I want a secure mail solution, as I am looking to move away from Google and other parties looking into my private data.

How much of a PITA is it to setup my own mailserver? Should I go for an external provider with a good privacy policy and encrypted data instead?

I have a VPS running Debian (with a dedicated IP + reverse DNS), and I'm a fairly capable Linux administrator, having setup a couple of webservers, home networks, and looking over the shoulder of sysadmins at work.

The security I currently have on the VPS is limited to iptables and installing/running the bare minimum of what I need (currently basically irssi and lighttpd).

When setting up a mail server, is there a lot of stuff to take into consideration? Will my outgoing mail be marked as spam on other servers if I don't implement a number of solutions? Will reliable spam filtering be difficult to setup? Can I easily encrypt the stored mail?

  • 3
    You understand that even with your own mail server other people will still be able to read your mail by simply reading the mail from the person who send a message to you, or the mailbox of the person you sent the message to? Your ISP can simply intercept the message as it crosses the their network. Given the how many people use yahoo,gmail,hotmail accounts it is very likely someone will be able to a large majority of your mail even if your mailbox isn't hosted with them. If you are really paranoid try and get your friends to use GPG.
    – Zoredache
    Commented Mar 23, 2010 at 18:26
  • 2
    I receive much more mail than I send, and at least my outgoing mail will be split over several providers, lessening the implications of data mining. It's not about communicating state secrets, it's just that I don't want any third party to know everything about me.
    – Jacob R
    Commented Mar 24, 2010 at 8:50
  • @Zoredache not true anymore, there is SSL for emails nowadays.
    – Rolf
    Commented Sep 13, 2018 at 20:20

9 Answers 9


I run several mail servers of varying sizes ranging from my own for two users to hundreds of IMAP mailboxes. My opinion of email can be summed up by telling you that I am planning to decommission my own private mail server and move to Gmail for my domain.

The main reason why I want rid of this responsibility is spam. It is compute- and resource-expensive to filter inbound spam with any kind of effectiveness. It takes time and effort on my part to maintain the spam filtering to ensure that we are as up-to-date as possible with the techniques being used by the spammers. And then there are times when your tools seem to be actively mis-maintained by the maintainers, such as when SpamAssassin started marking up everything with a date in 2010 or later because it was impossibly far in the future.

Greylisting works much of the time too, but some relay systems just can't deal with it properly -- and even though greylisting is legal, dealing with the broken systems is your problem.

Using black-lists can skim much of it off, but inevitably someone finds a blacklisted host that they want to receive mail from.

If you run a mail server, blacklisting is always your problem. You get blacklisted so your users can't mail out? That's your problem. Especially when the blacklist is some penny-ante ISP in Southern Wisconsin which is blacklisting you because ten years ago your IP block was used by some fly-by-night DSL provider and not the backbone provider it is today. Or they insist that they have to run a "relay test" on your server before they'll de-list you, even though the IP that is in their list is an outbound-only IP and doesn't accept email from the internet at large.

Someone trying to email one of your users gets blacklisted so they can't mail you? That's your problem. The email is always of earth-shattering importance and it is up to you to create an exception to let their email in.

Secondary-MXing is broken. Spammers just beat up on that, and your system gets to accept, then scan and possibly bounce, drop, or false-negative it into your users mailbox. Frankly I never secondary-MX anymore because if my primaries are offline for longer than it takes email to die then I've got bigger problems (probably headed by the need for finding a new job).

Then there are the RFC-nazis. You'll get blacklisted if you are not strictly RFC compliant. And then you'll get shouted down by people who hate the fact that your anti-spam choses to bounce rather than just drop, meaning the innocent people used as header-forging get buried in the back-scatter.

Email used to be interesting and fun. Now it's just one long, slow, hard kick in the nuts (pardon my colloquialism).

  • ...and yes, I'm aware that if this was /. people would be asking for a (-1, bitter) moderation option. Commented Mar 24, 2010 at 2:50
  • 2
    Since this comes up in 2019 as one of the first results, I question whether this is still accurate, it being a 9 year old description of what spam used to be like.. I've been running my own mailserver for several years for personal use (one mailbox, my e-mail address is publicly listed online). SpamAssassin with almost default configuration does a very good job detecting spam, though rarely some important e-mail does end up in Junk (which is why you have a Junk folder in the first place). Sometimes you might get blocked by ISPs based on the IP (range) you're hosting your server in though. Commented Jun 8, 2019 at 23:20

Depending on the features you demand of your mailserver solution it can be "easy" to do. If you want to have a feeling for what you are doing you need to get familiar with the terms of mailserver setup and from there decide what tradeoffs you can live with. I have no great oevrview at hand, but here is the checklist I would follow(my experience is 1-2years old):

  • Install postfix for SMTP. If i'm only handling 10-20 mailboxes I would use simple posthash files for "account management" with virtual domains.
  • Buy MXBackup solution from somewhere so when/if my server is down, my mail will be stored waiting for me to fix it
  • Setup a imap server for reading mail. Probably courier-imap again
  • Really consider if I need to be able to use my server for outgoing mail. Could my network ISP supply me with outgoing smtp? As Jeff mentioned on the podcast, it is getting increasingly harder to setup smtp so you can send to everybody. Ipranges can be blocked, reverse ip adresse must be setup properly, handling of SPF etc.
  • Setup amavisd for spam filtering

But most of all, I probably wouldnt do it all. I would "go for an external provider with a good privacy policy and encrypted data instead?"


