The Email Privacy Problem

Gmail reads your emails to serve ads. ProtonMail is closed-source. Mailbox.org (privacy-focused) is owned by T-Online (German mega-corp). The only way to guarantee privacy: self-host.

But self-hosting email is hard:

• Spam filtering is a full-time job
• Server maintenance is ongoing
• Deliverability issues break workflows
• Security misconfigurations expose everything

This guide covers five self-hosted email platforms and helps you choose based on time/money trade-offs.

The Self-Hosted Email Landscape

Mail-in-a-Box: Easiest Setup

Mail-in-a-Box is purpose-built for privacy advocates who don’t want to spend 10 hours configuring email.

What’s Included

- Postfix (SMTP server)
- Dovecot (IMAP/POP3)
- Roundcube (webmail)
- Fail2ban (brute-force protection)
- Spam filtering (basic)
- SSL certificates (auto-renewed)
- Backup system (daily to B2/S3)

Installation

# Step 1: Rent a VPS
# Recommended: Linode, DigitalOcean, Hetzner
# Specs: 2GB RAM, 2 CPU, 40GB SSD
# Cost: $10-20/month

# Step 2: Install Mail-in-a-Box
curl https://mailinabox.email/setup.sh | sudo bash

# Step 3: Access admin panel
# https://your-domain.com/admin
# Login with password set during install

# Step 4: Add email addresses
# Admin panel > Mail > Add email address

Pricing Breakdown

VPS (Linode 2GB):           $12/month
Domain registration:         $12/year ($1/month)
B2 backup storage:           $6/month (10GB/month)
Total:                       $19/month

For 5 email addresses: $3.80 per address
vs. ProtonMail: $5/month for 1 address

Key Features

Webmail (Roundcube):

Access via: https://mail.your-domain.com
Web-based email client
Works on mobile browsers
No app installation needed
Can't match native Mail.app performance (acceptable)

Spam Filtering:

Mail-in-a-Box uses:
- SPF/DKIM/DMARC (prevent impersonation)
- SpamAssassin (basic ML filtering)
- Greylisting (delays unknown senders)

Result: ~85% spam caught automatically
Note: NOT as aggressive as Gmail/Proton (more false negatives)

Backup System:

Built-in backup to:
- AWS S3
- Backblaze B2
- Or SFTP server

Frequency: Daily
Retention: 30 days (configurable)
Recovery: Full mailbox or single email

Configuration Example: Custom Domain

# Step 1: Add domain in admin panel
# Admin > Mail > Add domain

# Step 2: Update DNS records (provided by panel)
# MX record: mail.your-domain.com
# SPF record: v=spf1 include:mail.your-domain.com ~all
# DKIM record: [public key from admin panel]
# DMARC record: v=DMARC1; p=quarantine;

# Step 3: Wait 24 hours for DNS propagation
# Step 4: Create email address
# Admin > Mail > Add mail user
# user@your-domain.com

# Step 5: Receive email in Roundcube webmail

Strengths

• Simplest setup (30 minutes)
• Lowest learning curve
• Webmail included (no extra tools)
• Automatic certificate renewal
• Good documentation
• Regular updates
• Active community on Discourse

Weaknesses

• Spam filtering not as good as Gmail
• Webmail (Roundcube) feels dated
• Limited customization
• Backup system is basic
• No multi-user admin support
• Single-server only (no HA)

Best For

• Privacy advocates who want to self-host but hate Linux
• Single users or small families
• People prioritizing simplicity over features
• Budget-conscious individuals

Maintenance Schedule

# Monthly: Check admin panel for updates
# Mail-in-a-Box > System > Check for updates > Install

# Weekly: Monitor disk space
# Admin > Backup status > Ensure backup succeeds

# Quarterly: Review spam training
# Manually mark false positives/negatives
# (Helps SpamAssassin learn over time)

Mailcow: Best Spam Filtering

Mailcow is a dockerized email stack with excellent spam filtering through Sieve scripts.

What’s Included

- Postfix (SMTP)
- Dovecot (IMAP/POP3)
- Nginx (reverse proxy)
- SOGo (webmail + calendar + contacts)
- Rspamd (advanced spam filtering)
- Sieve (email filtering rules)
- Two-factor auth (built-in)
- LDAP support (for multiple users)

Installation

# Step 1: Rent a VPS (same as Mail-in-a-Box)
# Linode 2GB: $12/month

# Step 2: Install Docker
curl -fsSL https://get.docker.com | sh

# Step 3: Clone Mailcow
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized.git
cd mailcow-dockerized

# Step 4: Configure
./generate_config.sh
# Follow prompts for domain, hostname, IP

# Step 5: Start containers
docker-compose up -d

# Step 6: Access admin panel
# https://your-domain.com/admin
# Login with admin credentials

Pricing

VPS (Linode 2GB):           $12/month
Domain registration:         $12/year ($1/month)
B2 backup storage:           $6/month
Total:                       $19/month

Same cost as Mail-in-a-Box, better features.

