain without paying $48/year per user. Self-hosting gives you unlimited mailboxes, unlimited domains, unlimited aliases, full-text search, and zero monthly fees.

The challenge is picking the right platform and surviving the setup process. Three projects have emerged as the serious contenders: Mailcow, the feature-rich heavyweight with a polished web UI; Mail-in-a-Box, the opinionated all-in-one solution that automates everything; and Docker Mailserver (DMS), the minimalist container-based approach for people who prefer configuration files over GUIs.

This guide puts all three side by side with honest assessments, real configuration examples, and clear recommendations based on your experience level and requirements.

Table of Contents

• TL;DR
• Quick Comparison Table
• Why Self-Host Email in 2026?
• The Hard Truth: What Makes Email Different
• Prerequisites for Any Self-Hosted Email Server
• Mailcow: The Full-Featured Powerhouse
• Mail-in-a-Box: The Automated All-in-One
• Docker Mailserver: The Minimalist Container Approach
• Head-to-Head: Feature Comparison
• Spam Filtering Comparison
• Security Comparison
• Resource Requirements and Performance
• DNS Configuration (Universal)
• Deliverability: Will Your Emails Actually Arrive?
• Backup Strategies for Self-Hosted Email
• Common Pitfalls and Troubleshooting
• FAQ
• Verdict: Which One Should You Use?
• Final Thoughts

TL;DR

• Mailcow is best for: users who want a complete, polished email platform with a web UI, two-factor authentication, per-domain quotas, and a built-in webmail client. It is Docker-based and actively maintained. Requires 4 GB RAM minimum.
• Mail-in-a-Box is best for: people who want email running in 30 minutes with zero decisions. It installs everything on a fresh Ubuntu server and manages DNS, TLS, backups, and webmail automatically. Not Docker-based. Requires a dedicated server.
• Docker Mailserver is best for: experienced admins who want a lightweight, configurable mail server that fits into an existing Docker infrastructure. No web UI by default. Maximum flexibility, minimum hand-holding.
• All three require a VPS or server with a clean IP, a domain name, and correct DNS records. No shared hosting, no residential IP, no exceptions.

Quick Comparison Table

Feature	Mailcow	Mail-in-a-Box	Docker Mailserver
Architecture	Docker Compose (15+ containers)	Bare metal (single server)	Docker (single container)
Web UI	Yes (mailcow UI + SOGo)	Yes (Roundcube + admin panel)	No (CLI-based)
Webmail	SOGo (full groupware)	Roundcube	None (add your own)
MTA	Postfix	Postfix	Postfix
MDA	Dovecot	Dovecot	Dovecot
Spam Filter	Rspamd	Spamassassin	Rspamd or Spamassassin
Antivirus	ClamAV (optional)	ClamAV (optional)	ClamAV (optional)
DKIM	Automatic	Automatic	Automatic
Fail2ban	Built-in	Built-in	Built-in
Min RAM	4 GB	1 GB	1 GB
Min Storage	20 GB	10 GB	10 GB
OS Support	Any with Docker	Ubuntu 22.04 only	Any with Docker
Backup Tool	Built-in	Built-in	Manual (scripts provided)
CalDAV/CardDAV	Yes (SOGo)	Yes (Nextcloud)	No
ActiveSync	Yes (SOGo)	Yes (Z-Push)	No
Multi-domain	Yes	Yes	Yes
Alias Management	Web UI	Web UI	CLI / config file
License	GPL-3.0	CC0 (public domain)	MIT
GitHub Stars	9k+	14k+	14k+

Why Self-Host Email in 2026?

The practical reasons have not changed, but they have gotten stronger:

Cost at scale. Google Workspace costs $7.20/user/month. Microsoft 365 Business Basic is $6/user/month. If you run a small business or family with 10 mailboxes, that is $72-86/month. A VPS capable of running any of these mail servers costs $5-15/month regardless of user count.

Privacy. Google confirmed in 2024 that Gmail data is used for AI training. Microsoft scans attachments for “safety.” Every email you send through a major provider is indexed, analyzed, and stored in ways you cannot control or audit. A self-hosted mail server processes exactly zero emails for advertising or AI purposes.

Unlimited flexibility. Want 50 aliases? Done. Catch-all addresses? Done. Per-user spam thresholds? Done. Custom Sieve filters? Done. No provider imposes limits when you run the server.

