# Mailu Mail Server – Full Setup Guide Domain: ghaymah.cloud Mail Server: Mailu (Docker) --- ## 1. Purpose Deploy a private mail server for a company using Mailu where: - Accounts are created by admin only - Internal mail works between users - External mail works with Gmail and other providers - The setup is secure and production-ready --- ## 2. Mailu Setup Wizard ### Step 1: Initial Configuration - **Mailu storage path** ``` /mailu ``` - **Main mail domain** ``` ghaymah.cloud ``` - **Postmaster local part** ``` admin ``` → `admin@ghaymah.cloud` - **TLS certificates** ``` Let's Encrypt ``` - **Rate limits** - Failed login per IP: 5/hour - Failed login per user: 50/day - Outgoing mail per user: 200/day - ✅ Enable Admin UI --- ### Step 2: Select Features - Webmail: Roundcube - Antivirus (ClamAV): Enabled - Oletools: Enabled - Tika: Disabled (high resource usage) --- ### Step 3: Expose Mailu to the Internet - **IPv4 listen address** ``` 158.220.97.132 ``` - **Docker network subnet** ``` 192.168.203.0/24 ``` - IPv6: Disabled - Internal DNS resolver (unbound): Enabled - **Public hostname** ``` mail.ghaymah.cloud ```` --- ### Step 4: Ports Default Mailu ports were used. HTTPS (443) was temporarily changed to **8443** to avoid conflicts. --- ### Step 5: Generate and Run Mailu ```bash docker compose up -d ```` --- ## 3. Web Interface Access * Admin / Webmail URL: ``` https://mail.ghaymah.cloud:8443 ``` ### ⚠️ Important Note Sometimes after startup, the **Web UI / Webmail may not load** due to a temporary issue with the front (nginx) container. ### Solution Restart the front container: ```bash docker restart mailu-front-1 ``` --- ## 4. Admin Configuration * Login as admin * Add domain: `ghaymah.cloud` * Create user accounts for employees * Generate DKIM keys from: ``` Admin → Domains → Generate keys ``` --- ## 5. DNS Records Configuration ### A Record ```dns mail.ghaymah.cloud A 158.220.97.132 ``` ### MX Record ```dns ghaymah.cloud MX 10 mail.ghaymah.cloud ``` ### SPF Record ```dns ghaymah.cloud TXT "v=spf1 ip4:158.220.97.132 mx -all" ``` ### DKIM Record ```dns mail._domainkey.ghaymah.cloud TXT "v=DKIM1; k=rsa; p=PUBLIC_KEY" ``` ### DMARC Record ```dns _dmarc.ghaymah.cloud TXT "v=DMARC1; p=none; rua=mailto:postmaster@ghaymah.cloud" ``` --- ## 6. Reverse DNS (PTR) Configured at the server provider (Contabo): ```text 158.220.97.132 → mail.ghaymah.cloud ``` --- ## 7. Testing and Verification ### DNS Checks ```bash dig MX ghaymah.cloud +short dig TXT ghaymah.cloud +short dig TXT mail._domainkey.ghaymah.cloud +short dig -x 158.220.97.132 +short ``` --- ## 8. Spam Detection & Analysis Tools The following tools were used to analyze why emails were going to **Spam** or being **rejected**: ### 8.1 Mail Tester 🔗 [https://www.mail-tester.com](https://www.mail-tester.com) * Sends a test email and provides a full spam report * Checks: * SPF * DKIM * DMARC * PTR (Reverse DNS) * IP blacklists * SpamAssassin score This is the most important tool for diagnosing email delivery issues. --- ### 8.2 MXToolbox 🔗 [https://mxtoolbox.com](https://mxtoolbox.com) Used to: * Verify MX records * Check SPF, DKIM, and DMARC records * Check Reverse DNS (PTR) * Detect if the IP is blacklisted --- ### 8.3 DNS Checker 🔗 [https://dnschecker.org](https://dnschecker.org) Used to: * Verify DNS propagation worldwide * Ensure MX and TXT records are visible globally --- ### 8.4 Google Admin Toolbox 🔗 [https://toolbox.googleapps.com/apps/checkmx/](https://toolbox.googleapps.com/apps/checkmx/) Used to: * Validate how Gmail sees the domain * Diagnose Gmail-specific delivery issues --- ## 9. Spam Issue Root Cause Emails were initially classified as spam or rejected due to: * Missing SPF record * Missing DKIM record * Incorrect PTR (Reverse DNS) * New domain and IP reputation * Test email content (very short messages) --- ## 10. Final Result * Mailu services running successfully * Internal mail working * External mail working (Gmail, etc.) * DKIM validated successfully * Spam issues resolved after proper DNS authentication --- ## 11. Notes * Public user signup is disabled * Only admin can create users * This mail server is intended for company use only ```