How to set up your own Docker mail server step by step

A dedicated mail server gives you full control over your digital com­mu­nic­a­tions. This guide focusses on setting up your own mail server using Docker. It covers everything from system re­quire­ments and security guidance to a complete step-by-step tutorial. With Docker’s ready-to-use container stacks, like Docker mail server, deploying a secure and scalable mail solution has never been easier.

What is a Docker mail server?

A Docker mail server is a self-hosted email solution deployed in con­tain­ers using Docker. It handles sending, receiving, and storing email while enabling full control over data privacy, security policies, and system con­fig­ur­a­tion. Compared to third-party providers like Gmail or Outlook, a Docker mail server puts you in charge of your in­fra­struc­ture - ideal for de­velopers, privacy-conscious users, and small busi­nesses.

Why use Docker for a mail server?

Using Docker to host your mail server has several key ad­vant­ages:

• Isolation and security: Docker con­tain­ers isolate the mail server, reducing the risk of system-wide com­prom­ise and improving security.

• Port­ab­il­ity: Docker con­tain­ers can be easily moved across en­vir­on­ments, ensuring con­sist­ent setup between local and cloud servers.

• Sim­pli­fied de­ploy­ment: Docker provides pre-con­figured stacks, stream­lin­ing the setup process and elim­in­at­ing the need for manual con­fig­ur­a­tion.

• Scalab­il­ity: easily scale Docker con­tain­ers to ac­com­mod­ate growing email traffic and changing resource re­quire­ments.

• Version control: specify Docker image versions to prevent com­pat­ib­il­ity issues and enable easier rollback if needed.

• Con­sist­ency across en­vir­on­ments: Docker ensures con­sist­ent con­fig­ur­a­tions and setups across de­vel­op­ment, testing, and pro­duc­tion en­vir­on­ments.

What are the re­quire­ments for running a Docker mail server?

To host your own Docker mail server, you’ll need suf­fi­cient hardware resources depending on the expected email traffic. A static IPv4 address is vital for smooth mail server in­ter­ac­tions. Ad­di­tion­ally, ensure proper DNS con­fig­ur­a­tion, including MX, SPF, DKIM, and DMARC records. IPv6 support is also in­creas­ingly important for better com­pat­ib­il­ity and email repu­ta­tion.

Current re­com­men­ded tech­no­lo­gies

• Docker image: docker-mailserver/docker-mailserver:v13.2+
• Email protocols: SMTP (Ports 25, 587, 465), IMAPS (993), POP3S (995)
• Security standards: TLS 1.3, DKIM, SPF, DMARC, DNSSEC (if supported)
• Host OS: Ubuntu 22.04 LTS, Debian 12, or equi­val­ent stable Linux dis­tri­bu­tions

What should be con­sidered when setting up a Docker mail server?

Security con­fig­ur­a­tions overview

To protect your mail server, make sure to con­sist­ently apply security settings, including the following:

• Use up-to-date TLS cer­ti­fic­ates (at least TLS 1.2, ideally TLS 1.3)
• Set up and enforce SPF, DKIM, and DMARC policies
• Implement rate limiting and au­then­tic­a­tion via SASL
• Enable encrypted con­nec­tions for IMAP/POP3 and SMTP
• Set up logging with tools like rsyslog and struc­tured log rotation

General re­com­mend­a­tions for setup

Setting up a Docker mail server requires technical expertise and thorough security con­fig­ur­a­tion. Here are some key points to focus on:

• Choosing an ap­pro­pri­ate Docker image and mail server stack (e.g. docker-mailserv­er/docker-mailserv­er)
• Con­fig­ur­ing DNS records (MX, SPF, DKIM, DMARC)
• Securing the Docker host (firewall, Fail2Ban, en­cryp­tion)
• Choosing the right ad­min­is­trat­ive and mon­it­or­ing tools
• Regular updates and backups (including Docker image updates)
• Con­fig­ur­ing reverse DNS entries and IPv6 support
• Complying with legal re­quire­ments (e.g., GDPR legally compliant email archiving)

What hardware is required?

To run your own Docker mail server, ap­pro­pri­ate hardware is essential. The necessary per­form­ance depends on various factors, including how many emails are sent daily and how many people will be using the server. Docker con­tain­ers are light­weight, but you still need to consider RAM, CPU, and storage. Ad­di­tion­al per­form­ance may be required for extra services like backup systems or content scanners (e.g., spam or phishing pro­tec­tion). You will also need a static IPv4 address for smooth in­ter­ac­tion with other mail servers - dynamic IPs can cause issues with email delivery.

When looking for a suitable en­vir­on­ment for your Docker mail server, it’s important to consider what ca­pa­cit­ies need to be covered. A simple setup can handle a handful of emails per day, while a heavily used business mail server requires sub­stan­tial RAM, CPU, and storage.

How to set up a Docker mail server step by step

In this tutorial, we’ve chosen the popular Docker container docker-mailserv­er.

