How to Set Up a Mail Server on a VPS

Before installing any software, configure DNS correctly. A mail server without proper DNS records will have every email flagged as spam regardless of content. Set an A record for your mail subdomain: `mail.yourdomain.com` pointing to your VPS IP. Set an MX record for your domain pointing to `mail.yourdomain.com` with priority 10. This tells other mail servers where to deliver email addressed to your domain. Reverse DNS (rDNS/PTR record) is critical and often overlooked. Most major email providers (Gmail, Microsoft) check that the IP address resolves back to the hostname in the SMTP HELO. Your VPS provider must set this - you cannot set it in your domain registrar's DNS panel. Contact Anubiz Host support to set the PTR record for your IP to `mail.yourdomain.com`. Mismatched rDNS is one of the top spam filter triggers. Check your IP's reputation before proceeding. Look it up on MXToolbox (mxtoolbox.com/blacklists) and Spamhaus (check.spamhaus.org). If the IP is listed on a blocklist from a previous tenant, contact the blocklist to request delisting - provide evidence that you are a new legitimate user of the IP. Starting on a clean IP saves significant deliverability headaches.

Install the core components: `apt install -y postfix dovecot-core dovecot-imapd dovecot-lmtpd`. During Postfix installation, select "Internet Site" and enter your domain. Postfix handles SMTP (sending and receiving mail); Dovecot handles IMAP (client access) and local delivery. Configure Postfix in `/etc/postfix/main.cf`. Key settings: `myhostname = mail.yourdomain.com`, `mydomain = yourdomain.com`, `myorigin = $mydomain`, `inet_interfaces = all`, `mydestination = $myhostname, localhost`, `home_mailbox = Maildir/`. The `Maildir` format stores each message as a separate file, which is more reliable than the old mbox format and easier to back up. Configure Dovecot for IMAP access. Edit `/etc/dovecot/conf.d/10-mail.conf` to set `mail_location = maildir:~/Maildir`. In `10-auth.conf`, set `disable_plaintext_auth = yes` (force SSL) and `auth_mechanisms = plain login`. In `10-ssl.conf`, point to your Let's Encrypt certificate: `ssl_cert =

These three DNS-based standards are essential for inbox delivery. SPF (Sender Policy Framework) tells receiving servers which IPs are authorized to send email for your domain. Add a TXT record: `v=spf1 mx a ip4:YOUR.VPS.IP ~all`. The `~all` (soft fail) is recommended initially; switch to `-all` (hard fail) after verifying everything is working. SPF alone prevents the most basic spoofing. DKIM (DomainKeys Identified Mail) cryptographically signs outgoing mail so recipients can verify the message was not modified in transit. Install `opendkim` and `opendkim-tools`: `apt install opendkim opendkim-tools`. Generate a key pair: `opendkim-genkey -t -s mail -d yourdomain.com`. This creates `mail.private` and `mail.txt`. Add the contents of `mail.txt` as a TXT DNS record at `mail._domainkey.yourdomain.com`. Configure Postfix to use OpenDKIM as a milter by adding the milter settings to `main.cf`. DMARC (Domain-based Message Authentication Reporting) ties SPF and DKIM together and specifies policy when checks fail. Add a TXT record at `_dmarc.yourdomain.com`: `v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100`. Start with `p=quarantine` (spam folder for failures) rather than `p=reject` until you confirm all legitimate sending sources are covered by SPF and DKIM. The `rua` address receives aggregate reports showing you which emails are passing and failing DMARC checks.