Easily Build Your Own Email Server Using Ubuntu Linux

Another step-by-step guide in building and running your own email server on the cloud using your own domain name. You’ll need Ubuntu Server and “Mailinabox” for this tutorial. You will need to self-host it on a dedicated server or VPS. You can use known VPS providers like DigitalOcean, Vulture or Linode. Take note, you need to be technical when running and maintaining your server. For newbies and self-learner like myself, you can read on to get the job done.

Setting up your own email server is not always the best option due to several reasons. Number of one of which is security. If you’re not knowledgeable enough to run the server yourself you might end up with a compromised server and other security breaches, due to faulty configuration and the like. And this is the top reason why you shouldn’t host and run your email server and should instead use one of well-known third-party email services like Gmail/G-Suite, Zoho Mail, Fast Mail and etc.

If you’re interested, you could take advantage of a ready-to-use and free email service, instead of building your own. Click this link to know more.

But if you’re really nosy and interested to make your own, then follow on.

With this guide, you will learn how to setup and run your own e-mail server using your own domain name. You will run through some basic server hardening steps to at least implement the needed basic security for a server. I will cover that part in this guide and basic knowledge in Linux should be helpful to follow this guide. I won’t explain further what each command would do in this guide, but you can still follow the step-by-step procedure to successfully setup the server.

So when you’re ready, jump on in and follow through the actual steps below and construct your private email server using “Mail in a Box”. Click on the jump links below.

Jump Links

Use the following links to quickly navigate to a specific section of this how-to post.


What is Mailinabox

Mail in a Box – stylized as “Mailinabox‘ or Mail-in-a-Box, is a script developed by Josh, that is made up of different free software and bundled together so it can be used to easily put up an instance of email server which can host multiple different domains.

In reality, setting up a server to send out emails requires manual configurations using the command-line. You will have to configure each component correctly in order to have a complete and running setup, without issues. Further more, incorrect and incomplete configuration of each component could render the box unusable or failure to send out an email.

But with “Mailinabox” configuration is a breeze and automated, you can either leave the default setting or customize them for your needs.

Mailinabox sets up Fail2ban, Letsencrypt SSL Certificate, Firewall (using UFW in Ubuntu), for basic server security. For anti-spam and other security features, MIA sets up; graylisting, SPF, DKIM, DMARC, opportunistic TLS, HSTS and DNSSEC. Without these correctly configured, your message will end up in spam folder of Gmail, Yahoo! and other known email services out there on the Internet.

MIAB was developed to be an “all-in-one” solution that can handle IMAP/POP, SMTP, spam filtering, webmail and also DNS resolution. And since it can handle DNS, you can use MIAB as your DNS for your other domain.

Email Service Providers

You really don’t have to roll your own email server, when in fact a free email service would be sufficient. You can always use one of the services below to handle your normal email sending needs. But if you think you have a special need to build your own for whatever purpose you might have, then read on and follow the guide.

Free Email Services and Their Sending Limits

  • GMail – Free User sending limit is 100-150 emails per day, when connected to the server from an email client like Thunderbird. Using the Web UI will let you send 500 emails a day.
  • Zoho Mail – For Free Accounts, 50 emails x total confirmed and active users (per day, per organization) for up to 4 users. For accounts with more than 4 users, the limit is 200 emails (per day, per organization). For example, you have 2 active and confirmed users in your organization’s account. Then the total number of individual emails that a user can send per day, per organization will be up to 100 (50 x 2) emails. If you have 6 (or anything more than 4) active and confirmed users, then the total number of individual emails that can be sent will be 200, as that is the fixed limit for more than 4 users.
  • Outlook – When conditions are met, a free email user is shall be allowed to send a maximum 300 emails per day (and no more than 100 recipients per message).
  • Yahoo! Mail – Outbound email messages are limited to 500 per day. Each message can be sent to 100 recipients at most. Each recipient of a message counts as one email towards the 500 daily limit (i.e. one message sent to 50 recipients counts as 50 emails towards the limit.
  • FastMail – For Trial/Free Users, they have a sending limit of a maximum of 120 messages per day.
  • Hushmail – Maximum limit is 350 emails every 24 hours, when using the Webmail. 2000 emails when using email client (i.e. Thunderbird). Each recipient of an email counts as one email sent. Sending one email to 10 recipients is the same as sending 10 emails each with a single recipient.
  • Proton Mail – Free Plan sending limit is 150 messages/day, 50 messages/hour.