This light­weight, open-source container (MIT Licence) offers a modular, ready-to-use stack for setting up your own mail server. It in­teg­rates all the essential com­pon­ents, such as an SMTP server, IMAP or POP3 server, optional spam and antivirus pro­tec­tion, and, if needed, an LDAP directory service.

Step 1: Get the Docker image

You can get the latest docker-mailserv­er image from the official Docker Hub directory or the official GitHub re­pos­it­ory.

The re­com­men­ded approach is to pull a stable release, such as v13.2, rather than using the :latest or :edge tags.

Run the following command to pull the image:

docker pull mailserver/docker-mailserver:v13.2
# or:
docker pull ghcr.io/docker-mailserver/docker-mailserver:v13.2

Step 2: Configure docker-compose.yml

Next, you’ll need to configure docker-compose.yml to define the necessary services and volumes for your Docker container. Here’s an example con­fig­ur­a­tion for your mail server:

version: '3.8'
services:
    mailserver:
        image: docker.io/mailserver/docker-mailserver:v13.2
        container_name: mailserver
        hostname: mail-server
        domainname: example.co.uk
        ports:
            - "25:25"
            - "587:587"
            - "465:465"
        volumes:
            - ./docker-data/dms/mail-data/:/var/mail/
            - ./docker-data/dms/mail-state/:/var/mail-state/
            - ./docker-data/dms/mail-logs/:/var/log/mail/
            - ./docker-data/dms/config/:/tmp/docker-mailserver/
            - ./docker-data/nginx-proxy/certs/:/etc/letsencrypt/
            - /etc/localtime:/etc/localtime:ro
        environment:
            - ENABLE_FAIL2BAN=1
            - SSL_TYPE=letsencrypt
            - PERMIT_DOCKER=network
            - ONE_DIR=1
            - ENABLE_POSTGREY=0
            - ENABLE_CLAMAV=0
            - ENABLE_SPAMASSASSIN=0
            - SPOOF_PROTECTION=0
        cap_add:
            - NET_ADMIN
            - SYS_PTRACE

This con­fig­ur­a­tion ensures that your Docker container uses the correct ports for SMTP (25), IMAPS (993), and SMTP Sub­mis­sion (587), and that volumes are properly mapped for per­sist­ent data storage. Ad­di­tion­ally, security features like Fail2Ban and Let’s Encrypt SSL are enabled.

Step 3: Open required ports

In your docker-compose.yml file, you’ll notice the SMTP server ports are listed (25, 465, and 587). These must also be opened in your server’s firewall to ensure reliable email traffic.

If you’re using a service like IONOS for hosting, you can easily open these ports via the Cloud Panel:

1. Log in to the IONOS Cloud Panel.
2. Go to the ‘Server & Cloud section’.
3. Select the server you are using to host the Docker mail server.
4. In the left-hand menu, click ‘Network’ then ‘Firewall Policies.’
5. Add firewall rules for TCP ports 25, 465, and 587.

Close

Step 4: Configure DNS settings

In the next step, you need to ensure that the DNS service for your domain is correctly con­figured:

• MX Record: Points to the mail server (e.g., mail.example.co.uk) that you defined under hostname and domainname in your docker-compose.yml.
• SPF Record: A TXT record for the domain (not for the hostname!), e.g., v=spf1 mx ~all.

How to configure DNS in IONOS Cloud Panel:

1. Log in to your IONOS Cloud Panel.
2. Go to ‘Domains & SSL’.
3. Find your domain and click the settings icon.
4. Select ‘DNS’.
5. Add the following records:

• MX Record: Target = mail.example.co.uk, Priority = 10
• TXT Record: Type = TXT, Value = v=spf1 mx ~all

Close

Finally, click on ‘Reset Domain’ in the top menu to reload the DNS con­fig­ur­a­tion and apply the changes. Confirm your entries by clicking ‘Reset Now’ - this will only affect the updated DNS records, not the domain itself.

Step 5: Generate DKIM keys

To increase the security of your mail server, you need to generate a DKIM (Do­main­Keys Iden­ti­fied Mail) record for your domain. This technique allows emails to be digitally signed, so receiving mail servers can verify their au­then­ti­city.

Use the provided setup.sh script in the docker-mailserver directory:

./setup.sh config dkim

The generated public key will be saved in the following file (assuming the volume was correctly mounted):

docker-data/dms/config/opendkim/keys/example.co.uk/mail.txt

Open the file and copy its contents to create a TXT record in your domain’s DNS settings. The DNS record might look like this:

mail._domainkey.example.co.uk. IN TXT (
    "v=DKIM1; h=sha256; k=rsa; "
    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOC...continuedPublicKey...IDAQAB"
)

• mail is the selector and can be named as you prefer (e.g., default, key2025, etc.).
• If your DNS provider limits the length to 255 char­ac­ters per string, you will need to split the key (as shown in the example).
• Make sure the record type is TXT and it applies to the full domain mail._domainkey.example.co.uk.

Step 6: Start the server and create your first address

Start the con­figured mail server directly from the project directory with the following command:

docker-compose up -d

These in­struc­tions will help you securely and ef­fi­ciently set up both modern container-based and tra­di­tion­al mail server en­vir­on­ments.