No vendor lock-in. Google has a history of killing products. If they decide to change Gmail’s pricing or features, your only option is migration. With self-hosted email, you can move between any of these three platforms (or something else entirely) while keeping your domain and addresses.

Learning. Running an email server teaches you more about DNS, networking, encryption, and internet protocols than almost any other self-hosting project. If you are building a career in systems administration or DevOps, email is the master class.

The Hard Truth: What Makes Email Different

Before we go further, you need to understand why email is genuinely harder than other self-hosted services. This is not gatekeeping — it is saving you from wasting a weekend.

IP reputation is everything. Major email providers (Gmail, Outlook, Yahoo) maintain reputation scores for every IP address that sends email. If your IP has ever been used for spam, your emails will land in junk folders or be rejected outright. This means you need a VPS with a clean IP from a reputable provider. Residential IPs are almost universally blocked. Cheap VPS providers with IPs in spam block lists are useless.

DNS is complex and unforgiving. You need A records, MX records, SPF records, DKIM records, DMARC records, and optionally DANE/TLSA records. A single typo in any of these will break email delivery, and the failure mode is silent — emails just disappear.

Port 25 must be open. Many cloud providers (AWS, Google Cloud, Oracle Cloud free tier) block outbound port 25 by default to prevent spam. You either need a provider that allows it or you need to request unblocking, which some providers refuse.

Maintenance is ongoing. Unlike a media server that you set up and forget, an email server requires monitoring for delivery issues, blacklist checking, certificate renewals, and software updates. Falling behind on updates can mean security vulnerabilities.

If any of this sounds like more than you want to deal with, there is no shame in using a privacy-respecting email provider like Fastmail, Migadu, or Proton. But if you are ready for the challenge, let us proceed.

Prerequisites for Any Self-Hosted Email Server

Regardless of which platform you choose, you need:

1. A VPS or dedicated server with a clean IP. Check your IP against blacklists at mxtoolbox.com before committing. Recommended providers: Hetzner, Netcup, OVH, Contabo, or any provider that does not block port 25.

2. A domain name. You need full DNS control. Registrars like Cloudflare, Namecheap, or Porkbun all work.

3. A valid rDNS (reverse DNS) record. Your VPS provider must let you set the PTR record for your IP to match your mail server hostname (e.g., mail.yourdomain.com).

4. Ports 25, 143, 465, 587, 993 open. Port 25 for SMTP, 587 for submission, 465 for implicit TLS, 143 for IMAP, 993 for IMAPS.

5. At least 1 GB of RAM (4 GB for Mailcow). 2 GB is comfortable for Mail-in-a-Box and Docker Mailserver.

6. A hostname that resolves correctly. Your server’s FQDN must resolve to its public IP, and the reverse DNS must match.

Mailcow: The Full-Featured Powerhouse

Mailcow (stylized as mailcow: dockerized) is a Docker-based mail server suite created by André Peters. It bundles Postfix, Dovecot, Rspamd, ClamAV, SOGo groupware, and a custom admin UI into a coordinated set of Docker containers managed by Docker Compose.

Mailcow is what you choose when you want Gmail-level features without Gmail. The web UI handles everything: domain management, mailbox creation, alias configuration, DKIM key generation, spam filter tuning, quarantine management, and per-domain rate limiting. SOGo provides webmail with calendar, contacts, and ActiveSync support for mobile devices.

Mailcow Architecture

Mailcow runs approximately 15 Docker containers:

• postfix-mailcow: Postfix MTA for sending and receiving
• dovecot-mailcow: Dovecot for IMAP and mail storage
• rspamd-mailcow: Spam filtering and DKIM signing
• clamd-mailcow: ClamAV antivirus scanning
• sogo-mailcow: SOGo groupware (webmail, calendar, contacts)
• nginx-mailcow: Web server for the admin UI and SOGo
• mysql-mailcow: MariaDB for configuration storage
• redis-mailcow: Redis for caching and Rspamd
• memcached-mailcow: Session caching for SOGo
• php-fpm-mailcow: PHP processing for the admin UI
• acme-mailcow: Automatic TLS certificate management
• netfilter-mailcow: Fail2ban equivalent for brute force protection
• watchdog-mailcow: Health monitoring and alerting
• olefy-mailcow: Macro analysis for email attachments
• solr-mailcow: Full-text search (optional, resource-heavy)

This architecture means Mailcow does everything out of the box but at the cost of higher resource usage.

