Mailcow Not Receiving Email: Fixes

By Alex Thornton email Updated:

The Problem

Your mailcow installation is running but incoming emails don’t arrive. You can send mail but receiving fails — messages bounce back to senders, or they silently disappear. This covers the most common causes and fixes.

Quick Diagnostic

Run these checks in order to narrow down the issue:

# 1. Is Postfix listening on port 25?
docker compose exec postfix-mailcow ss -tlnp | grep :25

# 2. Can you reach port 25 from outside?
# Run from a DIFFERENT machine:
telnet mail.yourdomain.com 25

# 3. Check MX record
dig MX yourdomain.com +short

# 4. Check Postfix logs for errors
docker compose logs postfix-mailcow --tail 100

# 5. Check if mail is queued but not delivered
docker compose exec postfix-mailcow postqueue -p

Fix 1: Port 25 Blocked by VPS Provider

The #1 cause. Many VPS providers block port 25 outbound by default to prevent spam. Some also block port 25 inbound, which prevents receiving mail entirely.

Affected providers:

  • Oracle Cloud: Blocks port 25 by default — must request unblock
  • AWS EC2/Lightsail: Blocks port 25 outbound — request removal via support
  • Google Cloud: Blocks port 25 — no exceptions
  • Azure: Blocks port 25 on some plans
  • Hetzner: Open by default
  • DigitalOcean: Open by default (may block on new accounts)
  • Vultr: Open by default
  • Linode: Open by default

Check from your server:

# Test if port 25 is reachable from outside
# From a different machine:
nc -zv mail.yourdomain.com 25

If the connection times out, port 25 is blocked.

Fix: Contact your VPS provider’s support to unblock port 25. If they refuse (Google Cloud won’t), switch to a provider that allows it.

Also check your server’s firewall:

# UFW
sudo ufw status | grep 25

# iptables
sudo iptables -L -n | grep 25

# If blocked, allow it:
sudo ufw allow 25/tcp

Fix 2: Wrong or Missing MX Record

Check:

dig MX yourdomain.com +short

Expected output:

10 mail.yourdomain.com.

Common problems:

No MX Record

Add an MX record in your DNS:

yourdomain.com.  MX  10  mail.yourdomain.com.

The mail.yourdomain.com A record must point to your server’s IP:

mail.yourdomain.com.  A  203.0.113.10

MX Points to Wrong IP

The MX hostname must resolve to your mailcow server’s actual IP:

dig A mail.yourdomain.com +short
# Must return your server IP

MX Points to Cloudflare Proxy

Never proxy your MX record through Cloudflare (orange cloud). Mail traffic must go directly to your server. Set the mail hostname to DNS-only (gray cloud) in Cloudflare.

Multiple MX Records Causing Confusion

If you have old MX records pointing to a previous email provider (Google Workspace, Microsoft 365), remove them. Having both your server and a cloud provider in MX records causes unpredictable delivery.

Fix 3: Postfix Not Running or Crashed

Check container status:

docker compose ps | grep postfix

The postfix-mailcow container should show Up status. If it’s restarting or exited:

# Check logs
docker compose logs postfix-mailcow --tail 200

# Restart it
docker compose restart postfix-mailcow

Common Postfix errors:

“fatal: no SASL authentication mechanisms”

Dovecot isn’t ready yet. Wait 30 seconds and restart Postfix:

docker compose restart postfix-mailcow

“warning: hostname does not resolve to address”

Your mailcow hostname doesn’t match DNS. Check mailcow.conf:

grep MAILCOW_HOSTNAME mailcow.conf

This must match your MX record’s target hostname and resolve to your server IP.

”connect to localhost:10025: Connection refused”

The Rspamd or amavis container isn’t running. Check:

docker compose ps | grep rspamd
docker compose restart rspamd-mailcow

Fix 4: Domain Not Added in Mailcow

Mailcow rejects mail for domains it doesn’t know about.

