I’ve always been fascinated by how email actually works. You type a message, hit send, and a few seconds later, it shows up somewhere else in the world. There’s a lot happening behind that one click.
A while back, I decided to try running my own email server instead of depending on Gmail or Outlook. It wasn’t just about curiosity but also about control. I wanted my data to stay on servers I manage, not in someone else’s giant datacenter.
In this post, I’ll walk through how I got Postfix and Dovecot working on AWS, using SSL for security. If you’ve got some Linux experience and a few spare hours, you can get this running too.
Why I Wanted My Own Email Server
Let’s be real — it’s easy to use the big players. Gmail and Zoho are great until you start thinking about privacy or the idea of depending entirely on another company. When you host your own email, a few things change:
- You’re in charge. Nobody decides storage limits or filters for you.
- Your privacy stays yours. No background scanning or hidden analytics.
- It grows with you. Add users, increase storage, move servers — your call.
- You spend less. On AWS, you only pay for what you actually use.
It’s not for everyone, but if you enjoy having real control over your setup, it’s absolutely worth it.
What I Used
Here’s what went into my setup:
- Postfix – this is what handles sending and receiving mail (SMTP).
- Dovecot – this manages the mailboxes and allows clients like Outlook or Thunderbird to fetch messages (IMAP/POP3).
- Let’s Encrypt SSL – free SSL certificates to keep traffic encrypted.
That’s really all you need to get started.
Step 1. Setting Up the Server on AWS
I logged in to the AWS console and spun up a small EC2 instance (Ubuntu 22.04, but Debian works fine too). You can use a t2.micro. it’s enough for testing.
Then, I made sure the security group allowed:
- 22 SSH
- 25 SMTP
- 465,587 SMTPS
- 993 IMAPS
Once the instance was running, I took note of the public IP. That’s what the domain will point to later.
Step 2. DNS Configuration
This part’s simple but important. Without DNS records, other mail servers won’t know where to send your mail.
In Route 53 (or your registrar’s panel), I created:
- A Record: mail.mydomain.com → [my EC2 IP]
- MX Record: Points to mail.mydomain.com
- PTR Record: This is reverse DNS; without it, many servers will reject your mail.
Once DNS propagated, I was ready to move on.
Step 3. Installing the Basics
I SSH in and run
- sudo apt update && sudo apt upgrade -y
- sudo apt install postfix dovecot-core dovecot-imapd dovecot-pop3d ufw certbot -y
When Postfix asked for the mail configuration type, I chose Internet Site and used mail.mydomain.com as the system mail name.
Step 4. Postfix Configuration
This was the part that took me a bit to understand the first time.
Postfix acts as the middleman — it decides how mail is routed and which connections it accepts.
I edited:sudo nano /etc/postfix/main.cf
and added:
myhostname = mail.mydomain.com
mydestination = localhost, mail.mydomain.com
home_mailbox = Maildir/
mynetworks = 127.0.0.0/8
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.mydomain.com/privkey.pem
Then restarted Postfix:
sudo systemctl restart postfix
Step 5. Dovecot Setup
Dovecot is what lets users read emails through an app or client.
I made a few quick edits in sudo nano /etc/dovecot/dovecot.conf
Added:
protocols = imap pop3
Then in: sudo nano /etc/dovecot/conf.d/10-mail.conf
Added: mail_location = maildir:~/Maildir
And enabled SSL:
sudo nano /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
Restarted it:
sudo systemctl restart dovecot
Step 6. SSL Certificates
To get SSL working, I installed Let’s Encrypt’s Certbot:
sudo apt install certbot -y
sudo certbot certonly –standalone -d mail.mydomain.com
To make sure the certificate renews automatically, I added:
sudo crontab -e
0 3 * * * certbot renew –quiet
Step 7. SPF and DMARC
To make sure outgoing emails don’t go to spam, I added these DNS records:
SPF:
v=spf1 mx a ip4:<your-server-ip> -all
DMARC:
v=DMARC1; p=none; rua=mailto:admin@mydomain.com
After a few minutes, those started taking effect.
Step 8. Optional — Hardening Security
I installed Fail2Ban just to keep brute-force attempts out:
sudo apt install fail2ban -y
It’s a small step but makes a big difference.
Step 9. Testing It Out
Before I connected my mail client, I ran:
sudo systemctl status postfix
and
tail -f /var/log/mail.log
Then sent a test:
echo “Mail server test” | mail -s “Test” you@yourdomain.com
When that landed in my inbox, I’ll admit, it felt good.
Mail Client Configuration
| Setting | Value |
| IMAP | mail.mydomain.com — Port 993 (SSL/TLS) |
| SMTP | mail.mydomain.com — Port 465 or 587 (SSL/TLS) |
| Username | your email address |
| Password | your chosen password |
And just like that, I could send and receive from my own server.
Final Thoughts
Running your own email server isn’t “set and forget.” You’ll want to keep an eye on logs, renew SSLs, and occasionally update configs. But once you get it working, it’s honestly satisfying. You understand every piece of how your mail works — from DNS to delivery.
If you’d rather not spend a weekend figuring out the finer details, our team can help with that, with all the security, monitoring, and deliverability tuning built in.
Partner with SupportPRO for 24/7 proactive cloud support that keeps your business secure, scalable, and ahead of the curve.