Mailcow Setup

Mailcow provides its own installation script. On a fresh server with Docker and Docker Compose already installed:

cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
./generate_config.sh

The script will ask for your mail server hostname (e.g., mail.yourdomain.com) and timezone. It generates a mailcow.conf file and the necessary Docker Compose configuration.

The generated Docker Compose setup looks like this (simplified for readability):

# docker-compose.yml (Mailcow - simplified excerpt)
services:
  postfix-mailcow:
    image: mailcow/postfix:latest
    restart: always
    depends_on:
      - mysql-mailcow
    volumes:
      - postfix-vol:/var/spool/postfix
      - crypt-vol:/var/lib/zeyple
    ports:
      - "25:25"
      - "465:465"
      - "587:587"
    networks:
      mailcow-network:
        aliases:
          - postfix

  dovecot-mailcow:
    image: mailcow/dovecot:latest
    restart: always
    depends_on:
      - mysql-mailcow
    volumes:
      - vmail-vol:/var/vmail
      - crypt-vol:/mail_crypt
    ports:
      - "143:143"
      - "993:993"
      - "4190:4190"
    networks:
      mailcow-network:
        aliases:
          - dovecot

  rspamd-mailcow:
    image: mailcow/rspamd:latest
    restart: always
    depends_on:
      - redis-mailcow
    volumes:
      - rspamd-vol:/var/lib/rspamd
    networks:
      mailcow-network:
        aliases:
          - rspamd

  nginx-mailcow:
    image: mailcow/nginx:latest
    restart: always
    depends_on:
      - php-fpm-mailcow
      - sogo-mailcow
    ports:
      - "${HTTP_PORT:-80}:80"
      - "${HTTPS_PORT:-443}:443"
    networks:
      mailcow-network:
        aliases:
          - nginx

  mysql-mailcow:
    image: mariadb:10.11
    restart: always
    volumes:
      - mysql-vol:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: ${DBROOT}
      MYSQL_DATABASE: ${DBNAME}
      MYSQL_USER: ${DBUSER}
      MYSQL_PASSWORD: ${DBPASS}
    networks:
      mailcow-network:
        aliases:
          - mysql

  redis-mailcow:
    image: redis:7-alpine
    restart: always
    volumes:
      - redis-vol:/data
    networks:
      mailcow-network:
        aliases:
          - redis

  sogo-mailcow:
    image: mailcow/sogo:latest
    restart: always
    depends_on:
      - mysql-mailcow
      - redis-mailcow
    networks:
      mailcow-network:
        aliases:
          - sogo

networks:
  mailcow-network:
    driver: bridge

volumes:
  vmail-vol:
  postfix-vol:
  mysql-vol:
  redis-vol:
  rspamd-vol:
  crypt-vol:

Start Mailcow:

cd /opt/mailcow-dockerized
docker compose pull
docker compose up -d

After startup, access the admin UI at https://mail.yourdomain.com with the default credentials (admin / moohoo). Change the password immediately.

Mailcow Key Features

SOGo Groupware. Full-featured webmail with a calendar, contacts, and task management. Supports ActiveSync for native mobile mail apps (iOS Mail, Samsung Email, Outlook) without needing to configure IMAP manually on each device.

Rspamd Integration. Mailcow uses Rspamd for spam filtering, which is faster and more modern than Spamassassin. The admin UI exposes Rspamd’s web interface for fine-tuning spam scores, managing whitelists/blacklists, and viewing spam statistics.

Per-Domain Quotas and Rate Limits. You can set storage quotas per mailbox and rate limits per domain. Useful if you host email for multiple domains or family members.

Quarantine with Notifications. Spam is quarantined rather than silently deleted. Users receive periodic digest emails listing quarantined messages so they can release false positives.

Two-Factor Authentication. The admin panel and SOGo both support TOTP-based 2FA.

Built-in Backup. Mailcow includes a backup script (helper-scripts/backup_and_restore.sh) that backs up all data, configuration, and databases.

Mail-in-a-Box: The Automated All-in-One

Mail-in-a-Box (MIAB) takes the opposite approach from Mailcow. Instead of giving you a toolkit of Docker containers to assemble, it gives you a single command that transforms a fresh Ubuntu server into a fully configured mail server. No Docker. No manual configuration. No decisions to make.

MIAB was created by Joshua Tauberer, a civic tech developer who got frustrated with how hard it was to run a simple mail server. The project’s philosophy is that email is critical infrastructure and it should be installable in 30 minutes by someone who is not a systems administrator.

