How to Install Mailcow with Docker
Before starting, confirm that your server meets the minimum requirements: a clean Linux installation (Ubuntu 22.04 or Debian 12 recommended), at least 6 GB of RAM (8 GB preferred), 20 GB of free disk space, a domain name you control with access to DNS settings, and a hosting provider that allows outbound SMTP on port 25. The server should not have any other mail-related services, web servers, or Docker installations running.
Prepare the Server
Start by setting the server's hostname to your mail subdomain. If your domain is example.com, set the hostname to mail.example.com. This hostname must match the A record you create in DNS and the PTR (reverse DNS) record your hosting provider sets for your IP address. Hostname mismatches cause authentication failures and delivery problems.
Update the operating system packages to their latest versions. On Ubuntu or Debian, run apt update && apt upgrade -y. After updating, verify that no services are listening on the ports Mailcow needs: 25 (SMTP), 80 (HTTP), 443 (HTTPS), 587 (submission), 465 (SMTPS), 143 (IMAP), 993 (IMAPS), 110 (POP3), and 995 (POP3S). Use ss -tlnp to check for port conflicts. If any of these ports are in use, stop and disable the conflicting service before proceeding.
Disable any system-level DNS stub resolver that might conflict with Mailcow's built-in DNS. On Ubuntu, systemd-resolved listens on port 53 and can interfere with Mailcow's Unbound container. Edit /etc/systemd/resolved.conf, set DNSStubListener=no, restart systemd-resolved, and update /etc/resolv.conf to point to a public DNS resolver like 1.1.1.1 or 9.9.9.9.
Install Docker and Docker Compose
Mailcow requires Docker Engine with the Compose plugin (not the older standalone docker-compose binary). Install Docker from the official Docker repository rather than the distribution's packages, as the distribution packages are often outdated.
Add Docker's GPG key and repository to your system, then install the docker-ce, docker-ce-cli, containerd.io, and docker-compose-plugin packages. After installation, verify Docker is running with docker version and confirm the Compose plugin is available with docker compose version. Both commands should return version information without errors.
Docker should start automatically on boot. Verify this with systemctl is-enabled docker. If it reports disabled, enable it with systemctl enable docker.
Clone Mailcow and Generate Configuration
Clone the Mailcow repository to /opt/mailcow-dockerized, the standard installation path. Navigate to the cloned directory and run the generate_config.sh script. The script prompts you for your mail server hostname (enter mail.example.com) and your preferred timezone. It generates the mailcow.conf file with your settings and sensible defaults for everything else.
Review mailcow.conf before starting the stack. Key settings to check include MAILCOW_HOSTNAME (must match your DNS), TZ (your timezone), SKIP_CLAMD (set to y if you want to skip ClamAV to save memory), and SKIP_SOLR (set to y to skip full-text search indexing). For servers with exactly 6 GB of RAM, disabling ClamAV and Solr significantly improves stability and responsiveness.
The configuration file also controls HTTP and HTTPS ports. If you need Mailcow to listen on non-standard ports because of a reverse proxy, adjust HTTP_PORT and HTTPS_PORT here. For most deployments, the defaults of 80 and 443 are correct.
Start the Mailcow Stack
From the Mailcow directory, run docker compose pull to download all container images, then docker compose up -d to start the stack in detached mode. The first pull downloads approximately 2 to 3 GB of container images, so allow time for this depending on your server's bandwidth.
Once the containers are running, Mailcow automatically obtains a Let's Encrypt TLS certificate for your hostname. This requires ports 80 and 443 to be reachable from the internet and your A record to already point to the server's IP address. If certificate acquisition fails, check your DNS records and firewall rules.
Monitor the startup process with docker compose logs -f. Watch for errors in the acme-mailcow container (certificate issues), the postfix-mailcow container (SMTP startup), and the dovecot-mailcow container (IMAP startup). Initial startup takes one to three minutes as all services initialize and connect to each other.
Access the Admin Interface and Add Your Domain
Open a browser and navigate to https://mail.example.com. Log in with the default administrator credentials: username admin and password moohoo. Change this password immediately after logging in through the admin panel's user management section.
Navigate to Configuration, then Mail Setup, then Domains. Click "Add domain" and enter your domain name (example.com). Set the default mailbox quota, maximum number of mailboxes, and maximum aliases according to your needs. Save the domain configuration.
With the domain added, create your first mailbox under Configuration, then Mail Setup, then Mailboxes. Enter the desired email address, set a strong password, and configure the mailbox quota. This mailbox is immediately functional for receiving mail once DNS records are configured correctly.
Configure DNS Records
Mailcow displays the exact DNS records you need in the admin panel under Configuration, then Server Configuration, then Configuration. This page shows the required MX, SPF, DKIM, and DMARC records with the correct values for your specific installation.
At your domain registrar or DNS provider, create the following records. The MX record for example.com should point to mail.example.com with priority 10. The SPF record is a TXT record on example.com, typically v=spf1 mx a -all. The DKIM record is a TXT record at the selector subdomain shown in the Mailcow panel, containing the public key generated during setup. The DMARC record is a TXT record at _dmarc.example.com with your chosen policy.
Verify the PTR record for your server's IP address points to mail.example.com. This is configured through your hosting provider's control panel, not your domain registrar. PTR record mismatches cause many major providers to reject or flag your mail.
Allow 15 to 30 minutes for DNS propagation before testing. Some records, especially DKIM, may take longer to become visible depending on your DNS provider's TTL settings.
Test and Verify
Send a test email from your new mailbox to a Gmail address. In Gmail, open the received message, click the three-dot menu, and select "Show original." Check the Authentication-Results header for spf=pass, dkim=pass, and dmarc=pass. All three should show pass for a properly configured Mailcow installation.
Use mail-tester.com for a comprehensive evaluation. Send a message to the address shown on their homepage, then check your score. A properly configured Mailcow installation should score 9 or 10 out of 10. If the score is lower, the report identifies the specific issues to fix.
Test the webmail interface by logging into SOGo at https://mail.example.com/SOGo with your mailbox credentials. Verify that you can send and receive messages, access contacts, and view calendar features. Test IMAP access from a desktop client like Thunderbird or a mobile device to confirm client connectivity works across protocols.
Finally, verify that your server handles updates correctly. Run ./update.sh from the Mailcow directory to pull the latest changes and rebuild containers. Mailcow's update script handles the complete process, including backing up the configuration, pulling new images, and restarting services.
Installing Mailcow is straightforward when you follow the correct order: prepare the server and DNS first, install Docker, clone and configure Mailcow, start the stack, then verify authentication. The most common problems stem from DNS misconfigurations, port conflicts with existing services, or insufficient RAM. Address these before installation, and Mailcow will run reliably with minimal ongoing maintenance beyond periodic updates.