4.2 KiB
Mail Server: Mailu (Docker)
1. Purpose
Deploy a private mail server for a company using Mailu where:
- Accounts are created by admin only
- Internal mail works between users
- External mail works with Gmail and other providers
- The setup is secure and production-ready
2. Mailu Setup Wizard
Step 1: Initial Configuration
- Mailu storage path
/mailu
- Main mail domain
ghaymah.cloud
- Postmaster local part
admin
→ admin@ghaymah.cloud
- TLS certificates
Let's Encrypt
-
Rate limits
-
Failed login per IP: 5/hour
-
Failed login per user: 50/day
-
Outgoing mail per user: 200/day
-
✅ Enable Admin UI
Step 2: Select Features
- Webmail: Roundcube
- Antivirus (ClamAV): Enabled
- Oletools: Enabled
- Tika: Disabled (high resource usage)
Step 3: Expose Mailu to the Internet
- IPv4 listen address
158.220.97.132
- Docker network subnet
192.168.203.0/24
-
IPv6: Disabled
-
Internal DNS resolver (unbound): Enabled
-
Public hostname
mail.ghaymah.cloud
Step 4: Ports
Default Mailu ports were used.
HTTPS (443) was temporarily changed to 8443 to avoid conflicts.
Step 5: Generate and Run Mailu
docker compose up -d
3. Web Interface Access
-
Admin / Webmail URL:
https://mail.ghaymah.cloud:8443
⚠️ Important Note
Sometimes after startup, the Web UI / Webmail may not load due to a temporary issue with the front (nginx) container.
Solution
Restart the front container:
docker restart mailu-front-1
4. Admin Configuration
-
Login as admin
-
Add domain:
ghaymah.cloud -
Create user accounts for employees
-
Generate DKIM keys from:
Admin → Domains → Generate keys
5. DNS Records Configuration
A Record
mail.ghaymah.cloud A 158.220.97.132
MX Record
ghaymah.cloud MX 10 mail.ghaymah.cloud
SPF Record
ghaymah.cloud TXT "v=spf1 ip4:158.220.97.132 mx -all"
DKIM Record
mail._domainkey.ghaymah.cloud TXT "v=DKIM1; k=rsa; p=PUBLIC_KEY"
DMARC Record
_dmarc.ghaymah.cloud TXT "v=DMARC1; p=none; rua=mailto:postmaster@ghaymah.cloud"
6. Reverse DNS (PTR)
Configured at the server provider (Contabo):
158.220.97.132 → mail.ghaymah.cloud
7. Testing and Verification
DNS Checks
dig MX ghaymah.cloud +short
dig TXT ghaymah.cloud +short
dig TXT mail._domainkey.ghaymah.cloud +short
dig -x 158.220.97.132 +short
8. Spam Detection & Analysis Tools
The following tools were used to analyze why emails were going to Spam or being rejected:
8.1 Mail Tester
-
Sends a test email and provides a full spam report
-
Checks:
- SPF
- DKIM
- DMARC
- PTR (Reverse DNS)
- IP blacklists
- SpamAssassin score
This is the most important tool for diagnosing email delivery issues.
8.2 MXToolbox
Used to:
- Verify MX records
- Check SPF, DKIM, and DMARC records
- Check Reverse DNS (PTR)
- Detect if the IP is blacklisted
8.3 DNS Checker
Used to:
- Verify DNS propagation worldwide
- Ensure MX and TXT records are visible globally
8.4 Google Admin Toolbox
🔗 https://toolbox.googleapps.com/apps/checkmx/
Used to:
- Validate how Gmail sees the domain
- Diagnose Gmail-specific delivery issues
9. Spam Issue Root Cause
Emails were initially classified as spam or rejected due to:
- Missing SPF record
- Missing DKIM record
- Incorrect PTR (Reverse DNS)
- New domain and IP reputation
- Test email content (very short messages)
10. Final Result
- Mailu services running successfully
- Internal mail working
- External mail working (Gmail, etc.)
- DKIM validated successfully
- Spam issues resolved after proper DNS authentication
11. Notes
- Public user signup is disabled
- Only admin can create users
- This mail server is intended for company use only