Mail-in-a-Box Architecture

MIAB installs everything directly on the host system:

• Postfix for SMTP
• Dovecot for IMAP
• Spamassassin for spam filtering
• Roundcube for webmail
• Nextcloud for contacts and calendar sync (CalDAV/CardDAV)
• Nginx for the web interface
• Certbot for Let’s Encrypt TLS certificates
• Z-Push for ActiveSync (mobile push mail)
• OpenDKIM for DKIM signing
• Fail2ban for brute force protection
• nsd for DNS hosting (optional — MIAB can be its own DNS server)

This means MIAB wants a dedicated server. Do not install it alongside other services — it will conflict with existing Nginx installations, existing Postfix configurations, and potentially overwrite firewall rules.

Mail-in-a-Box Setup

Start with a fresh Ubuntu 22.04 server. SSH in and run:

curl -s https://mailinabox.email/setup.sh | sudo bash

The setup script is interactive and asks for:

1. Your email address (which becomes the admin account)
2. Your hostname (e.g., box.yourdomain.com)

That is it. The script installs and configures everything. It takes about 10-15 minutes depending on server speed.

After installation, the admin panel is available at https://box.yourdomain.com/admin. The webmail interface is at https://box.yourdomain.com/mail.

Since MIAB is not Docker-based, there is no Docker Compose file. However, if you want to run other Docker services alongside MIAB, you can install Docker on the same server — just be careful not to create port conflicts. MIAB uses ports 25, 53, 80, 443, 465, 587, 993, and 4190.

Mail-in-a-Box Key Features

DNS Server. MIAB can act as its own authoritative DNS server. Point your domain’s nameservers to your MIAB server, and it automatically configures MX, SPF, DKIM, DMARC, and all other necessary DNS records. This is the single most time-saving feature if DNS configuration intimidates you.

Status Checks Dashboard. The admin panel includes a comprehensive status page that checks every aspect of your mail server configuration: DNS records, TLS certificates, blacklists, and software versions. If anything is wrong, it tells you exactly what and how to fix it.

Automatic Backups. MIAB backs up all data daily and can store backups locally or on a remote server via SSH or S3-compatible storage.

Nextcloud Integration. A lightweight Nextcloud instance provides CardDAV (contacts) and CalDAV (calendar) sync. It is limited — do not try to use it as a full file hosting platform — but it handles contact and calendar sync well.

User Management. The admin panel provides simple user management: create mailboxes, set aliases, manage forwarding. It is less feature-rich than Mailcow but covers the essentials.

Docker Mailserver: The Minimalist Container Approach

Docker Mailserver (DMS) is the opposite of the other two in philosophy. There is no web UI. There is no bundled webmail. There is no admin panel. What you get is a single, well-configured Docker container running Postfix and Dovecot with sensible defaults, and a CLI tool (setup.sh) for managing accounts.

DMS is for people who are already running Docker infrastructure and want email to fit into that infrastructure without installing a parallel universe of containers (Mailcow) or dedicating an entire server (MIAB). If you manage your services with Docker Compose and prefer editing configuration files over clicking through web interfaces, DMS is your tool.

Docker Mailserver Setup

Create a directory and set up the Docker Compose file:

mkdir -p ~/docker/mailserver
cd ~/docker/mailserver

Download the example configuration files:

# Get docker-compose.yml
curl -o docker-compose.yml https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/compose.yaml

# Get the setup helper script
curl -o setup.sh https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh
chmod +x setup.sh

# Get the default environment file
curl -o mailserver.env https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/mailserver.env

Here is the Docker Compose configuration:

# docker-compose.yml
services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    container_name: mailserver
    hostname: mail.yourdomain.com
    env_file: mailserver.env
    ports:
      - "25:25"
      - "143:143"
      - "465:465"
      - "587:587"
      - "993:993"
      - "4190:4190"
    volumes:
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro
    restart: always
    stop_grace_period: 1m
    cap_add:
      - NET_ADMIN
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

The mailserver.env file contains all configuration options. Key settings to configure:

# mailserver.env
OVERRIDE_HOSTNAME=mail.yourdomain.com
ENABLE_CLAMAV=0
ENABLE_RSPAMD=1
ENABLE_SPAMASSASSIN=0
ENABLE_FAIL2BAN=1
SSL_TYPE=letsencrypt
PERMIT_DOCKER=none
POSTSCREEN_ACTION=enforce
SPOOF_PROTECTION=1
ENABLE_SRS=1