As a start off, I found setting up my server from the HowToForge website excellent. I was setting up a full webserver and mailserver etc with little knowledge of it. It is up and running for the last year with no hiccups.

Start of tutorial: http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3

Specific mailserver page: http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3-p3


If you do it yourself, I would recommend looking at Zimbra. It's a pretty hefty for a VPS, but the install does pretty much everything for you except SPF/DKIM.

To answer your other questions:

Will my outgoing mail be marked as spam on other servers if I don't implement a number of solutions?

You should, at a minimum, set up a SPF record, which is very simple. Whether or not your mail is marked as spam has a lot to do with the IP range of your host.

Will reliable spam filtering be difficult to setup?

Depends on what sort of setup you do. In Zimbra, it comes out of the box.

Can I easily encrypt the stored mail?

You could store the messages on an encrypted filesystem. Not sure if this is exactly what you want, but I wouldn't recommend another solution, due to complexity.


Setting up an Email Server locally is the simplest thing to do. There are many Email servers that are easy to setup. My personal preference would be Postfix. This is also the default in many Linux distros.

However, as others point out, the main issues will be in both Inbound and Outbound SPAM Controls. Without Inbound SPAM Controls, you will be wasting bandwidth and have inconsistent performance issues.

Without Outbound controls, you are likely to face Delivery issues.

If you want to maintain everything in-house, put in a nice SPAM filter in front of the Email Server. Otherwise, you can have a local Email server and outsource your Outbound/Inbound scanning to services like SAFENTRIX. The scanning services do not store your emails (they are just scan and forward services) and privacy issues might be less.


Not to be underestimated.

However, don't let this stop you, it's a nice feeling when you succeed!

There are many consideration, and email is a relatively unforgiving environment. For example, emails from your server can be flagged as spam (end up in the Spam folder) and you would have no indication of this happening. They can even be silently discarded. It could be due to misconfiguration, your server IP having a high spam score (due to previous tenants) or God knows what.

As another example, I was hosting a mailserver on Windows, running the user-friendly hMailserver. However I made a wrong choice in the authentication settings, leaving my server open for abuse. A few days or weeks later, someone found out and took advantage. I found my server unresponsive, and had to restart it. Then I found out that it had sent about 300000 spam emails in less than two days.

However, if you're a Debian user, you're in luck. I finally moved to a Debian hosted mailserver, following the instructions in this great article for installing and configuring the different parts. It went smoothly; I was set up within a few hours:


Then I used ImapSync to migrate all my emails to the new server. You can download a licensed version of ImapSync on their site (which is kind of ugly).

For checking your mail on the web (even your Gmail account!), have a look at Rainloop

This setup works well however Gmail is still #1 feature-wise.

By the way, it supports SSL so that your email is encrypted during transport.


I have used this tutorial twice, both times I failed multiple times to get everything working correctly. First time I spend 2 days while I got it working. (about 5-6 years ago)


In both cases it was like walking on red hot nails bare foot while eating most spicy chilly mixed with most throat burning alcohol.

Can´t understand why there is no one make a fool-proof easy to setup solution that is pluginable.

For some example as a webdeveloper I can relate to php. It has extensions, you can also configure things by just looking on the keyboard.

To answer your question, I think it´s because of the Unix community mindset. If a "Dr. Poweruser Sysadmin Hacker Pentester John Doe" can set it up then don´t fix it and let it be the way it is.

Look at MS Server setting up a mail server is mostly next next finish and it works and it can do the same thing.

I like generally saying linux, but c´mon its 2019.


Gmail for your domain. The hassle out outbound SMTP is just simply not worth it anymore for a smallish <100 mailboxe server. just my two cents

  • 2
    Except he clearly states in the first sentence of his question that they're trying to move away from Google Commented Mar 24, 2010 at 0:36

Setting up a mail server on your Debian based Linux OS is not very difficult and it is an art that can be mastered.

First, you would require installing a Mail Transfer Agent(MTA) like Postfix on your Linux server.

Then, to deliver emails to local mail boxes and allow POP/IMAP clients to connect to your VPS, you would require a software like Dovecot.

You will also need a MUA (Mail User Agent). This is a software like Outlook, Thunderbird, Roundcube or Squirrelmail that connects to the POP/IMAP server to read and submit emails.

Before you do this, make sure that your hosting provider does not block port 25 because you would require this port for outgoing emails.

If port 25 outbound direction is blocked but inbound direction is allowed, then you would need to use an external SMTP service for sending emails but you would still receive emails normally on the server(since inbound direction is not blocked).

You will have to use SSL to ensure emails are encrypted and avoid the chance of them being marked as spam by other servers.

Also, to filter spam in your server, you will require a software like SpamAssassin.

The good thing about setting up your own mail server is flexibility. You can support as many domains and email addresses on a single VPS as you like.

You will spend most of the efforts in configuring the MTA(e.g. postfix) and POP/IMAP software(e.g. Dovecot)

Having said that, it is absolutely clear that you can setup a self manager email server and still have most if not all enterprise based features that popular email providers like Google can offer.

  • That's the trivial part. Commented Sep 13, 2018 at 21:57
  • 1
    stop spamming Alibaba in your posts.
    – Sven
    Commented Sep 13, 2018 at 22:44

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .