Poste.io is a complete mail server solution. It includes a web administration panel, a built in spam filter called RSPAMD, an antivirus engine with ClamAV, and a webmail client using Roundcube. It also handles the complex security records like SPF, DKIM, and DMARC through a simple setup wizard. This means your emails stay secure and actually land in the recipient’s inbox rather than the spam folder.
Preparing your Hetzner Server
Before you touch the command line, you must configure the Hetzner Cloud Firewall. This is an external security layer that sits in front of your server. In your Hetzner Cloud Console, navigate to your server and then to the Firewalls section. You need to create the following incoming rules to allow mail traffic:
| Service | Protocol | Port |
| SSH | TCP | 22 |
| HTTP | TCP | 80 |
| HTTPS | TCP | 443 |
| SMTP | TCP | 25 |
| SMTPS | TCP | 465 |
| Submission | TCP | 587 |
| IMAP | TCP | 143 |
| IMAPS | TCP | 993 |
| POP3 | TCP | 110 |
| POP3S | TCP | 995 |
| Sieve | TCP | 4190 |
Initial Server Preparation
Before we deploy the container, we need to ensure the base system is up to date and the firewall is properly configured.
First, update your package list and upgrade your system:
sudo apt update ; sudo apt full-upgrade -yInstall Docker and Docker compose:
curl -sSL https://get.docker.com/ | CHANNEL=stable sh ; sudo apt install docker-compose-pluginFirewall Configuration
Email servers require several ports to be open to communicate with other servers and allow you to access your mail. Use the following commands to configure the Uncomplicated Firewall (UFW):
sudo ufw allow 22,25,80,443,587/tcCheck the status and enable the firewall:
sudo ufw status
sudo ufw enableDeploying Poste.io with Docker
Make sure you have Docker installed on your system. Once ready, you can deploy the entire mail server with one command. Make sure to replace the volume path and the hostname with your own information.
docker run --restart=unless-stopped \
--net=host \
-e TZ=Europe/Prague \
-v /your-data-dir/data:/data \
--name mailserver \
-h mail.your.domain.org \
-d -t analogic/poste.ioRequired DNS Configuration
For your email server to be trusted by providers like Gmail or Outlook, your DNS records must be perfect. Here is exactly how to set up your records at your domain registrar. Replace the placeholders with your actual server details.
| Type | Host | Value |
| A | your_ipv4_address | |
| AAAA | your_ipv6_address | |
| CNAME | autoconfig | https://www.google.com/url?sa=E&source=gmail&q=mail.yourdomain.com |
| CNAME | autodiscover | https://www.google.com/url?sa=E&source=gmail&q=mail.yourdomain.com |
| MX | @ | https://www.google.com/url?sa=E&source=gmail&q=mail.yourdomain.com (Priority 10) |
| TXT | _dmarc | “v=DMARC1; p=reject;” |
| TXT | @ | “v=spf1 ip4:your_ipv4_address mx ~all” |
You will also need a TXT record for your DKIM key. You can find your specific key in the Poste.io administration panel under the domain settings. It will look similar to this:
Type: TXT Host: selector_code (found in your dashboard) Value: “v=DKIM1; k=rsa; p=your_unique_public_key_string”
Final Configuration
After the container is running, navigate to the web interface to complete the setup:
- SSL/TLS: Once you log into the Poste.io web admin, go to the System Settings and use the built in Let’s Encrypt wizard to secure your connections.
- Diagnostics: Run the connection test to ensure all ports are reachable.
- Create Mailbox: Add your first email account and test it with a client like Thunderbird.
Self hosting your email is a major step toward digital independence. By following these steps, you now have a private, secure, and professional email system that you control entirely.
Dont like it? Check out Mailcow.