Create your first email account:

./setup.sh email add user@yourdomain.com

Start the mail server:

docker compose up -d

Adding Webmail to Docker Mailserver

DMS does not include webmail, but you can add Roundcube or Snappymail alongside it:

# Add to your docker-compose.yml
  webmail:
    image: roundcube/roundcubemail:latest
    container_name: roundcube
    restart: unless-stopped
    depends_on:
      - mailserver
    environment:
      ROUNDCUBEMAIL_DEFAULT_HOST: tls://mailserver
      ROUNDCUBEMAIL_DEFAULT_PORT: 143
      ROUNDCUBEMAIL_SMTP_SERVER: tls://mailserver
      ROUNDCUBEMAIL_SMTP_PORT: 587
    ports:
      - "8080:80"
    volumes:
      - roundcube-data:/var/roundcube/db
    networks:
      - default

volumes:
  roundcube-data:

You would then put this behind your existing reverse proxy. If you are already running Caddy or Traefik (and if you are reading this blog, you might have seen our reverse proxy comparison), adding a route for the webmail interface is straightforward.

Docker Mailserver Key Features

Single Container. Everything runs in one container. Postfix, Dovecot, Rspamd (or Spamassassin), Fail2ban, and OpenDKIM. This makes resource usage minimal and deployment simple.

CLI Management. The setup.sh script handles all administration: adding/removing email accounts, configuring aliases, generating DKIM keys, managing relay hosts, and debugging issues.

Full Configuration Access. Every Postfix and Dovecot configuration option is accessible. You can override any setting by placing custom config files in the config volume. This level of control is not available in Mailcow or MIAB without hacking their internals.

Lightweight. Without ClamAV, DMS runs comfortably on 512 MB of RAM. With ClamAV enabled, plan for 1.5-2 GB.

Integrates with Existing Infrastructure. Because it is a single Docker container, DMS fits naturally into an existing Docker Compose stack. Use your existing reverse proxy for TLS termination, your existing backup system for data, and your existing monitoring for health checks.

Head-to-Head: Feature Comparison

Feature	Mailcow	Mail-in-a-Box	Docker Mailserver
Setup Time	30-60 minutes	15-30 minutes	30-60 minutes
Setup Difficulty	Medium	Easy	Medium-Hard
Ongoing Maintenance	Low (UI-managed)	Very Low (auto-updates)	Medium (CLI/config)
Customization	Medium	Low	Very High
Multi-Domain	Excellent (UI)	Good (UI)	Good (CLI)
Updates	docker compose pull && up -d	sudo mailinabox	docker compose pull && up -d
Rollback	Docker image tags	Snapshot/backup	Docker image tags
Monitoring	Built-in watchdog	Status checks page	External (you configure)
API	Yes (REST API)	Yes (REST API)	No
Documentation Quality	Good	Excellent	Excellent

Spam Filtering Comparison

Spam filtering is arguably the most critical feature of any mail server. Here is how each platform handles it:

Mailcow (Rspamd)

Mailcow uses Rspamd, a modern spam filtering system that is significantly faster than Spamassassin. Rspamd uses a combination of rules, statistical classifiers (Bayes), DNS blocklists, URL analysis, DKIM/SPF/DMARC verification, and neural network-based classification.

Mailcow exposes Rspamd’s web interface through its admin panel, allowing you to:

• Adjust spam score thresholds per domain
• View real-time spam statistics and graphs
• Manage whitelists and blacklists
• Train the Bayes classifier on false positives/negatives
• Configure greylisting behavior

The Rspamd integration is one of Mailcow’s strongest features. Out of the box, spam detection is good. After a few weeks of Bayes training, it is excellent.

Mail-in-a-Box (Spamassassin)

MIAB uses Spamassassin, the older but battle-proven spam filter. It works well but uses more CPU per message than Rspamd. MIAB configures Spamassassin with sensible defaults and connects it to Postgrey for greylisting.

The downside is limited tunability. MIAB’s philosophy is that you should not need to tune the spam filter, and the admin panel does not expose Spamassassin configuration. If you need to adjust spam rules, you need to edit configuration files on the server directly, which goes against MIAB’s design philosophy.

