-
Notifications
You must be signed in to change notification settings - Fork 7
MailCow Setup
To get started we will need to set up our DNS records. I will be using Cloudflare for my setup but any DNS Name Server will work.
For reference, I am following the official Mailcow documentation. Link -->
Add new these all to Cloudflare.
DNS Record
# Name Type Value
mail IN A 1.2.3.4 #A Record
autodiscover IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) #This is a CNAME
autoconfig IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) #This is a CNAME
@ IN MX 10 mail.example.org. (your ${MAILCOW_HOSTNAME}) #This is a MX record 10 is the priority
SPF Record
# Name Type Value
@ IN TXT "v=spf1 mx a -all"
DKIM Record
# Name Type Value
dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=..."
For the DKIM leave p=... blank for the moment we will come back to this once we have Mailcow setup.
DMARC Record
# Name Type Value
_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]"
Back at the VPS we will need to set up our Reverse DNS. Back in Vultr click on your server and go to settings. In settings click IPv4. You should see Reverse DNS. You will need to put in your domain name so that the mail server can be verified mail.example.com. Without this, you might end up in spam because they cannot verify that you own the IP.
Docker and Docker Composer are required for Mailcow. If you are following along we have already installed them both. Go back to the NPM install to learn how to get that going.
For Mailcow to work properly we will need to forward the port through our VPS to our Mailcow server. To do this we will need to add ports to our IP tables on the VPS. SSH Back into the VPS.
Below is the entire IP table for the required ports for Mailcow. It is important that the information in the IP table matches your IPs and your ports. Any mess up will result in something not working.
# VPS
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 25 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 143 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 993 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 110 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 995 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 587 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 465 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 4190 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 25 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 143 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 993 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 110 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 995 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 587 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 465 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 4190 -j DNAT --to-destination 10.7.0.2
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 25 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 143 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 993 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 110 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 995 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 587 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 465 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
sudo iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport 4190 -d 10.7.0.2 -j SNAT --to-source 10.7.0.1
To save the new IP Table use sudo iptables-save > /etc/iptables/rules.v4.
# Local
cd /opt
sudo git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
sudo ./generate_config.sh
# The process will ask you for your FQDN to automatically configure NGINX.
# Mine is mail.example.com, but yours might be whatever you want
This will generate a Mailcow directory and a mailcow.conf file that we will need to make edits to.
Change directories into the mailcow-dockerized cd mailcow-dockerized/. We will need to make edits to the mailcow.conf file. sudo nano mailcow.conf.
In this file we will need to make some changes to the config. Make the following changes.
• First change the HTTP ports. These ports will interfere with the Nginx port if we don't change them. You can set them to whatever but they cannot interfere with any other ports. I set mine to the following.
HTTP_PORT=280
HTTPS_PORT=2443
• We will then need to disable Lets Encrypt.
SKIP_LETS_ENCRYPT=y
Once those changes have been made we can build the docker container. To do this run sudo docker-compose up -d
This should pull down the containers and get them set up. Look for all greens at the end of the installation. If anything comes back as failed you will need to check the config file for errors and try again.
If everything is good give the install a few mins to finish its start-up and then head to the local IP address of the Mailcow install. http://<mailcowIP>:<mailcowPORT>. You should be greeted with the Mailcow login.
Log in with admin and moohoo. You should change this!
We are almost done.
Back in Mailcow, we will need to set up a mailbox. Go to Configuration > Mail Setup > Add Domain. In here add your domain. This is not mail.example.com it is just example.com. Everything else can be left as default. Click Add domain and restart SOGo.
Now go to Mailboxes > Add mailbox. Add a mailbox with whatever name you want and click save.
Now we will need to grab the DKIM Key for our new mailbox and add it to our domain records. Go to Configuration > ARC/DKIM Keys. You should see a DKIM key, copy the entire key. Going back to Cloudfare paste the key into the blank DKIM record and save.
Depending on your use case it might be useful to add your SSL Certs to Mailcow. I know if you try to use IMAP later on it will complain about the certs not matching. You can download your certs from NPM in the SSL section. The certs get put in opt/mailcow-dockerized/data/assets/ssl/ for both cert.pem and key.pem. Just paste in the certs from NPM and restart the server. You can read more about SSL Here.
At this point, if everything has been done correctly you should be able to send a received mail. You can use mail checkers to verify that all the security and spam filters are working. I used this Mail Tester
From here you are on your own. I hope this helped you it definitely was a struggle to figure this all out. Happy Self-hosting!