Key Feature: Advanced Spam Filtering

Rspamd Configuration:

Mailcow uses Rspamd with pre-trained models:
- Neural networks (learns from data)
- Bayes filtering (learns what's spam)
- Image classification (detects spam images)
- URL reputation (checks URLs against blocklists)
- SPF/DKIM/DMARC validation

Result: ~92% spam caught automatically

Sieve Scripts (Custom Filtering):

Sieve is a mail filtering language (RFC 5228)
Create rules like:
if header :contains "Subject" "urgent" {
  fileinto "INBOX.Urgent";
}

if anyof (
  header :contains "From" "boss@work.com",
  header :contains "From" "cto@company.com"
) {
  fileinto "INBOX.Work";
}

Effect: Auto-organize email by custom rules

Webmail (SOGo):

Better than Roundcube:
- Integrated contacts
- Integrated calendar
- Better UI (modern)
- Smartphone support
- WebDAV/CalDAV support
- Task management

Configuration Example: Spam Training

# Step 1: Mark emails as spam
# SOGo > Email > Select spam message > Mark as Spam

# Step 2: Rspamd learns from patterns
# Over 1-2 weeks, spam filtering improves

# Step 3: Adjust Rspamd thresholds (advanced)
# Admin panel > Settings > Rspamd
# Adjust scores for stricter filtering

# Step 4: Fine-tune with Sieve rules
# Admin > User > Settings > Filters
# Create custom rules

Strengths

• Excellent spam filtering (92%+)
• Modern webmail (SOGo)
• Advanced user management
• Flexible (Sieve scripting)
• Good scaling potential
• Calendar + contacts built-in
• TFA support

Weaknesses

• Docker knowledge required (steeper learning curve)
• More resource-intensive (needs 2GB+ RAM)
• Requires understanding of Rspamd/Sieve
• Docker maintenance overhead
• Container updates can be complex

Best For

• Users who want better spam filtering
• Teams that need calendar/contacts
• Linux enthusiasts
• People comfortable with Docker

Maintenance Schedule

# Weekly: Monitor container health
# docker-compose logs | grep error

# Monthly: Update containers
# cd /opt/mailcow-dockerized
# git pull
# docker-compose pull
# docker-compose up -d

# Quarterly: Review spam scores
# Admin > Rspamd > Monitor spam trends
# Adjust thresholds if needed

iRedMail: Traditional, Stable

iRedMail uses traditional Linux packages (not containerized). It’s the old-school approach but stable.

What’s Included

- Postfix (SMTP)
- Dovecot (IMAP/POP3)
- Apache/Nginx (web server)
- Roundcube (webmail)
- SpamAssassin (spam filtering)
- Fail2ban (brute-force protection)
- OpenLDAP (user directory)
- MySQL (database)

Installation

# Step 1: Download iRedMail
cd /root
wget https://github.com/iredmail/iRedMail/releases/download/...

# Step 2: Extract and run installer
tar xjf iRedMail-x.x.x.tar.bz2
cd iRedMail-x.x.x
bash iRedMail.sh

# Step 3: Follow prompts
# Choose web server (Apache/Nginx)
# Set domain name
# Set admin password
# Choose components to install

# Step 4: Reboot server
# Installer modifies system files

Pricing

VPS (Linode 2GB):           $12/month
Domain:                      $1/month
Backup storage:              $6/month
Total:                       $19/month

Key Features

Traditional Architecture:

iRedMail installs everything on OS:
- Postfix via package manager
- Dovecot via package manager
- MySQL via package manager
- OpenLDAP via package manager

Pros:
- Standard Linux tools apply
- Easy to troubleshoot (no Docker abstractions)
- Uses OS security updates

Cons:
- System-level changes
- Package conflicts possible
- Harder to migrate

Spam Filtering:

SpamAssassin + Bayes:
- Traditional ML approach
- Configurable rules
- Slow to adapt (needs retraining)

Result: ~80% spam blocked
Less effective than Rspamd

Webmail (Roundcube):

Same as Mail-in-a-Box
Functional but dated UI
Works fine for email reading/writing

Configuration Example: Custom Rules

# iRedMail stores config in /etc/postfix
# Sieve rules go in Dovecot config

# Create filter for specific sender:
# In Roundcube: Settings > Filters > Add
# Rule: If from contains "newsletter@sender.com"
# Action: Move to folder "Newsletters"

# Apply server-side (persistent across clients)

Strengths

• Traditional, stable approach
• Works on any Linux distro
• Excellent documentation
• Easy to customize (it’s just Linux)
• Good for learning email infrastructure
• Lower resource usage (if optimized)

Weaknesses

• Spam filtering is basic (80%)
• Webmail (Roundcube) is dated
• More manual configuration
• Harder to upgrade
• System-wide impact (harder to isolate)
• No modern integrations (calendar/contacts)

Best For

• System administrators
• People learning email infrastructure
• Budget-conscious users (lower resource usage)
• Those wanting pure Linux (no Docker)

Modoboa: Modern and Flexible

Modoboa is a newer project (started 2013) with modern architecture and excellent customization.