Docker Mailserver (Rspamd or Spamassassin)

DMS lets you choose between Rspamd and Spamassassin. The project recommends Rspamd for new installations. You configure the choice in mailserver.env:

ENABLE_RSPAMD=1
ENABLE_SPAMASSASSIN=0

Because DMS gives you full access to the underlying configuration, you can tune spam filtering as aggressively or permissively as you want. Custom Rspamd rules, custom Spamassassin rules, custom DNS blocklists — everything is configurable through mounted config files.

Security Comparison

Security Feature	Mailcow	Mail-in-a-Box	Docker Mailserver
TLS (in transit)	Auto (Let’s Encrypt)	Auto (Let’s Encrypt)	Manual or auto
DANE/TLSA	Supported	Not built-in	Supported
Full-disk encryption	At mail storage level	At volume level	Via Docker volumes
Fail2ban	Built-in (netfilter)	Built-in	Built-in
Rate Limiting	Per-domain, configurable	Basic	Postscreen + configurable
2FA (Admin)	Yes (TOTP)	No	N/A (no web UI)
2FA (Webmail)	Yes (SOGo TOTP)	No (Roundcube)	N/A
Brute Force Protection	Automatic	Automatic	Automatic
Security Audit History	Regular	Occasional	Community-driven

All three platforms enforce TLS by default for client connections and opportunistic TLS for server-to-server communication. Mailcow and DMS support DANE/TLSA records for verified encryption between mail servers.

If you are following security best practices across your infrastructure — and you should be, as we covered in our Docker security best practices guide — all three platforms can be hardened to a high standard. The difference is how much of that hardening happens automatically versus manually.

Resource Requirements and Performance

Resource	Mailcow	Mail-in-a-Box	Docker Mailserver
Min RAM (no antivirus)	3 GB	512 MB	512 MB
Min RAM (with ClamAV)	4 GB	1.5 GB	1.5 GB
Recommended RAM	6 GB	2 GB	2 GB
CPU (idle)	5-10% (2 cores)	2-5% (1 core)	1-3% (1 core)
Storage (base)	~8 GB	~4 GB	~2 GB
Container Count	15+	0 (bare metal)	1
Solr (full-text search)	+2 GB RAM	Not available	Not included

Mailcow is significantly more resource-hungry than the other two. The SOGo groupware container, MariaDB, Redis, Memcached, and Rspamd all consume memory even at idle. If you have a small VPS with 2 GB RAM, Mailcow is not an option.

DMS is the most efficient. A single container running Postfix, Dovecot, and Rspamd uses roughly 300-500 MB of RAM at idle without ClamAV. This makes it ideal for low-resource VPS instances.

MIAB falls in between but has the advantage of no Docker overhead. On a 1 GB VPS, MIAB runs comfortably for a small number of mailboxes.

DNS Configuration (Universal)

Regardless of which platform you choose, you need these DNS records. Replace yourdomain.com with your domain and 203.0.113.1 with your server’s IP:

# A record for the mail server
mail.yourdomain.com.    IN  A       203.0.113.1

# MX record pointing to the mail server
yourdomain.com.         IN  MX  10  mail.yourdomain.com.

# SPF record (allow only your server to send email)
yourdomain.com.         IN  TXT     "v=spf1 mx a:mail.yourdomain.com -all"

# DKIM record (generated by your mail server - this is an example)
dkim._domainkey.yourdomain.com.  IN  TXT  "v=DKIM1; k=rsa; p=MIIBIjANBgkqhki..."

# DMARC record
_dmarc.yourdomain.com.  IN  TXT     "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; fo=1"

# Reverse DNS (PTR) - set this in your VPS provider's control panel
203.0.113.1     IN  PTR     mail.yourdomain.com.

The DKIM key is generated by your mail server software. Mailcow generates it in the admin UI, MIAB generates it automatically, and DMS generates it via ./setup.sh config dkim.

MTA-STS is an additional record that enforces TLS for incoming connections. All three platforms support it, and it is increasingly expected by major providers:

_mta-sts.yourdomain.com.  IN  TXT  "v=STSv1; id=20260211"

You also need to host an MTA-STS policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt.

Deliverability: Will Your Emails Actually Arrive?

This is the real question, and the answer depends more on your IP reputation than on which software you run.

Step 1: Check your IP before setup. Use mxtoolbox.com/blacklists.aspx to check if your VPS IP is on any blocklists. If it is on more than two major lists, request a new IP from your provider or switch providers.

Step 2: Start slow. Do not send 500 emails on day one. Major providers are suspicious of new mail servers. Send a few emails per day for the first week, gradually increasing volume.

