To set up an email server on a dedicated server, assign a proper hostname (mail.example.com), install and secure Postfix (SMTP) and Dovecot (IMAP\/POP3) with TLS, open mail ports, configure DNS (MX, SPF, DKIM, DMARC) and rDNS, enable spam filtering, create mailboxes, and verify deliverability with major providers.<\/p>\n\n\n\n
Setting up an email server on a dedicated hosting environment gives you full control, better privacy, and brand trust\u2014but it also demands careful configuration for security and deliverability. In this guide, you\u2019ll learn how to set up email server on a dedicated server using Postfix and Dovecot, configure DNS correctly, and pass modern anti-spam checks.<\/p>\n\n\n\n
Use a clean dedicated server<\/a> (Ubuntu 22.04\/24.04 LTS or RHEL\/Rocky 9 recommended) with at least 2 vCPU, 4 GB RAM, and SSD. Set a permanent hostname to a fully qualified domain name, typically mail.example.com, and point an A\/AAAA record to your server\u2019s IP(s).<\/p>\n\n\n\n Email deliverability hinges on IP reputation. Start with a clean IP (not on blacklists), then set a PTR (reverse DNS) to match your mail hostname (e.g., 203.0.113.10 \u2192 mail.example.com). Many providers require a request to support to set rDNS; YouStable support can set PTR on your dedicated IPs on request.<\/p>\n\n\n\n Ensure your provider allows outbound SMTP (port 25). Open these ports in your firewall: 25 (SMTP), 465 (SMTPS), 587 (Submission), 110\/995 (POP3\/POP3S), 143\/993 (IMAP\/IMAPS), and 4190 (Sieve, optional). Some clouds block 25 by default\u2014request an unblock or use a smart host relay if needed.<\/p>\n\n\n\n cPanel, Plesk, and DirectAdmin automate most email tasks (mailboxes, SPF\/DKIM, webmail). They\u2019re ideal if you want speed over manual control. If you choose a panel, much of the SMTP\/IMAP configuration is handled for you. You\u2019ll still need correct DNS, rDNS, and security policies.<\/p>\n\n\n\n We\u2019ll use Postfix (MTA) for sending\/receiving and Dovecot for IMAP\/POP3. For spam filtering and authentication, we\u2019ll cover Rspamd or SpamAssassin with OpenDKIM\/OpenDMARC. This approach is flexible and production-grade when configured properly.<\/p>\n\n\n\n Accurate time and security are prerequisites. Replace example.com with your domain as needed.<\/p>\n\n\n\n Set your mail hostname (must match rDNS):<\/p>\n\n\n\n In your DNS zone, add:<\/p>\n\n\n\n We\u2019ll add DKIM and DMARC after configuring signing.<\/p>\n\n\n\n When prompted, choose \u201cInternet Site\u201d and set mail.example.com as system mail name.<\/p>\n\n\n\n Encrypt SMTP, IMAP, and POP3. Ensure mail.example.com resolves to your server first.<\/p>\n\n\n\n Edit \/etc\/postfix\/main.cf and set minimum secure options. Replace example values.<\/p>\n\n\n\n Enable Submission (587) and SMTPS (465) in \/etc\/postfix\/master.cf:<\/p>\n\n\n\n Reload Postfix:<\/p>\n\n\n\n Configure SSL and authentication in Dovecot. Edit \/etc\/dovecot\/dovecot.conf or conf.d files:<\/p>\n\n\n\n For simple setups, create system users (e.g., useradd) and they become mailbox owners. For multi-domain hosting, configure virtual users with SQL; that\u2019s beyond a beginner guide but fully supported by Postfix\/Dovecot.<\/p>\n\n\n\n You need message signing and spam defenses to land in inboxes. Choose one path:<\/p>\n\n\n\n Rspamd handles spam scoring and DKIM signing. Install via your distro or official repos, then configure Postfix milter to call Rspamd and create DKIM keys per domain. Basic flow:<\/p>\n\n\n\n This classic combo works well and is easy to reason about:<\/p>\n\n\n\n Generate DKIM keys and add the DNS record:<\/p>\n\n\n\n Wire OpenDKIM\/OpenDMARC to Postfix as milters in \/etc\/postfix\/main.cf:<\/p>\n\n\n\n Reload services after configuration changes.<\/p>\n\n\n\n Add or verify these DNS records (replace with your values):<\/p>\n\n\n\n Confirm PTR (rDNS) maps 203.0.113.10 \u2192 mail.example.com and that it matches your SMTP banner (myhostname).<\/p>\n\n\n\n For system users:<\/p>\n\n\n\n Send a test message and check logs:<\/p>\n\n\n\n Use an email client (Thunderbird, Outlook, Apple Mail) with IMAPS (993) and SMTP Submission (587). Ensure \u201cUse TLS\u201d or \u201cSTARTTLS\u201d is on.