Tutorial
Why You May Not Want To Run Your Own Mail Server
Introduction
When setting up a web site or application under your own domain, your hosting provider may also offer you the option of configuring your own mail server. Although there are many robust open source solutions such as Dovecot, hosting your own mail is often not the best option for many deployments. Because of the relatively complicated way that DNS records, spam filters, and webmail interfaces are implemented, maintaining your own mail server is becoming less popular, and less widely supported by hosting providers. Most people will get more value out of using a hosted mail service. This guide will cover many of the reasons that you may not want to run your own mail server, and offer a few alternatives.
Mail Servers Are Complex
A typical mail server consists of many software components that provide a specific function. Each component must be configured and tuned to work nicely together and provide a fully-functioning mail server. Because they have so many moving parts, mail servers can become complex and difficult to set up.
Here is a list of required components in a mail server:
- Mail Transfer Agent
- Mail Delivery Agent
- IMAP and/or POP3 Server
In addition to those, you will probably want to add these components:
- Spam Filter
- Antivirus
- Webmail
While some software packages include the functionality of multiple components, the choice of each component is often left up to you. In addition to the software components, mail servers need a domain name, the appropriate DNS records, and an SSL certificate.
Let’s take a look at each component in more detail.
Mail Transfer Agent
A Mail Transfer Agent (MTA), which handles Simple Mail Transfer Protocol (SMTP) traffic, has two responsibilities:
- To send mail from your users to an external MTA (another mail server)
- To receive mail from an external MTA
Examples of MTA software include Postfix, Exim, and Sendmail.
Note: As a general rule, even if you are committed to not running a full mail server, an MTA is still relatively straightforward to deploy on its own in order to send alerts or notifications from your software. This is sometimes challenging because some hosting providers (including DigitalOcean) will automatically block the default outgoing mail port, 25, in order to avoid being used for spam. To avoid this, you can use a third-party SMTP server. You can also review How To Install and Setup Postfix.
Mail Delivery Agent
A Mail Delivery Agent (MDA), which is sometimes referred to as the Local Delivery Agent (LDA), retrieves mail from a MTA and places it in the appropriate mail user’s mailbox.
There are a variety of mailbox formats, such as mbox and Maildir. Each MDA supports specific mailbox formats. The choice of mailbox format determines how the messages are actually stored on the mail server which, in turn, affects disk usage and mailbox access performance, as well as import/export compatibility.
Examples of MDA software include Postfix and Dovecot.
IMAP and/or POP3 Server
IMAP and POP3 are protocols that are used by mail clients — software that is used to read email, for mail retrieval.
IMAP is the more complex protocol that allows, among other things, multiple clients to connect to an individual mailbox simultaneously. The email messages are copied to the client, and the original message is left on the mail server.
POP3 is simpler, and moves email messages to the mail client’s computer, typically the user’s local computer, by default.
Examples of software that provides IMAP and/or POP3 server functionality include Courier, Dovecot, and Zimbra.
Spam Filter
The purpose of a spam filter is to reduce the amount of incoming spam, or junk mail, that reaches user’s mailboxes. Spam filters accomplish this by applying spam detection rules — which consider a variety of factors such as the server that sent the message, the message content, and so forth — to incoming mail. If a message’s “spam level” reaches a certain threshold, it is marked and treated as spam.
Spam filters can also be applied to outgoing mail. This can be useful if a user’s mail account is compromised, to reduce the amount of spam that can be sent using your mail server.
SpamAssassin is a popular open source spam filter.
Antivirus
Antivirus is used to detect viruses, trojans, malware, and other threats in incoming and outgoing mail. ClamAV is a popular open source antivirus engine.
Webmail
Many users expect their email service to provide webmail access. Webmail, in the context of running a mail server, is a mail client that can be accessed by users via a web browser. Gmail is probably the best-known example of this. The webmail component, which requires a web server such as Nginx or Apache, can run on the mail server itself.
Examples of software that provide webmail functionality include Roundcube and Citadel.
Downsides to Running a Mail Server
Although having to maintain a stack of four or five different software components in order to provide basic functionality is not ideal, it may not seem so much worse than other deployments in that regard. This, however, does not take into account the significant “trust” issues of running your own mail server.
In many ways, mail server stacks represent a collision between the tools and values of the early internet — self-hosting open source software using well-defined standards and interoperable protocols — and the reality of the modern internet — a few centralized, trusted authorities. More than web servers, database servers, or other cloud software, they have to handle an enormous amount of untrustworthy input, and the trust standards of commercial mail servers are very high as a result. Because mail servers are constantly handling attachments of potentially harmful files, and constantly filtering spam and spam addresses, it can be quite challenging to run a server that actually keeps up with the expectations of modern webmail providers. Many of them will not hesitate to block traffic from a temporarily compromised sender, especially if it is a small, self-hosted operation.