Step 3: Monitor delivery. Use mail-tester.com to test your configuration. Send an email to the address they give you, and they return a score out of 10 with specific recommendations. Aim for 9/10 or higher.

Step 4: Set up DMARC reporting. Configure the rua address in your DMARC record to receive aggregate reports. Services like dmarcian.com or the free dmarc.postmarkapp.com help you parse these reports.

Step 5: Google Postmaster Tools. Register at postmaster.google.com to see how Gmail rates your domain and IP reputation.

All three platforms, when configured correctly with proper DNS records and a clean IP, achieve good deliverability. The differences in deliverability between them are negligible compared to the impact of IP reputation and DNS configuration.

Backup Strategies for Self-Hosted Email

Email is one of the most critical services to back up. Losing emails is worse than losing most other self-hosted data because email often contains account recovery information, legal documents, and irreplaceable correspondence.

Mailcow Backup

Mailcow includes a backup script:

cd /opt/mailcow-dockerized
./helper-scripts/backup_and_restore.sh backup all

This backs up mail data, MariaDB databases, Redis data, Rspamd data, and configuration. You can automate it with cron. Our Docker container backup guide covers the general principles of backing up Docker-based services.

Mail-in-a-Box Backup

MIAB has built-in backup to local storage, SSH/SFTP remote servers, or S3-compatible storage. Configure it in the admin panel under System > Backup Status.

Docker Mailserver Backup

DMS stores all data in the mounted volumes. Back up these directories:

# Critical data to back up
./docker-data/dms/mail-data/     # All mailboxes
./docker-data/dms/mail-state/    # Service state (DKIM keys, etc.)
./docker-data/dms/config/        # Configuration files

A simple backup script:

#!/bin/bash
BACKUP_DIR="/backups/mailserver/$(date +%Y-%m-%d)"
mkdir -p "$BACKUP_DIR"

docker compose stop mailserver
tar -czf "$BACKUP_DIR/mail-data.tar.gz" ./docker-data/dms/
docker compose start mailserver

For all three platforms, test your backups regularly. A backup you have never restored from is not a backup — it is a hope.

Common Pitfalls and Troubleshooting

Universal Pitfalls

1. Forgot the PTR record. This is the number one cause of emails going to spam. Check with dig -x YOUR_IP.

2. SPF record too permissive. Using ~all (softfail) instead of -all (hardfail) weakens your SPF protection. Use -all unless you have a specific reason not to.

3. DKIM not set up or misconfigured. Test with dig TXT dkim._domainkey.yourdomain.com. If it does not return your DKIM key, email providers will treat your messages with suspicion.

4. Firewall blocking ports. Especially port 25 outbound. Test with telnet gmail-smtp-in.l.google.com 25 from your server.

5. Let’s Encrypt rate limits. If you are testing repeatedly, you can hit Let’s Encrypt’s rate limit (50 certificates per week per registered domain). Use the staging environment during setup.

Mailcow-Specific Issues

• Container crashes on low memory. Mailcow genuinely needs 4 GB. If SOGo or Solr keep dying, you need more RAM.
• SOGo not syncing with mobile. Check that ActiveSync is enabled in the admin panel and that your device supports it. iOS works best; some Android mail apps have compatibility issues.
• Rspamd consuming too much CPU. Disable Rspamd’s neural network module if CPU usage is too high: set enabled = false in /opt/mailcow-dockerized/data/conf/rspamd/local.d/neural.conf.

Mail-in-a-Box-Specific Issues

• Cannot install alongside other services. MIAB assumes it owns the server. If Nginx is already running, the install will fail. Use a dedicated server.
• Upgrade breaks Nextcloud. MIAB upgrades sometimes conflict with the bundled Nextcloud. Check the forum before upgrading.
• No Docker support. If your workflow is Docker-based, MIAB’s bare-metal approach may feel out of place.

Docker Mailserver-Specific Issues

• TLS certificate not found. If using Let’s Encrypt, make sure the certificate path in the container matches where your reverse proxy stores certificates. DMS looks for certificates at /etc/letsencrypt/live/mail.yourdomain.com/.
• Ownership permissions on volumes. The mail data directory must have correct ownership. DMS runs as multiple UIDs internally.
• Rspamd vs. Spamassassin confusion. Do not enable both simultaneously. Pick one.

FAQ

Is self-hosted email reliable enough for primary use?