<\/p>\n\n\n\n Install Roundcube and point it at localhost IMAP\/SMTP with TLS. Secure the webmail vhost with HTTPS using a Let\u2019s Encrypt<\/a> certificate.<\/p>\n\n\n\n Running your own MTA provides control but requires vigilance. If you prefer a managed path, YouStable\u2019s dedicated servers<\/a> come with clean IPs, rDNS assistance, and 24\u00d77 support. Our team can help you implement Postfix\/Dovecot or set up a control panel<\/a> and ensure SPF, DKIM, and DMARC are correctly deployed for reliable deliverability.<\/p>\n\n\n\n Use a hosting control panel like cPanel, Plesk, or DirectAdmin. It automates mailbox creation, DKIM, SPF, and webmail. You still need correct DNS and rDNS. For full control and lower licensing cost, follow the Postfix\/Dovecot steps in this guide.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Reputation and content matter. Warm up your IP, enable DMARC with alignment, ensure rDNS matches, and avoid spammy content (excessive links, shorteners, deceptive subjects). Implement spam filtering and keep complaints and bounces low.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Yes. Your server must receive and send inter-server SMTP on port 25 for normal mail flow. Port 587 is for authenticated client submission. If your provider blocks 25, request an unblock or use a trusted SMTP relay (smart host).<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Rspamd is modern, fast, and integrates DKIM\/DMARC\/ARC with powerful rule sets. SpamAssassin remains reliable and simpler to grasp for many admins. Choose based on comfort; both can achieve excellent results when tuned.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Start small (e.g., 200\u2013500 messages\/day), monitor bounce\/complaint rates, and gradually increase volume over 2\u20134 weeks. Authenticate with SPF\/DKIM\/DMARC from day one, segment traffic by type, and maintain strict list hygiene to build a positive reputation.<\/p>\n\n\n\n With careful setup, validated DNS, strong TLS, and steady reputation building, you can run a reliable, secure email service on your dedicated server. If you want expert help or a managed deployment, YouStable is ready to assist.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\nClean IP and Reverse DNS<\/strong><\/h3>\n\n\n\n
Open Ports and Provider Policies<\/strong><\/h3>\n\n\n\n
Two Paths: Control Panel or Manual Stack<\/strong><\/h2>\n\n\n\n
If You Prefer a Control Panel<\/strong><\/h3>\n\n\n\n
If You Want Full Control (Our Stack)<\/strong><\/h3>\n\n\n\n
Step-by-Step: Install and Configure Your Email Server<\/strong><\/h2>\n\n\n\n
1) Update, Set Timezone, and Configure Firewall<\/strong><\/h3>\n\n\n\n
# Ubuntu\nsudo apt update && sudo apt -y upgrade\nsudo timedatectl set-timezone UTC\n\n# RHEL\/Rocky\nsudo dnf -y update\nsudo timedatectl set-timezone UTC\n\n# UFW firewall (Ubuntu)\nsudo ufw allow 22\/tcp\nsudo ufw allow 25,465,587\/tcp\nsudo ufw allow 110,995,143,993\/tcp\nsudo ufw allow 4190\/tcp\nsudo ufw enable<\/code><\/pre>\n\n\n\n2) Set Hostname and DNS Records<\/strong><\/h3>\n\n\n\n
sudo hostnamectl set-hostname mail.example.com<\/code><\/pre>\n\n\n\n\n
3) Install Postfix and Dovecot<\/strong><\/h3>\n\n\n\n
# Ubuntu\nsudo apt -y install postfix dovecot-imapd dovecot-pop3d\n\n# RHEL\/Rocky\nsudo dnf -y install postfix dovecot<\/code><\/pre>\n\n\n\n4) Obtain TLS Certificates (Let\u2019s Encrypt)<\/strong><\/h3>\n\n\n\n
# Ubuntu (snap)\nsudo snap install --classic certbot\nsudo certbot certonly --standalone -d mail.example.com --agree-tos -m admin@example.com --non-interactive\n\n# Cert paths (commonly)\n# \/etc\/letsencrypt\/live\/mail.example.com\/fullchain.pem\n# \/etc\/letsencrypt\/live\/mail.example.com\/privkey.pem<\/code><\/pre>\n\n\n\n5) Postfix: Core Configuration<\/strong><\/h3>\n\n\n\n
myhostname = mail.example.com\nmyorigin = \/etc\/mailname\nmydestination = $myhostname, localhost\ninet_interfaces = all\ninet_protocols = ipv4\nmynetworks = 127.0.0.0\/8\nmessage_size_limit = 30720000\n\n# TLS\nsmtpd_tls_cert_file = \/etc\/letsencrypt\/live\/mail.example.com\/fullchain.pem\nsmtpd_tls_key_file = \/etc\/letsencrypt\/live\/mail.example.com\/privkey.pem\nsmtpd_use_tls = yes\nsmtpd_tls_auth_only = yes\nsmtp_tls_security_level = may\nsmtpd_tls_security_level = may\nsmtpd_tls_loglevel = 1\n\n# Authentication (via Dovecot)\nsmtpd_sasl_type = dovecot\nsmtpd_sasl_path = private\/auth\nsmtpd_sasl_auth_enable = yes\nsmtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination\n\n# Submission tuning\nsubmission_recipient_restrictions = permit_sasl_authenticated, reject\nsmtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination<\/code><\/pre>\n\n\n\nsubmission inet n - y - - smtpd\n -o syslog_name=postfix\/submission\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n\nsmtps inet n - y - - smtpd\n -o syslog_name=postfix\/smtps\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes<\/code><\/pre>\n\n\n\nsudo systemctl enable --now postfix\nsudo systemctl reload postfix<\/code><\/pre>\n\n\n\n6) Dovecot: IMAP\/POP3 and Auth<\/strong><\/h3>\n\n\n\n
protocols = imap pop3 lmtp\nssl = required\nssl_cert = <\/etc\/letsencrypt\/live\/mail.example.com\/fullchain.pem\nssl_key = <\/etc\/letsencrypt\/live\/mail.example.com\/privkey.pem\n\nauth_mechanisms = plain login\n\n# Mail location (Maildir in user home)\nmail_location = maildir:~\/Maildir\n\n# Enable auth socket for Postfix\nservice auth {\n unix_listener \/var\/spool\/postfix\/private\/auth {\n mode = 0660\n user = postfix\n group = postfix\n }\n}<\/code><\/pre>\n\n\n\nsudo systemctl enable --now dovecot\nsudo systemctl reload dovecot<\/code><\/pre>\n\n\n\n7) Spam Filtering and DKIM\/DMARC<\/strong><\/h2>\n\n\n\n
Option A: Rspamd (modern, fast)<\/strong><\/h4>\n\n\n\n
\n
Option B: SpamAssassin + OpenDKIM + OpenDMARC<\/strong><\/h4>\n\n\n\n
# Ubuntu\nsudo apt -y install spamassassin opendkim opendkim-tools opendmarc\nsudo systemctl enable --now spamassassin opendkim opendmarc<\/code><\/pre>\n\n\n\nsudo mkdir -p \/etc\/opendkim\/keys\/example.com\ncd \/etc\/opendkim\/keys\/example.com\nsudo opendkim-genkey -s default -d example.com\nsudo chown opendkim:opendkim default.private\n# Publish default.txt as a TXT record for: default._domainkey.example.com<\/code><\/pre>\n\n\n\nmilter_default_action = accept\nmilter_protocol = 2\nsmtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893\nnon_smtpd_milters = $smtpd_milters<\/code><\/pre>\n\n\n\n8) Publish SPF, DKIM, DMARC, and rDNS<\/strong><\/h3>\n\n\n\n
; A and MX\nmail.example.com. IN A 203.0.113.10\nexample.com. IN MX 10 mail.example.com.\n\n; SPF\nexample.com. IN TXT \"v=spf1 a mx ip4:203.0.113.10 ~all\"\n\n; DKIM (from your generated default.txt)\ndefault._domainkey.example.com. IN TXT \"v=DKIM1; k=rsa; p=MIIBIjANBgkqh...\"\n\n; DMARC (monitoring mode first)\n_dmarc.example.com. IN TXT \"v=DMARC1; p=none; rua=mailto:dmarc@example.com; fo=1\"\n\n; Later tighten DMARC to p=quarantine or p=reject after testing<\/code><\/pre>\n\n\n\n9) Create Mailboxes and Test<\/strong><\/h3>\n\n\n\n
sudo adduser alice\nsudo -u alice maildirmake.dovecot ~\/Maildir\nsudo -u alice maildirmake.dovecot ~\/Maildir\/.Sent\nsudo -u alice maildirmake.dovecot ~\/Maildir\/.Trash<\/code><\/pre>\n\n\n\necho \"Test body\" | mail -s \"Hello\" alice@example.com\nsudo tail -n 100 \/var\/log\/mail.log # Ubuntu\/Debian\nsudo journalctl -u postfix -u dovecot # RHEL\/Rocky<\/code><\/pre>\n\n\n\n10) Optional: Webmail (Roundcube)<\/strong><\/h3>\n\n\n\n
Deliverability Best Practices<\/strong><\/h2>\n\n\n\n
\n
Security Hardening Essentials<\/strong><\/h2>\n\n\n\n
\n
# Example Postfix hardening fragments\nsmtpd_helo_required = yes\ndisable_vrfy_command = yes\nmaximal_backoff_time = 4000s\nsmtp_tls_mandatory_ciphers = high<\/code><\/pre>\n\n\n\nMonitoring, Backups, and Ongoing Care<\/strong><\/h2>\n\n\n\n
\n
Common Errors and Quick Fixes<\/strong><\/h2>\n\n\n\n
\n
When to Choose Managed Email or YouStable<\/strong><\/h2>\n\n\n\n
FAQs: Set up Email Server<\/strong><\/h2>\n\n\n\t\t
What\u2019s the fastest way to set up an email server on a dedicated server?<\/h3>\t\t\t\t
Why are my emails going to spam even after SPF and DKIM?<\/h3>\t\t\t\t
Do I need port 25 open if I\u2019m using 587 for submission?<\/h3>\t\t\t\t
Is Rspamd better than SpamAssassin?<\/h3>\t\t\t\t
How do I safely scale sending on a new dedicated IP?<\/h3>\t\t\t\t