How to Set Up a Mail Server on a VPS (Postfix + Dovecot + DKIM)

How to Set Up a Mail Server on a VPS (Postfix + Dovecot + DKIM)

Running your own mail server gives you complete control over your email infrastructure — no per-seat SaaS fees, no data stored on third-party servers, and the ability to send from your own domain with full deliverability control. While mail server setup has a reputation for complexity, a Postfix + Dovecot stack on a VPS is well within reach with the right guide.

This tutorial sets up a fully functional mail server: Postfix (SMTP, outbound/inbound mail), Dovecot (IMAP, mailbox access), SPF + DKIM + DMARC (deliverability authentication), and Let’s Encrypt SSL.

Requirements

  • Ubuntu VPS 22.04 or 24.04 LTS with a static IP
  • A domain name (e.g., yourdomain.com)
  • Reverse DNS (PTR record) set to your mail hostname — configure this in VPS.DO’s control panel
  • Port 25 not blocked by your provider (contact VPS.DO support to confirm)

💡 Important: Many VPS providers block port 25 (SMTP) by default to prevent spam. Contact VPS.DO support to request port 25 unblocked for mail server use.

Step 1: Set Hostname and Update System

sudo hostnamectl set-hostname mail.yourdomain.com
sudo apt update && sudo apt upgrade -y

Add to /etc/hosts:

YOUR_VPS_IP  mail.yourdomain.com mail

Step 2: Configure DNS Records

In your domain’s DNS settings, add:

Type Name Value
A mail YOUR_VPS_IP
MX @ mail.yourdomain.com (priority 10)
TXT @ v=spf1 mx ~all
PTR YOUR_VPS_IP mail.yourdomain.com

Step 3: Install SSL Certificate First

sudo apt install nginx certbot python3-certbot-nginx -y
sudo certbot certonly --nginx -d mail.yourdomain.com

Step 4: Install Postfix

sudo apt install postfix postfix-mysql -y

When prompted, select Internet Site and enter mail.yourdomain.com as the system mail name.

Configure Postfix

sudo nano /etc/postfix/main.cf
myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

# TLS configuration
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem
smtpd_tls_key_file  = /etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1

# Mailbox
home_mailbox = Maildir/
mailbox_size_limit = 0

# Anti-spam basics
smtpd_helo_required = yes
disable_vrfy_command = yes

Step 5: Install and Configure Dovecot (IMAP)

sudo apt install dovecot-core dovecot-imapd dovecot-pop3d -y
sudo nano /etc/dovecot/dovecot.conf
protocols = imap pop3
listen = *, ::
sudo nano /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
sudo nano /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
sudo systemctl restart postfix dovecot

Step 6: Set Up DKIM Signing

DKIM cryptographically signs outbound emails, proving to receiving mail servers that the email genuinely came from your domain.

sudo apt install opendkim opendkim-tools -y
sudo mkdir -p /etc/opendkim/keys/yourdomain.com
sudo opendkim-genkey -t -s mail -d yourdomain.com -D /etc/opendkim/keys/yourdomain.com/
sudo chown -R opendkim:opendkim /etc/opendkim/keys/

Get Your DKIM Public Key for DNS

sudo cat /etc/opendkim/keys/yourdomain.com/mail.txt

Copy the p=... value and add it as a DNS TXT record:

Type Name Value
TXT mail._domainkey v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY

Configure OpenDKIM

sudo nano /etc/opendkim.conf
Domain          yourdomain.com
KeyFile         /etc/opendkim/keys/yourdomain.com/mail.private
Selector        mail
Socket          inet:12301@localhost
# Connect Postfix to OpenDKIM
echo "milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301" | sudo tee -a /etc/postfix/main.cf

sudo systemctl restart opendkim postfix

Step 7: Add DMARC Record

Add a DNS TXT record to tell receiving servers what to do with emails that fail SPF/DKIM:

Type Name Value
TXT _dmarc v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

Step 8: Create Mail Users

# Create a system user for each email address
sudo adduser john
# john@yourdomain.com now receives mail at /home/john/Maildir/

Step 9: Open Firewall Ports

sudo ufw allow 25/tcp    # SMTP
sudo ufw allow 587/tcp   # SMTP submission
sudo ufw allow 993/tcp   # IMAPS
sudo ufw allow 995/tcp   # POP3S

Step 10: Test Email Deliverability

Use these free tools to verify your configuration:

# Send a test email from the command line
echo "Test email body" | mail -s "Test Subject" recipient@gmail.com

Final Thoughts

A self-hosted mail server on a VPS gives you complete control over your email infrastructure at a fraction of the cost of managed email services. The Postfix + Dovecot + DKIM stack is battle-tested and runs reliably on modest hardware — a VPS.DO USA VPS with 2 GB RAM comfortably handles a small team’s email volume.

Related articles:

Fast • Reliable • Affordable VPS - DO It Now!

Get top VPS hosting with VPS.DO’s fast, low-cost plans. Try risk-free with our 7-day no-questions-asked refund and start today!

Contact Us

VPS.DO offers reliable, cost-effective KVM VPS hosting as a robust Cloud-as-a-Service solution worldwide. We DO our best to power your success with unbeatable VPS value.

Copyright © 2026 VPS.DO

Services
Information
Account