Self-Hosting Mail-in-a-Box: Complete Setup Guide
What Is Mail-in-a-Box?
Mail-in-a-Box is a one-command email server installer that turns a fresh Ubuntu server into a fully functional mail system. It bundles Postfix (SMTP), Dovecot (IMAP), Roundcube (webmail), Nextcloud (contacts and calendar), SpamAssassin, DKIM, SPF, DMARC, DNSSEC, automatic Let’s Encrypt SSL, and a web-based admin panel — all configured to work together out of the box. It replaces Gmail, Outlook, or any commercial email provider for personal and small business use.
Prerequisites
- A dedicated VPS or server running Ubuntu 22.04 LTS 64-bit (no other OS supported)
- 1 GB RAM minimum (512 MB technically works but not recommended)
- A domain name with DNS controlled by your registrar (Mail-in-a-Box will manage DNS itself)
- A static public IP address (most VPS providers include this)
- Port 25 not blocked by your hosting provider (some cloud providers block outbound SMTP — check before purchasing)
- Important: Mail-in-a-Box requires a dedicated server. Do not install it alongside Docker containers, web servers, or other services. It takes over the entire machine.
Installation
Mail-in-a-Box does not use Docker. It’s a bash script installer that configures the bare OS directly.
SSH into your fresh Ubuntu 22.04 server and run:
curl -s https://mailinabox.email/setup.sh | sudo bashOr clone and install from source for a specific version:
git clone https://github.com/mail-in-a-box/mailinabox
cd mailinabox
git checkout v74
sudo setup/start.shThe installer asks three questions:
- Your email address (e.g.,
[email protected]) - The hostname for the mail server (e.g.,
box.yourdomain.com) - Your country code (for SSL certificate generation)
Installation takes 5-15 minutes depending on server speed. When it finishes, it prints the URL for the admin panel.
Initial Setup
1. Configure DNS
After installation, open the admin panel at https://box.yourdomain.com/admin. Navigate to System → External DNS (or Custom DNS depending on your setup).
Mail-in-a-Box can act as its own DNS server. Point your domain’s nameservers to your box’s IP address, or copy the displayed DNS records to your registrar manually. The required records include:
| Record | Purpose |
|---|---|
| A/AAAA | Points domain to server |
| MX | Tells other servers where to deliver mail |
| TXT (SPF) | Authorizes your server to send mail for the domain |
| TXT (DKIM) | Cryptographic signature for outgoing mail |
| TXT (DMARC) | Policy for handling failed authentication |
| TXT (DANE/TLSA) | Certificate pinning for encrypted delivery |
| SRV | Autodiscovery for email clients |
2. Create User Accounts
In the admin panel, go to Mail → Users and create mailboxes. The first account you created during setup is the admin account.
3. Verify Health
The admin panel includes a System → Status Checks page that verifies all DNS records, SSL certificates, and service health. Fix any yellow or red items before sending mail.
Configuration
Webmail
Roundcube webmail is available at https://box.yourdomain.com/mail. Log in with your full email address and password.
Desktop and Mobile Clients
Mail-in-a-Box supports automatic client configuration. In most email clients, entering your email address and password is sufficient — the SRV DNS records handle server discovery.
| Setting | Value |
|---|---|
| IMAP server | box.yourdomain.com |
| IMAP port | 993 (SSL/TLS) |
| SMTP server | box.yourdomain.com |
| SMTP port | 465 (SSL/TLS) |
| Username | Full email address |
| Exchange ActiveSync | Supported (via z-push) |
Contacts and Calendar
Nextcloud provides CardDAV (contacts) and CalDAV (calendar) sync. Access Nextcloud at https://box.yourdomain.com/cloud or configure your phone/desktop client with the DAV URLs shown in the admin panel.
Aliases and Forwarding
Create email aliases in Mail → Aliases. You can forward mail to external addresses, create catch-all aliases for a domain, or set up distribution lists.
Multiple Domains
Add additional domains in Mail → Custom DNS or by pointing their MX records to your box. Mail-in-a-Box handles SSL certificates and DNS for all configured domains.
Security Features
Mail-in-a-Box configures these automatically — no manual setup required:
| Feature | What It Does |
|---|---|
| SPF | Declares which servers can send mail for your domain |
| DKIM | Signs outgoing mail with a cryptographic key |
| DMARC | Tells receiving servers how to handle failed SPF/DKIM |
| DANE/TLSA | Pins your TLS certificate in DNS via DNSSEC |
| DNSSEC | Cryptographically signs your DNS records |
| fail2ban | Blocks IPs after repeated failed login attempts |
| UFW firewall | Only required ports are open |
| Let’s Encrypt | Automatic SSL certificate renewal |
| Greylisting | Temporarily rejects unknown senders (blocks spam) |
| Two-factor auth | TOTP-based 2FA for admin panel and webmail |
Backup
Mail-in-a-Box includes built-in backup via Duplicity. Configure in System → Backup:
- Local backup: Stored on the server (protects against accidental deletion, not hardware failure)
- S3-compatible: Amazon S3, Backblaze B2, or any S3-compatible storage
- rsync: To a remote server via SSH
Backups are encrypted and run daily by default. Test restoring from backup before relying on it.
For broader backup strategies, see Backup Strategy.
Troubleshooting
Mail Not Being Delivered to Recipients
Symptom: You send email but it never arrives at Gmail, Outlook, or other providers. Fix: Check the admin panel’s Status Checks for DNS issues. Verify your VPS provider doesn’t block port 25 outbound. Check your IP against blacklists at mxtoolbox.com. New mail server IPs often need a few days to build reputation — send test emails to your own accounts first.
SSL Certificate Not Renewing
Symptom: Browser shows certificate warnings when accessing webmail.
Fix: Run sudo mailinabox to re-run the setup, which triggers certificate renewal. Ensure port 80 is accessible from the internet (Let’s Encrypt needs it for HTTP-01 validation).
Spam Not Being Filtered
Symptom: Inbox fills with spam despite SpamAssassin being active.
Fix: SpamAssassin and greylisting are enabled by default. Check that postgrey is running (systemctl status postgrey). For persistent spam from specific senders, add them to the Roundcube blocklist or create Sieve filters.
”Connection Refused” on Port 25
Symptom: Other mail servers can’t deliver to you. Fix: Many cloud providers (AWS, GCP, Azure, Oracle Cloud) block inbound port 25 by default. You may need to request port 25 access from your provider. Hetzner, OVH, and Linode generally allow port 25 without restrictions.
Resource Requirements
- RAM: ~400 MB idle, 600-800 MB under moderate load
- CPU: Low (single core handles hundreds of users)
- Disk: 10 GB for the system, plus ~1 GB per user (highly variable based on email volume and attachments)
Verdict
Mail-in-a-Box is the best self-hosted email solution for people who want email to just work without learning Postfix configuration. The one-command install and automatic DNS/DKIM/DMARC setup is unmatched — what takes hours to configure manually in mailcow or Mailu is handled automatically. The trade-off is zero customization: you can’t tweak individual components, choose alternative webmail clients, or run it alongside other services on the same server. Choose mailcow if you need Docker, multiple admin accounts, or SOGo groupware. Choose Mailu for a containerized setup with more flexibility. Choose Mail-in-a-Box if simplicity is your top priority.
Related
- Mail-in-a-Box vs mailcow: Easy vs Flexible
- Mailu vs Mail-in-a-Box: Docker vs Bare Metal
- Self-Hosting mailcow with Docker Compose
- Self-Hosting Mailu with Docker Compose
- Mailu vs mailcow
- Best Self-Hosted Email Servers
- Self-Hosted Alternatives to Gmail
- Self-Hosted Alternatives to Outlook
- Docker Compose Basics
- Backup Strategy
Get self-hosting tips in your inbox
Get the Docker Compose configs, hardware picks, and setup shortcuts we don't put in articles. Weekly. No spam.
Comments