Yes, if you set it up correctly and monitor it. The software is mature (Postfix and Dovecot have been production-grade for over two decades). The main risk is not software failure but operational issues: expired certificates, full disks, blacklisted IPs. Automated monitoring and alerting mitigate these risks. Consider our guide on uptime monitoring tools for keeping an eye on your mail server.

Will Gmail and Outlook accept my emails?

Yes, if your DNS records are correct (SPF, DKIM, DMARC), your IP is not blacklisted, and your server sends legitimate email. New mail servers may see initial deliverability issues that improve over weeks as they build reputation.

Can I migrate from Gmail/Outlook to a self-hosted server?

Yes. Use imapsync to copy all existing emails from your old provider to your new server. It supports incremental sync, so you can run it multiple times during the transition. Keep your old account active for a few months to catch any emails sent to the old address.

How much does it cost to run a self-hosted email server?

A VPS from Hetzner (CX22) costs about 4 EUR/month and is sufficient for MIAB or DMS. For Mailcow, a CX32 at 8 EUR/month provides comfortable resources. A domain costs 10-15 USD/year. Total annual cost: 60-110 USD for unlimited mailboxes.

Should I use a relay service for outbound email?

If you are worried about deliverability, you can route outbound email through a relay service like Mailgun, Amazon SES, or Postmark. This uses their established IP reputation for delivery while keeping all inbound email and storage on your server. All three platforms support relay configuration.

Can I self-host email on a Raspberry Pi or home network?

Technically yes, practically no. Residential ISPs block port 25, assign dynamic IPs, and their IP ranges are on permanent blocklists. You need a VPS with a static IP and open port 25. You can, however, run a VPS for the mail server and use Tailscale or WireGuard (see our VPN comparison) to manage it from your home network.

How do I handle downtime for maintenance?

Email has built-in resilience. If your server is unreachable, sending servers will retry delivery for up to 5 days (configurable, typically 72 hours minimum). Brief maintenance windows of a few hours are invisible to senders. For extended maintenance, set up a secondary MX record pointing to a backup server or use a service like mail.guru to queue incoming mail.

Verdict: Which One Should You Use?

Choose Mailcow If:

• You want a complete, polished email platform with a web UI
• You host email for multiple domains or users
• You want ActiveSync for mobile devices without additional configuration
• You have a VPS with at least 4 GB RAM
• You want integrated webmail, calendar, and contacts
• You prefer managing everything through a GUI
• You are comfortable with Docker Compose

Choose Mail-in-a-Box If:

• You want email running as fast as possible with minimal decisions
• You are new to self-hosted email and want the gentlest learning curve
• You have a dedicated VPS that will only run email
• You want DNS management handled automatically
• You value stability and simplicity over customization
• You do not need Docker integration

Choose Docker Mailserver If:

• You are already running Docker infrastructure and want email to fit in
• You prefer configuration files over GUIs
• You have limited resources (1-2 GB RAM)
• You want maximum control over every aspect of the mail server
• You plan to integrate with an existing reverse proxy and monitoring stack
• You are comfortable with command-line administration

The Honest Recommendation

For most homelabbers who already run Docker, Docker Mailserver is the right choice. It fits into your existing infrastructure, uses minimal resources, and gives you full control. Pair it with Roundcube or Snappymail for webmail, put it behind your existing reverse proxy, and you have a mail server that feels like a natural extension of your homelab.

If you host email for a small business or family and want everything in one package with a professional web UI, Mailcow is the clear winner. The higher resource requirements are justified by the polished experience and comprehensive feature set.

If you are not a Docker user, do not want to be a Docker user, and just want email to work, Mail-in-a-Box is the answer. The opinionated approach means fewer decisions and fewer things to break.

Final Thoughts

Self-hosted email in 2026 is not the nightmare it was a decade ago. The tooling has matured, the documentation is comprehensive, and the community support for all three platforms is active and helpful. The hardest part is not the software — it is the ecosystem around email: DNS configuration, IP reputation, and the politics of major providers deciding which servers they trust.

If you have made it through this guide and still want to proceed, you are ready. Pick one of the three platforms based on the recommendations above, allocate a dedicated VPS, set up your DNS records carefully, and send your first self-hosted email. Just remember: email infrastructure is a commitment. It is not a weekend project you set up and forget. Monitor your server, keep it updated, and check your deliverability periodically.

The payoff is real: complete control over your communications, zero monthly fees per user, and the satisfaction of owning one of the most fundamental pieces of internet infrastructure.