  1. Log into the mailcow admin UI (https://mail.yourdomain.com)
  2. Go to Configuration → Mail Setup → Domains
  3. Verify your domain is listed and active
  4. Check that at least one mailbox exists for the domain

If the domain isn’t listed, add it. Without a domain and mailbox, Postfix rejects incoming mail with a 550 5.1.1 Recipient rejected error.

Fix 5: SSL/TLS Certificate Issues

Mailcow uses Let’s Encrypt by default. If certificate renewal failed, incoming TLS connections may break.

Check certificate:

docker compose exec postfix-mailcow openssl s_client -starttls smtp -connect localhost:25 2>/dev/null | head -5

Force certificate renewal:

docker compose exec acme-mailcow bash -c "rm -rf /var/www/acme/cert-*"
docker compose restart acme-mailcow
# Wait 2-3 minutes for renewal
docker compose restart postfix-mailcow dovecot-mailcow nginx-mailcow

Fix 6: Disk Full

When the disk is full, Postfix can’t write to its queue and silently drops incoming mail.

df -h /var/lib/docker

If usage is above 90%, clean up:

# Remove old Docker images
docker image prune -a

# Check mailcow volume sizes
du -sh /opt/mailcow-dockerized/data/*/

Fix 7: Rspamd Rejecting Everything

Rspamd (mailcow’s spam filter) can sometimes be misconfigured or overly aggressive, rejecting legitimate mail.

Check if Rspamd is blocking incoming mail:

docker compose logs rspamd-mailcow --tail 100 | grep reject

Temporarily lower the rejection threshold:

  1. Go to mailcow admin → Configuration → Rspamd
  2. Check the rejection score (default: 15)
  3. If it’s set too low, increase it to 15-20
  4. Check if any custom rules are causing false positives

Fix 8: Dovecot Not Delivering to Mailbox

Mail arrives at Postfix but doesn’t appear in your mailbox. This usually means Dovecot (the IMAP server) isn’t processing the delivery.

docker compose logs dovecot-mailcow --tail 100

Common causes:

  • Mailbox quota exceeded — check in admin UI under mailbox settings
  • Filesystem permissions on the vmail volume
  • Dovecot crashed — docker compose restart dovecot-mailcow

Verification

After applying fixes, verify end-to-end:

  1. Send a test email from an external Gmail/Outlook account to your mailcow address
  2. Check Postfix logs for the incoming connection:
docker compose logs postfix-mailcow --tail 50 | grep "from=<"
  1. Check the mailbox via SOGo webmail or your IMAP client
  2. Use mail-tester.com to verify your setup scores 10/10

Prevention

  • Monitor port 25 connectivity with Uptime Kuma (TCP check on port 25)
  • Set up DMARC reporting to catch authentication issues early — see Email Deliverability
  • Monitor disk space on your server
  • Keep mailcow updated — docker compose pull && docker compose up -d
  • Check Postfix logs weekly for recurring errors

Related Articles

compare

Mailcow vs docker-mailserver: Which to Choose?

Comparing Mailcow and docker-mailserver for self-hosted email — web UI, resource usage, setup complexity, and feature di...

compare

Mail-in-a-Box vs mailcow: Easy vs Flexible

Compare Mail-in-a-Box and Mailcow for self-hosted email — installation, customization, Docker support, groupware, and wh...

compare

Mailcow vs iRedMail: Which Mail Server to Choose?

Mailcow vs iRedMail for self-hosted email. Docker-native suite vs bare-metal installer — admin UI, spam filtering, resou...

compare

Mailcow vs Stalwart: Full Suite or Lean Server?

Mailcow bundles a complete mail suite with webmail and admin UI. Stalwart is a single-binary Rust server. Compare resour...

compare

Mailu vs Mailcow: Which Mail Server?

Mailu vs Mailcow compared for self-hosted email — setup complexity, resource usage, features, and which mail server to c...

compare

Modoboa vs Mailcow: Which Mail Server to Self-Host?

Modoboa vs Mailcow compared — Docker setup, features, admin panels, and which self-hosted email server is right for your...

Read Next Mailcow vs docker-mailserver: Which to Choose?

Comments