Basic Email Server Security

Once you fired up your Droplet on DigitalOcean or VPS from other hosts, you need to setup basic security for very obvious reason. You might not know, your server might get compromised even just after putting it up on the cloud. This is very possible with modern automated SSH Brute-forcer and other hacker bots out there on the Internet. I won’t discuss deeply in to this matter, but this step should be done before any other else on the server.

Note: You may skip this if you would only do a quick testing on the MiaB script, but you will have to destroy your droplet once you decide to go in production. You need to start from scratch and do the basic security procedure.

For basic security we need to:

  1. Basic SSH Security
  2. Create a new user and make it a sudoer
  3. Setup TCP wrappers

Things Needed for a Private Email Server

Before even jumping on the actual procedure, you must have the following on hand already. These are the must-have requirements so you can run your private email server.

  • VPS with at least 1GB of RAM, loaded with Ubuntu Server 14.04 64-bit – As of June 5, 2018, MIAB only supports Ubuntu 14.04. You may read why no support for Ubuntu 16.04 on this page.

    You can get a $5 VPS with 1GB RAM from DigitalOcean, Vultr or Linode.

  • Domain Name for the email domain – you can use your existing domain name for this, but you need to modify your DNS settings on your Domain Registrar’s Dashboard. If you would need to buy another, I higly recommend that you get from Gandi.net (Chubbable is registered on Gandi) for your domain name because I know it supports DNSSEC and it works well for Mail-in-a-Box. You can use NameCheap too or other Registrar, but support for DNSSEC is not good everywhere.

    To know more about known good domains, click here.

  • Server Name – or Host name can be any text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9). Your server name or host name must be a FQDN. To simply explain this without being too technical, your FQDN is your hostname + domain name.

    For example, you would want to name your server as email, while your domain to use is chubbable.com, then the FQDN would be email.chubbable.com.

    If you’d want to build a multiple email server, then perhaps you’d name your machines like; box1.chubbable.com, box2.chubbable.com.

    But for the sake of this guide and simplicity, consider box as your hostname. So it would be box.your-domain.tld.

Known Good Top-Level Domains with DNSSEC Support

Base on my research and some experience, these are the known good TLDs that has DNSSEC support. I’m using .com, .me and .email myself for my other domains.

DNSSEC Supported Domain

  • .com
  • .email
  • .fund
  • .guide
  • .info
  • .io
  • .me
  • .net
  • .uk
  • .me
  • .uk
  • .us
  • .xyz

There are other TLDs that can handle DNSSEC on Gandi.net – listed on this page.

How should I know if my Gandi Domain supports DNSSEC?

When logged in to your Gandi Account, go to Domains tab, click on your domain, click on DNSSEC, and you should notice the big “Add a key” button.

The Step-by-step Procedure to Create Your Own Email Server

Building your private email server requires several software and manual configurations. Added to that, you initially have to install your server OS like Ubuntu Server 14.04. You have to install all the components from scratch.

But all thanks to MIAB, it makes life easier and takes care of the tedious tasks of configuring of an email server.

Setup Overview

To create your own personal email server, you need to go through these steps.

  1. Get a hosting account from DigitalOcean, Vultr, Linode or other VPS hosts out there on the Internet.

  2. Launch a VPS and Install Ubuntu 14.04

  3. Go through the steps of basic server security setup and hardening.

  4. Setup DNS from your Domain Registrar Dashboard.

  5. Download the MIAB script to your server and launch.

  6. Post Install Configuration.

  7. Testing and Troubleshooting.

NOTE: It is very important that you go through step 4 first (DNS Setup), before taking up the actual MIAB installation. Else, you’ll be facing several issues which can be a waste of your precious time.

The step-by-step Guide

I’m not a Linux expert, though I am knowledgeable enough and has the actual experience that makes me qualified to write this guide in a newbie-friendly way. So follow through, don’t let the command line intimidates you.

  1. Get a Hosting Account

    I you’d ask me who’s to pick, then I’d say DigitalOcean. For me, their control panel is one of the easiest to understand and use. Of course, there are alternatives to DigitalOcean, there is Vultr and Linode whose price are similar to each other.

