Mailcow Mail Server - Getting Started Guide

Mailcow Mail Server - Getting Started Guide

This server comes with Mailcow - a fully dockerized mail server suite with email sending and receiving, webmail (SOGo), antispam (Rspamd), antivirus (ClamAV) and an admin panel. Your mail domain and admin password are configured automatically from the details you provided during the order.


Step 1 - Verify Mailcow Works

Your server's IP address and root password are shown on the Server Details page in your client panel. Open https://your.server.ip in a browser. Your browser will show a security warning about the self-signed certificate - this is normal, proceed to the site.

On the login page, click "Log in as administrator" at the bottom. Enter the admin credentials:

  • Username: admin
  • Password: the Admin Password you entered during the order

Important: The default login page is for mailbox users (email login). The admin panel has a separate login - use the link at the bottom of the page.

If you see the Mailcow admin dashboard, everything is working correctly.

If you placed the server behind a VyOS router on a private network, set up port forwarding for ports 22 (SSH), 25 (SMTP), 80 (HTTP), 443 (HTTPS), 587 (Submission), 993 (IMAP) and 995 (POP3). A mail server must be reachable from the internet to send and receive email.


Step 2 - Configure DNS Records

Proper DNS configuration is critical for email delivery. Without correct records, your emails will be rejected or marked as spam. Go to your domain registrar's DNS settings and add the following records (replace your.server.ip with your actual server IP and example.com with your domain):

Type Name Value
A mail your.server.ip
MX @ mail.example.com (priority 10)
TXT @ v=spf1 mx a -all
TXT _dmarc v=DMARC1; p=quarantine; rua=mailto:postmaster@example.com
CNAME autodiscover mail.example.com
CNAME autoconfig mail.example.com

DKIM record: After logging in to the admin panel, go to ConfigurationARC/DKIM keys to get the DKIM key. Then add:

Type Name Value
TXT dkim._domainkey (copy from Mailcow admin panel)

Reverse DNS (PTR record): Contact support to set the PTR record for your server IP to mail.example.com. This is required for reliable email delivery.

DNS changes usually take a few minutes, but can take up to 24 hours. You can check the status at dnschecker.org.


Step 3 - Create Mailboxes

In the admin panel:

  1. Go to E-MailMailboxes
  2. Click Add mailbox
  3. Enter the username (e.g. info), set a password and click Add
  4. The new mailbox (e.g. info@example.com) is ready to use

Users can access webmail (SOGo) at https://your.server.ip/SOGo - log in with the full email address and mailbox password.


Post-Installation

SSL with Let's Encrypt

Mailcow has built-in Let's Encrypt support. Once your A record (mail.example.com) points to the server and DNS has propagated, ensure SKIP_LETS_ENCRYPT=n in mailcow.conf and restart:

cd /opt/mailcow-dockerized
docker compose down && docker compose up -d

Mailcow will automatically obtain and renew the certificate.

Email Client Configuration

To connect an email client (Outlook, Thunderbird, mobile), use these settings:

Protocol Server Port Security
IMAP mail.example.com 993 SSL/TLS
SMTP mail.example.com 587 STARTTLS
POP3 mail.example.com 995 SSL/TLS

Username is the full email address (e.g. info@example.com). If you configured autodiscover and autoconfig DNS records, most email clients will detect these settings automatically.

Adding Domains

You can host multiple mail domains on a single Mailcow server:

  1. Go to ConfigurationMail SetupDomains
  2. Click Add domain and enter the new domain name
  3. Configure DNS records for the new domain (MX, SPF, DKIM, DMARC) following the same pattern as in Step 2
  4. Create mailboxes for the new domain

Fail2Ban - Brute-Force Protection

Your server comes with Fail2Ban pre-configured to protect SSH from brute-force attacks. Mailcow also has its own internal brute-force protection for SMTP, IMAP, POP3 and the admin panel - configure it in the admin UI under SystemConfigurationFail2ban parameters.

Rule Max Attempts Ban Duration
SSH (host)5 failed logins10 minutes

Useful commands:

# Check banned IPs
fail2ban-client status sshd

# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4

If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.

Service Management

# Check status
cd /opt/mailcow-dockerized && docker compose ps

# Restart all services
docker compose down && docker compose up -d

# View logs
docker compose logs -f --tail=100

Backups

Mailcow includes a built-in backup script:

# Create a backup
cd /opt/mailcow-dockerized
./helper-scripts/backup_and_restore.sh backup all --delete-days 7

# Automated daily backups (add to crontab -e)
0 3 * * * cd /opt/mailcow-dockerized && ./helper-scripts/backup_and_restore.sh backup all --delete-days 7

Backups are stored in /var/backups/mailcow by default.

Updates

To update Mailcow and system packages:

# Update Mailcow
cd /opt/mailcow-dockerized && sudo ./update.sh

# Update system packages
apt update && apt upgrade -y

Software Included

Component Details
Ubuntu24.04 LTS
Docker CELatest
MailcowLatest (dockerized)
PostfixSMTP server
DovecotIMAP / POP3 server
SOGoWebmail client
ClamAVAntivirus
RspamdAntispam
Fail2BanBrute-force protection

Troubleshooting

Problem Solution
Cannot access web panel Check that containers are running: cd /opt/mailcow-dockerized && docker compose ps. Restart if needed: docker compose down && docker compose up -d
Login page asks for email The default page is for mailbox users. Click "Log in as administrator" at the bottom of the page to access the admin login
Emails going to spam Verify DNS records: SPF, DKIM and DMARC must be correctly configured. Check PTR record with dig -x your.server.ip. Test at mail-tester.com
Cannot send or receive emails Check MX record: dig MX example.com. Verify port 25 is not blocked by your provider. Check logs: cd /opt/mailcow-dockerized && docker compose logs postfix-mailcow
Let's Encrypt certificate not issued Ensure MAILCOW_HOSTNAME in mailcow.conf matches your DNS A record and SKIP_LETS_ENCRYPT=n. Check logs: docker compose logs acme-mailcow
ClamAV not ready / high memory usage ClamAV downloads virus databases on first start (~300 MB). This can take several minutes. Check: docker compose logs clamd-mailcow
Forgot admin password Reset via SSH:
cd /opt/mailcow-dockerized && docker compose exec -T mysql-mailcow mysql -umailcow -p$(grep DBPASS mailcow.conf | cut -d= -f2) mailcow -e "UPDATE admin SET password='{SSHA256}' WHERE username='admin';"
Then log in with any password and change it in the admin panel
Blocked by Fail2Ban Use VNC console in your client panel to unban your IP
Forgot root password Use VNC console in your client panel to reset it


Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 363