What’s Included

- Postfix (SMTP)
- Dovecot (IMAP/POP3)
- Nginx (reverse proxy)
- Django web framework (webmail)
- Rspamd (spam filtering)
- MongoDB/MySQL (database)
- Ansible playbooks (deployment)

Installation

# Step 1: Download Modoboa installer
git clone https://github.com/modoboa/modoboa-installer.git

# Step 2: Configure installer
cd modoboa-installer
# Edit inventory file with domain/hostname/IP

# Step 3: Run Ansible
ansible-playbook -i inventory playbook.yml

# Step 4: Access admin panel
# https://admin.your-domain.com
# Login with credentials

Pricing

VPS (Linode 2GB):           $12/month
Domain:                      $1/month
Backup:                      $6/month
Total:                       $19/month

Key Features

Modern Architecture:

Built on Django (Python web framework)
Advantages:
- Easy to extend (Python plugins)
- Good API (REST, GraphQL)
- Modern UI (responsive design)
- Good for future customization

Example custom plugin:
# Create /modoboa/plugins/custom_plugin/
# Implement email forwarding rule
# Integrate with external service

Webmail (Django-based):

Modern UI:
- Responsive design (works on mobile)
- Better UX than Roundcube
- Customizable
- Supports multiple themes
- Good search functionality

Admin Interface:

Modoboa admin is more powerful:
- Manage multiple domains
- Per-user quotas
- Resource monitoring
- Per-domain spam rules
- Easy API access

Configuration Example: Multiple Domains

# Step 1: Add domain in admin panel
# Admin > Domains > Add domain
# my-company.com

# Step 2: Configure DNS
# MX record: mail.my-company.com
# SPF/DKIM/DMARC records (provided by panel)

# Step 3: Create users
# Admin > Users > Add user
# alice@my-company.com
# bob@my-company.com

# Step 4: Set mailbox quotas
# Admin > Users > alice@my-company.com > Quota: 5GB

# Step 5: Enable forwarding (advanced)
# Admin > Aliases > Add alias
# forward-all@my-company.com → alice, bob

Strengths

• Modern, well-designed UI
• Extensible via plugins
• Good API
• Great for multiple domains
• Ansible playbooks (easy deployment)
• Responsive webmail
• Good documentation

Weaknesses

• Younger project (less battle-tested)
• Smaller community than iRedMail
• Requires Python knowledge for extensions
• More complex setup than Mail-in-a-Box
• Fewer tutorials online

Best For

• Developers who want extensibility
• Teams managing multiple domains
• Organizations needing custom integrations
• People valuing modern UI

Docker Mailserver: Maximum Control

Docker Mailserver is a fully customizable Docker setup. Everything is configurable; nothing is pre-configured.

What’s Included

- Postfix (SMTP)
- Dovecot (IMAP/POP3)
- Rspamd (spam filtering)
- ClamAV (virus scanning)
- Let's Encrypt (SSL)
- Docker Compose configuration

Installation

# Step 1: Clone repository
git clone https://github.com/docker-mailserver/docker-mailserver

# Step 2: Create docker-compose.yml
cd docker-mailserver
cp docker-compose.yml.example docker-compose.yml

# Step 3: Generate environment file
cp .env.example .env

# Step 4: Configure mailbox accounts
./setup.sh email add user@example.com password123
./setup.sh email add admin@example.com password456

# Step 5: Start containers
docker-compose up -d

# Step 6: Access webmail (optional)
# Install Roundcube separately
docker run -d -p 80:80 roundcube

Pricing

VPS (Linode 2GB):           $12/month
Domain:                      $1/month
Backup:                      $6/month
Total:                       $19/month
(Same as others, more work)

Key Features

Full Customization:

Every component configurable via environment:
- Postfix settings
- Dovecot settings
- Rspamd thresholds
- Virus scanning (on/off)
- Greylisting (on/off)

Example:
# .env file
POSTFIX_LOG_LEVEL=1
RSPAMD_DCC=1
ENABLE_CLAMAV=1
ENABLE_FAIL2BAN=1

CLI Management:

./setup.sh provides:
- Email account creation/deletion
- Password changes
- Quota management
- Alias management
- Domain setup

Example:
./setup.sh email add work@mydomain.com mypassword
./setup.sh email restrict add work@mydomain.com spam
./setup.sh mailbox quota set work@mydomain.com 5GB

No Webmail Included:

You must add your own:
- Roundcube (popular)
- SOGo (better)
- Custom web app

Advantages:
- Choose what webmail suits you
- Not locked to one UI

Disadvantages:
- Extra configuration
- Extra Docker container

Configuration Example: Advanced Setup

# docker-compose.yml

version: '3.3'
services:
  mailserver:
    image: docker-mailserver/docker-mailserver:latest
    ports:
      - "25:25"
      - "143:143"
      - "465:465"
      - "587:587"
      - "993:993"
    environment:
      DOMAIN: "my-domain.com"
      POSTMASTER_ADDRESS: "admin@my-domain.com"
      ENABLE_CLAMAV: 1          # Virus scanning
      ENABLE_FAIL2BAN: 1         # Brute-force protection
      ENABLE_SPAMASSASSIN: 1     # Spam filtering
      RSPAMD_DCC: 1              # DCC checks
      ENABLE_MANAGESIEVE: 1      # Sieve filtering
    volumes:
      - maildata:/var/mail
      - mailstate:/var/mail-state
      - maillogs:/var/log/mail
    restart: always

  roundcube:
    image: roundcube/roundcubemail:latest
    ports:
      - "8080:80"
    environment:
      ROUNDCUBE_DEFAULT_HOST: mailserver
      ROUNDCUBE_SMTP_SERVER: mailserver

volumes:
  maildata:
  mailstate:
  maillogs:

Strengths

• Maximum flexibility
• Excellent documentation (very detailed)
• Active community
• Works on any Docker-capable system
• No unnecessary bloat
• Easy to upgrade (just update image)
• Minimal resource overhead

Weaknesses

• High learning curve (Docker + mail protocols)
• No admin webUI (CLI only)
• Must add webmail separately
• Requires Linux/Docker knowledge
• No integrated services (calendar, contacts)
• More troubleshooting needed

Best For

• DevOps engineers
• Organizations with existing Docker infrastructure
• People wanting complete control
• Those comfortable with Linux/Docker

Maintenance Schedule

# Weekly: Check logs
# docker-compose logs mailserver | grep error

# Monthly: Update images
# docker-compose pull
# docker-compose up -d

# Quarterly: Review configuration
# Check environment variables
# Ensure security best practices followed

Comparison Matrix

Migration Costs (Switching Providers)

Moving from one provider to another:

Easy ($0, <1 hour):

• Mail-in-a-Box → Mailcow (both use Postfix/Dovecot)
• Mail-in-a-Box → iRedMail (same)
• Mail-in-a-Box → Modoboa (same)

Process:

# 1. Export mailbox from source via IMAP
# 2. Import to destination via IMAP
# 3. Update DNS MX records
# 4. Wait 24 hours for convergence

Medium ($0, 2-4 hours):

• Mailcow → Docker Mailserver (both containerized)
• iRedMail → Modoboa (different architectures)

Process:

# 1. Backup source database
# 2. Set up new server
# 3. Restore user accounts
# 4. IMAP migration
# 5. Test thoroughly

Hard ($0, 4-8 hours):

• Any → different platform (requires manual user recreation)

Recommendations by Use Case

Solo user, privacy-focused: → Mail-in-a-Box ($19/month, 30 min setup, minimal maintenance)

Team with 5+ members: → Mailcow ($19/month, better spam, calendar/contacts included)

System administrator learning email: → iRedMail ($19/month, traditional setup, good learning experience)

Company managing multiple domains: → Modoboa ($19/month, excellent API, scalable)

DevOps with Docker infrastructure: → Docker Mailserver ($19/month, maximum control, integrate with Kubernetes)

Cost Comparison Over 1 Year

For 5 email addresses:

Key insight: All self-hosted solutions cost the same ($19/month). Choose based on:

• Features (spam filtering, calendar, contacts)
• Maintenance burden (time commitment)
• Scalability (single vs multiple domains)

Bottom Line

Start here: Mail-in-a-Box if you want simplicity, $19/month, 30-minute setup

Upgrade to: Mailcow if spam filtering becomes a problem, better webmail needed, or calendar/contacts required

Switch to: Modoboa if managing 5+ domains or need strong API for integrations

Use: Docker Mailserver only if you already use Docker and want maximum control

All self-hosted options cost ~$19/month for VPS + domain. The choice is about time investment and features, not price.

Start with Mail-in-a-Box. Migrate later if needed (easy process). The hardest part is fighting spam, and all five solutions handle that adequately.

Related Reading

• How To Set Up Self Hosted Matrix Synapse Server For Private
• Set Up a Secure Home Server for Self-Hosting Privacy Tools.
• Best Self-Hosted File Sync Alternatives in 2026
• Bitwarden Self-Hosted Setup Guide
• Bitwarden vs Vaultwarden Self-Hosted: A Technical Comparison

Built by theluckystrike — More at zovo.one