    While I know there is Google CE and Amazon AWS, which are the leading companies in web hosting service, they are difficult to use as a newbie. Learning curve is a bit steep and setting up your account and your first server takes time.

    So if you want to really get started fast and easy, grab a VPS over at DigitalOcean and fire it up real quick and go to the next step.

  2. Launch a VPS and Install Ubuntu 14.04

    When launching a VPS or Droplet on DigitalOcean, you don’t have to manually install Ubuntu, just point and click and you’re set. Wait for the build to complete and then login with your keys using SSH.

    If its your first time working with DigitalOcean and Server, I highly recommend that you first read on this post – Building a VPS using Ubuntu 14.04.

    On that post you will learn how to create your first Droplet or VPS and setup basic security. But with MIAB, you don’t have to worry setting up Firewall, Fail2ban and SSL, as MIAB will take care of them for you and set them up flawlessly. The other thing you will need to learn if you’re a newbie, is how to connect to your server using SSH.

  3. Go through the steps of basic server security setup and hardening.

  4. Setup DNS from your Domain Registrar Dashboard

    If you don’t want to go through issues while building your email server, please setup first your DNS and allow some time for the DNS propagation. Once complete, you are ready to launch and install MIAB.

    If you’re on Gandi.Net, you can setup your DNS by creating a Glue Record.

    To create a Glue Record on Gandi, login to your account and go to Domains, click on Your Domain Name, then click on Glue Records. Once on this page, delete all existing entries and start from fresh.

    Click on Add button, and enter ns1.box on the provided text field. Then type your VPS/Droplet IP address on the IP Address text field then click Save. Repeat this step but use ns2.box this time and same IP address you entered before.

    Note: You don’t need to type your domain name on this step. Gandi will append your entries with you domain name. So just type ns1.box and it will become ns1.box.domain.tld or ns1.box.chubbable.com.

    Adding Glue Records in Gandi Dashboard

    Reference Image: Adding Glue Records in Gandi Dashboard

    Next is to change your Name Server to your newly created Glue Record. To do this, click on Nameservers tab and click change. Update DNS1 and enter your Glue Record, in my example it was ns1.box.chubbable.com. Repeat this step with DNS2. Click Save button and you’re done.

    Wait at least 30-minutes before checking how the DNS propagation is doing.

    For the tools I used to check DNS propagation, I use WhatsMyDNS and MXtoolbox.

    So after 30 minutes or so, go and check how your DNS propagation is doing. On the text field type your domain name and set drop down menu to DNS, click Search button. A positive search result should show the configured Glue Records on this step. Using my example, it should show ns1.box.chubbable.com and ns2.box.chubbable.com. See reference image below.

    Reference Image: DNS Propagation Check Tool

    Checking DNS Propagation

    Using same tool as used above searching for your A Record should result showing the IP address of your VPS or Droplet. See reference image below.

    Reference Image: A Record Checks

    Make sure A Record is pointing to the correct IP Address of your E-Mail Server

    Once your DNS has propagated, you can now proceed to the next step, and that is – installing “Mail in a Box” on DigitalOcean.

  5. Download the MIAB script to your server and launch.

    Login to your server/droplet via SSH and download the Mail-in-a-Box script.

    As a reminder for newbies, logging in to your server via SSH is typing this on your command-line:

    ssh [email protected]
    

    Then you should be logged-in as root on your server, and your command prompt should look like this:

    Reference Image: Command Prompt

    This is what a command prompt looks like.

    So once logged-in, update your server box prior to MiaB installation. The command should be:

    sudo apt-get update && sudo apt-get upgrade
    

    After successfully updating your server, you are now ready to install MiaB.

    So let’s do that now. Grab the MIAB script from this page, copy and paste it on your command-line, like so:

    curl -s https://mailinabox.email/setup.sh | bash
    

    If you logged in as other than root, then the command is:

    curl -s https://mailinabox.email/setup.sh | sudo bash
    

    Hit enter key to initiate installation.

    Watch your screen, because it will ask you some question. See reference image below.

    Reference Image: MiaB Question

    Installation Question No. 1

    Hit OK on the first prompt and on the second, change the email address to your preferred one. Take note that whatever you put on that field will be you Super Admin user name.

    Reference Image: Miab Question 2

    MiaB will ask for your E-Mail Addres.

    To edit, hit backspace to delete all contents and type in your preferred email. You can add more after the the installation process.

    Once done, hit TAB key to move the cursor to OK, once there hit Enter Key.

    This next page will pop-up after the above.

    Reference Image: MiaB suggesting hostname to use

    MiaB Hostname Setup

    Check the value and edit as needed. In my case, it’s box.chubbable.com and this value is also the name of my droplet on my DigitalOcean dashboard.

    When satisfied hit tab key to select OK, and finally hit enter key and installation continues.

    Another prompt will pop asking your geographic area, just do so using your up/down keys to select your area/continent and hit tab to select OK button. Next prompt should be asking your Time Zone, so select your Country’s capital City and hit OK. Installation continues with white texts on black screen background. The process will take a while but won’t take more than 15-minutes. Watch your screen though, because the install script will prompt you for your admin password.

    Reference Image: Mail in a Box Installation Process

    The MiaB script is doing its thing.

    On the password prompt, you should enter your admin password twice. Take note, when you type in your password, it won’t be printed on your screen. So type in your password slowly and surely.

    Once done, installation should be completed and you will be presented with your admin URL. See reference image below.

    Reference Image: Mail-in-a-Box Installation Done

    Installation Done, Confirmed.

    NOTE 1: If you had setup your DNS correctly, Letsencrypt SSL should be provisioned automatically for you during the setup. You will have to answer Yes to the license agreement and that would be it.

    In case not, and the MIAB script had used the self-signed SSL certificate instead, then no worries. You should still have the chance to install Letsencrypt SSL using the Admin Dashboard.

    NOTE 2: Below is the exact texts used by the script when asking your about Letsencrypt License Agreement.

    It is Let's Encrypt's terms of service agreement. If you agree, I can
    provision that TLS certificate. If you don't agree, you will have an
    opportunity to install your own TLS certificate from the Mail-in-a-Box
    control panel.
    
    Do you agree to the agreement? Type Y or N and press <ENTER>:
    

    NOTE 3: After successfully provisioning your Letsencrypt SSL, you should now be able to login to your MIAB admin dashboard by using your full domain name. Example: https://box.chubbable.com/admin – and you should see the green padlock icon on your browser address bar. Which indicates that your SSL certificate is installed and working.

Mail-in-a-Box Post-installation Setup

So now that you’ve installed MiaB, you need further configuration, system checks and testing.

To start off, you need to login to your admin dashboard. Your user name is the email you created during the initial installation procedure with MiaB. Once logged in, provision a new Letsencrypt SSL” and then log off. You need to clear your browser cache before logging in again, so your browser can detect the new SSL certificate.

How Can I Install SSL Certificate after MiaB Installation

To install Letsencrypt SSL to your MiaB Email Server, login as admin and do the following:

  1. System Menu
  2. Click on TLS (SSL) Certificates
  3. Click on Provision

Then wait for the process to complete. After this, you should now have a Free SSL Certificate issued by Letsencrypt.

Reference Image: Provisioning a Letsencrypt SSL on MiaB

Provisioning a Letsencrypt SSL on MiaB

How to Create Additional Users or Email in MiaB

Reference Image: Adding New Email Account

Adding New Email Account

To add additional email/user to your primary domain, simply do the following:

  1. Click on Mail menu.
  2. Clock on Users
  3. Then type in the email address and the password. Leave Normal Users setting, and click Add User button.

    You should get a confirmation that you successfully added a new user. See reference image below.

Reference Image: Adding a New User Success

Success! New User Added

It’s Wrap!

There you have it! That’s how you build your own email server for free using Ubuntu Server and Open Source software like Mail-in-a-Box. There are others like it, i.e.; MailCow and iRedMail.

In case you face some issues, feel free to ask below and I will try my best to answer them as soon as possible.

There are other open source solution on the Internet, which I’m going to share with you soon, and will post a guide once I find time. As for now, Mail-in-a-Box is serving me well but it will soon reach its end-of-life cycle. This is so, because MIAB only supports Ubuntu 14.04 – support for this release will end on April 2019. Overall, it is the best free email server solution I’ve used and always been my recommended solution to clients.

Chubbable

Hi, I'm Chubby! That's what my friends call me. I'm a tech savvy dude who is passionate in learning stuffs by himself. I post stuffs that I recently learned and also stuffs that I'm very knowledgeable of. I also post articles here to serve as my own reference and knowledge base archiving.