Mailcow Mail Server - Getting Started Guide
This server comes with Mailcow - a fully dockerized mail server suite with email sending and receiving, webmail (SOGo), antispam (Rspamd), antivirus (ClamAV) and an admin panel. Your mail domain and admin password are configured automatically from the details you provided during the order.
Step 1 - Verify Mailcow Works
Your server's IP address and root password are shown on the Server Details page in your client panel. Open https://your.server.ip in a browser. Your browser will show a security warning about the self-signed certificate - this is normal, proceed to the site.
On the login page, click "Log in as administrator" at the bottom. Enter the admin credentials:
- Username:
admin - Password: the Admin Password you entered during the order
Important: The default login page is for mailbox users (email login). The admin panel has a separate login - use the link at the bottom of the page.
If you see the Mailcow admin dashboard, everything is working correctly.
If you placed the server behind a VyOS router on a private network, set up port forwarding for ports 22 (SSH), 25 (SMTP), 80 (HTTP), 443 (HTTPS), 587 (Submission), 993 (IMAP) and 995 (POP3). A mail server must be reachable from the internet to send and receive email.
Step 2 - Configure DNS Records
Proper DNS configuration is critical for email delivery. Without correct records, your emails will be rejected or marked as spam. Go to your domain registrar's DNS settings and add the following records (replace your.server.ip with your actual server IP and example.com with your domain):
| Type | Name | Value |
|---|---|---|
| A | your.server.ip | |
| MX | @ | mail.example.com (priority 10) |
| TXT | @ | v=spf1 mx a -all |
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:postmaster@example.com |
| CNAME | autodiscover | mail.example.com |
| CNAME | autoconfig | mail.example.com |
DKIM record: After logging in to the admin panel, go to Configuration → ARC/DKIM keys to get the DKIM key. Then add:
| Type | Name | Value |
|---|---|---|
| TXT | dkim._domainkey | (copy from Mailcow admin panel) |
Reverse DNS (PTR record): Contact support to set the PTR record for your server IP to mail.example.com. This is required for reliable email delivery.
DNS changes usually take a few minutes, but can take up to 24 hours. You can check the status at dnschecker.org.
Step 3 - Create Mailboxes
In the admin panel:
- Go to E-Mail → Mailboxes
- Click Add mailbox
- Enter the username (e.g.
info), set a password and click Add - The new mailbox (e.g.
info@example.com) is ready to use
Users can access webmail (SOGo) at https://your.server.ip/SOGo - log in with the full email address and mailbox password.
Post-Installation
SSL with Let's Encrypt
Mailcow has built-in Let's Encrypt support. Once your A record (mail.example.com) points to the server and DNS has propagated, ensure SKIP_LETS_ENCRYPT=n in mailcow.conf and restart:
cd /opt/mailcow-dockerized
docker compose down && docker compose up -dMailcow will automatically obtain and renew the certificate.
Email Client Configuration
To connect an email client (Outlook, Thunderbird, mobile), use these settings:
| Protocol | Server | Port | Security |
|---|---|---|---|
| IMAP | mail.example.com | 993 | SSL/TLS |
| SMTP | mail.example.com | 587 | STARTTLS |
| POP3 | mail.example.com | 995 | SSL/TLS |
Username is the full email address (e.g. info@example.com). If you configured autodiscover and autoconfig DNS records, most email clients will detect these settings automatically.
Adding Domains
You can host multiple mail domains on a single Mailcow server:
- Go to Configuration → Mail Setup → Domains
- Click Add domain and enter the new domain name
- Configure DNS records for the new domain (MX, SPF, DKIM, DMARC) following the same pattern as in Step 2
- Create mailboxes for the new domain
Fail2Ban - Brute-Force Protection
Your server comes with Fail2Ban pre-configured to protect SSH from brute-force attacks. Mailcow also has its own internal brute-force protection for SMTP, IMAP, POP3 and the admin panel - configure it in the admin UI under System → Configuration → Fail2ban parameters.
| Rule | Max Attempts | Ban Duration |
|---|---|---|
| SSH (host) | 5 failed logins | 10 minutes |
Useful commands:
# Check banned IPs
fail2ban-client status sshd
# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.
Service Management
# Check status
cd /opt/mailcow-dockerized && docker compose ps
# Restart all services
docker compose down && docker compose up -d
# View logs
docker compose logs -f --tail=100Backups
Mailcow includes a built-in backup script:
# Create a backup
cd /opt/mailcow-dockerized
./helper-scripts/backup_and_restore.sh backup all --delete-days 7
# Automated daily backups (add to crontab -e)
0 3 * * * cd /opt/mailcow-dockerized && ./helper-scripts/backup_and_restore.sh backup all --delete-days 7Backups are stored in /var/backups/mailcow by default.
Updates
To update Mailcow and system packages:
# Update Mailcow
cd /opt/mailcow-dockerized && sudo ./update.sh
# Update system packages
apt update && apt upgrade -ySoftware Included
| Component | Details |
|---|---|
| Ubuntu | 24.04 LTS |
| Docker CE | Latest |
| Mailcow | Latest (dockerized) |
| Postfix | SMTP server |
| Dovecot | IMAP / POP3 server |
| SOGo | Webmail client |
| ClamAV | Antivirus |
| Rspamd | Antispam |
| Fail2Ban | Brute-force protection |
Troubleshooting
| Problem | Solution |
|---|---|
| Cannot access web panel | Check that containers are running: cd /opt/mailcow-dockerized && docker compose ps. Restart if needed: docker compose down && docker compose up -d |
| Login page asks for email | The default page is for mailbox users. Click "Log in as administrator" at the bottom of the page to access the admin login |
| Emails going to spam | Verify DNS records: SPF, DKIM and DMARC must be correctly configured. Check PTR record with dig -x your.server.ip. Test at mail-tester.com |
| Cannot send or receive emails | Check MX record: dig MX example.com. Verify port 25 is not blocked by your provider. Check logs: cd /opt/mailcow-dockerized && docker compose logs postfix-mailcow |
| Let's Encrypt certificate not issued | Ensure MAILCOW_HOSTNAME in mailcow.conf matches your DNS A record and SKIP_LETS_ENCRYPT=n. Check logs: docker compose logs acme-mailcow |
| ClamAV not ready / high memory usage | ClamAV downloads virus databases on first start (~300 MB). This can take several minutes. Check: docker compose logs clamd-mailcow |
| Forgot admin password | Reset via SSH:cd /opt/mailcow-dockerized && docker compose exec -T mysql-mailcow mysql -umailcow -p$(grep DBPASS mailcow.conf | cut -d= -f2) mailcow -e "UPDATE admin SET password='{SSHA256}' WHERE username='admin';"Then log in with any password and change it in the admin panel |
| Blocked by Fail2Ban | Use VNC console in your client panel to unban your IP |
| Forgot root password | Use VNC console in your client panel to reset it |