Staying Off Blacklists
It is not trivial to keep your server off of the various blacklists, also known as DNSBL, blocklists, or blackhole lists. These lists contain the IP addresses of mail servers that were reported to send spam or junk mail (or for having improperly configured DNS records). Many mail servers subscribe to one or more of these blacklists, and filter incoming messages based on whether the mail server that sent the messages is on the list(s). If your mail server gets listed, your outgoing messages may be filtered and discarded before they reach their intended recipients.
When deploying a web server, it is fairly common to experience occasional outages from DNS misconfiguration. There is a substantial ecosystem of CDNs and load balancers whose primary purpose is to prevent these minor outages from otherwise impacting your infrastructure. When it comes to mail servers, however, a minor misconfiguration can make it hard to — literally — restore trust.
If your mail server gets blacklisted, it is often possible to get it unlisted (or removed from the blacklist). You will need to determine the reason for being blacklisted, and resolve the issue. After this, you will need to look up the blacklist removal process for the particular list that your mail server is on, and follow it.
Hosted Mail Services
Hosted mail services fall into two broad categories. The first category is comprised of personal webmail providers. These service providers are widely known for their free service tiers, and usually provide paid options for hosting a custom email domain, supporting multiple users of a shared business account, and so on. They usually provide their own webmail interfaces and dedicated mobile apps.
A second category is mail delivery services. These providers are not necessarily in the personal email business, but instead provide API access for any software that needs to send mail in bulk, such as password change notifications or advertising campaigns. Usually, these services include dedicated mail server credentials, the relevant trust and filtering features, and a web dashboard to monitor your mail volume and any related issues. They are typically priced by usage.
This list is not exhaustive, but should provide an overview of the service landscape.
Conclusion
Although email is a fundamental internet technology, many cloud providers are reluctant to support self-hosted mail servers because of their inherent challenges. We generally recommend using an external provider to handle email for your cloud.
If you are determined to run your own mail server, you can see a comprehensive example in How To Configure a Mail Server Using Postfix, Dovecot, MySQL, and SpamAssasin.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
author
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
There is also https://mailinabox.email/, a project I started to deploy a working mail server without the need (or even the possibility) to configure the system. It’s like an email appliance. It doesn’t solve all of the issues of running your own mail server, but it does solve a lot.
Would have thought that zoho.com deserved a mention at least. And Outlook.com haven’t offered service for custom domains for a while…
I run my own mail server(s) without any issues and whenever there’s an issue, it’s just “fun” to fix it :]
How do I go about adding my Exchange Online MX record? I only see an option for gmail MX record?
EDIT Figured this out from an older comment thread. For anyone else doing this, in the MX hostname enter the Office 365 mail server with a dot at the end and set the priority to 0.
I run about 10 domains on a single $5 Ubuntu box on DO with Zpanel http://www.zpanelcp.com and so far no issues. I just do forwards with this which is super easy to setup and works well, never had any issues.
I am going to have to disagree. You can easily run your own mail-server, I do it for 150 people at work and yeah I am the solo IT guy. I spend 1 minute a day on average just making sure there’s nothing funky in log files…
There is however a giant learning curve. If you aren’t afraid of learning how email works then you have no problem at all. There are plenty of tutorials to follow. Also running your own mail server is the only scalable option… places that do hosted email often are $2/mailbox… for 150 that is $300/mo… Our server runs off of a $20 instance… Huge cost savings for a bit of work.
I ran a Zimbra mail server a while back with fail2ban preventing attacks but I still got hacked. Just didn’t seem worth the trouble. Turned it over to Google while you could still do free and have been good with that.
I’m using iRedMail as mailserver soulution and i’m pretty satisfied with it. Of couse, hosting your own mailserver is nothing for you if you do not have any idea how to handle it. But you can say this for everthing. I can also write an acticle thats called “Why You Should Not Run Your Own Web Server” or “Why You Should Not Run Your Own XYZ Server”.
If you let anything do others for you, you’ll learn absolutly nothing, and in my option thats the wrong way. Digital Ocean brings you a perfect platform to do what you want, try things out, and if it’s not working … jump back to a clean, fresh installed system, reachable from all over the world, and not only in your private home network.
So, thanks, Mitchell, for your tutorial, but please all of you try things out and learn how it works!
j2c skydriver
This is not a tutorial.
“Mail Servers Are Complex A typical mail server consists of many software components that provide a specific function.” Use iRedMail. If you can’t configure by yourself, iRedMail will do it for you. All you need is clean Ubuntu or another OS. Just run install script and reboot.