OKAll services are operational
InfrawireInfrawire LogoDocumentation

Install and secure mailcow on a Linux VPS

Official mailcow documentation–aligned guide: system and DNS prerequisites, Docker installation, first start, hardening (password, 2FA, IPv6, firewall) and deliverability basics.

~1 min read
mailcowdockeremailsmtppostfix

mailcow: dockerized is a full self-hosted mail stack (Postfix, Dovecot, Rspamd, optional ClamAV, MariaDB, Redis, Nginx, SOGo, web UI) managed with Docker and Docker Compose.

What mailcow is for

  • Run your own mail server with a single admin UI.
  • Manage domains, mailboxes, aliases, quotas, spam settings, and more without stitching MTA/MDA/spam/webmail manually.

Deliverability requires correct DNS (MX, SPF, DKIM, DMARC) and PTR matching your hostname. See mailcow DNS prerequisites.

Official system requirements

From Prepare your system:

ResourceMinimum
RAM6 GiB + 1 GiB swap (default stack)
Disk20 GiB (excluding mailboxes)
Archx86_64 or ARM64

Not supported: OpenVZ, Virtuozzo, LXC, Synology/QNAP-style NAS. Use full virtualization (KVM, etc.).

Free host ports 25, 80, 110, 143, 443, 465, 587, 993, 995, 4190 before install:

Bash
ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'

Optional: SKIP_CLAMD=y and SKIP_FTS=y in mailcow.conf to reduce RAM.

1 — System packages (Debian/Ubuntu)

Per Install mailcow:

Bash
sudo apt update
sudo apt install -y git openssl curl gawk coreutils grep jq

2 — Docker Engine and Compose v2

Docker ≥ 24.0.0, Compose ≥ 2.0. Recommended install:

Bash
curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
sudo systemctl enable --now docker
sudo apt update
sudo apt install -y docker-compose-plugin

Verify: docker --version and docker compose version (note: docker compose, not docker-compose).

3 — Clone and generate config

Bash
1sudo su
2umask 0022
3cd /opt
4git clone https://github.com/mailcow/mailcow-dockerized
5cd mailcow-dockerized
6./generate_config.sh

Edit mailcow.conf as needed. For hosts without proper IPv6, mailcow 2025-09+ supports:

Bash
ENABLE_IPV6=false

Then full stack restart — see Disable IPv6.

4 — Start

Bash
docker compose pull
docker compose up -d

Admin UI: https://YOUR_MAILCOW_HOSTNAME/admin

Default login: admin / moohoochange immediately.

Security after login

  1. Change the admin password in the UI.
  2. Enable 2FATwo-Factor Authentication.
  3. Ensure NTP time sync (timedatectl status).
  4. Publish DKIM from the UI + SPF and DMARC TXT records.
  5. Firewall: mailcow warns that UFW/firewalld can conflict with Docker; prefer DOCKER-USER chain rules — see Firewall & Ports in prerequisite-system.

MTU not 1500

Adjust com.docker.network.driver.mtu as in install troubleshooting.

Admin password reset

Bash
cd /opt/mailcow-dockerized
./helper-scripts/mailcow-reset-admin.sh

See Reset passwords.

Further reading: GitHub — mailcow-dockerized.

Previous

Configure Fail2ban on a Linux VPS

Next

Install Node.js and npm on a Linux VPS

Need help?

Support

Our team is available 24/7 to help you

Discord

Join our community