Mailcow – Taking Back Control of Email

30.10.2025 16

For years, I relied on big providers for email — Gmail, Outlook, the usual suspects. It was convenient, but I always had the same uneasy feeling: my communication, identity, and years of correspondence were stored somewhere “out there,” on someone else’s terms.

As my self-hosting ecosystem grew, running my own DNS, proxy, and services, there was one missing piece that always felt too big, too fragile to touch: email.

That changed when I discovered Mailcow.

Why I Wanted My Own Mail Server

Running your own mail server used to be a heroic task — a dance of Postfix, Dovecot, SpamAssassin, DKIM, SPF, DMARC, TLS, and countless configuration pitfalls. Most people who tried it either gave up or spent weeks chasing spam score ghosts.

But in an age where I already run DNSSEC-secured domains, Traefik for automated HTTPS, and Docker for orchestration, the question changed from “Can I host my own mail?” to “Why am I not doing it yet?”

Owning your mail means:

  • Full control of your data and privacy.
  • Freedom from arbitrary storage or alias limits.
  • Independence from vendor lock-in.
  • The quiet satisfaction of having a system entirely yours.

Enter Mailcow

Mailcow describes itself simply as a “dockerized email server suite”, but that undersells what it really is: a thoughtfully integrated, beautifully packaged mail system for modern admins.

It bundles all the moving parts — Postfix, Dovecot, Rspamd, ClamAV, Solr, MariaDB, SOGo — into a clean, manageable Docker stack.

Everything communicates seamlessly, with sane defaults and web-based management. The result: you get a full enterprise-grade mail system up and running in minutes, without losing the ability to tweak and understand it.

First Impressions

Deploying Mailcow felt surprisingly… pleasant.

A simple git clone and .env configuration — defining hostname, domain, and passwords — and then docker compose up -d.
Within minutes, the dashboard was live at:

https://mail.hmlab.cloud

There it was: a full mail suite humming along — secure, signed, and ready.

The web UI is clean, pragmatic, and familiar. I could add mailboxes, domains, aliases, DKIM keys, and spam filters without touching raw configs.

And yet, everything is transparent under the hood: each component sits in its own container, fully visible, fully configurable.

What Makes Mailcow Stand Out

📦 All-in-One, but Modular

Mailcow packages the entire mail stack into a cohesive Docker ecosystem — yet you can replace or extend any part.
Want external Solr? Use it.
Prefer to handle certificates via Traefik instead of nginx? Just disable Mailcow’s internal proxy and plug it in.
It’s opinionated but not restrictive.

🔐 Security First

Mailcow defaults are robust:

  • DKIM keys generated and published automatically.
  • SPF and DMARC checks integrated.
  • Rspamd for spam scoring and learning.
  • ClamAV for virus scanning.
  • Let’s Encrypt for TLS.

In an age of over-complicated mail hygiene, Mailcow makes security sane again.

🧠 Smart Anti-Spam

Rspamd is deeply integrated — you can train spam/ham from your mail client, monitor scores, and even visualize results in the dashboard.

Over time, Mailcow learns.
I saw my spam accuracy improve week after week — no false positives, no junk in the inbox.

📥 Modern User Experience

Mailcow ships with SOGo, a webmail and groupware client that feels more like Outlook Web Access than old-school Roundcube.
Responsive, keyboard-friendly, CalDAV and CardDAV included — ideal for daily use.

Integrating Mailcow into My Setup

I placed Mailcow behind my existing Traefik proxy, using labels for HTTPS routing and certificate management:

services:
  nginx-mailcow:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mailcow.rule=Host(`mail.hmlab.cloud`)"
      - "traefik.http.routers.mailcow.entrypoints=websecure"
      - "traefik.http.routers.mailcow.tls.certresolver=letsencrypt"

I configured DNS at my registrar:

  • MXmail.hmlab.cloud
  • A / AAAA → VPS IP
  • TXT → SPF, DKIM, and DMARC records

Then tested with mail-tester.com — a satisfying 10/10.

Mailcow now serves multiple domains for both personal and family accounts. It integrates neatly with Dovecot and IMAP clients across macOS, iOS, and Thunderbird.

For backup, I simply snapshot the Docker volumes and sync to my NAS.
It’s surprisingly maintainable.

What’s Not Perfect

No system is flawless — and Mailcow has its quirks.

  • Resource usage: it’s a heavyweight stack. On a VPS with 4 vCPU / 8 GB RAM, it runs comfortably, but anything smaller struggles.
  • Complex underbelly: while Mailcow abstracts much, if something truly breaks (e.g., Rspamd misbehaves), you’ll still need to understand how the pieces fit.
  • Upgrade anxiety: updates are well-managed through update.sh, but it’s still a large moving target — always back up first.

Still, these are acceptable trade-offs for owning a full mail system that “just works.”

Final Thoughts

Running Mailcow feels a bit like reclaiming an old craft — difficult in the past, but now beautifully automated.
It’s not just a mail server; it’s a small victory for autonomy.

In my stack, Mailcow joins DNSSEC, Traefik, and Fail2Ban as part of a self-reliant infrastructure — private, resilient, and elegant.

Once you see your own domain delivering signed, secure messages to Gmail with a perfect reputation score, you realize something:
You no longer depend on the cloud giants. You’ve built your own.

Written from hmlab.cloud, where even the inbox is self-hosted.

Leave a Reply

Your email address will not be published. Required fields are marked *