ghassan/self-hosted-email-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add readme.md

Browse Source
This commit is contained in:
Ghassan Yusuf 2025-10-22 04:00:02 +03:00
commit 6f90d833e5
1 changed files with 150 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
readme.md Normal file
View File

@ -0,0 +1,150 @@
# Step-by-Step Guide to Self-Hosting a Company Email Server on Proxmox VE with Cloudflare Zero Trust Tunnel
This tutorial combines our detailed discussion on DNS records, self-hosted email servers, resource planning, Proxmox deployment, and Cloudflare Zero Trust tunnel configuration to build a professional email service for ~300 users.
***
## 1. Understand Domain Name Records Relevant for Email Services
Before setting up your email server, ensure your domain DNS is properly configured with these essential records:
- **A and AAAA Records:** Point your domain/subdomains to IP addresses.
- **MX Records:** Specify mail servers responsible for email delivery.
- **TXT Records:** Include SPF, DKIM, and DMARC policies for email authentication.
- **CNAME Records:** Configure aliases if needed.
- **NS Records:** Define authoritative name servers.
***
## 2. Choose the Right Email Server Software
For company use (~300 emails), these are recommended:
| Software | Features | Best Use Case |
|--------------|---------------------------------|---------------------------------|
| **Mailcow** | Dockerized, full suite, UI | Enterprise-grade, multi-domain |
| **iRedMail** | Stable, bare-metal/Linux install | Simpler setup, less resource heavy |
| **Mailu** | Lightweight Docker stack | Resource-conscious deployments |
| **Maddy** | Minimal, Go-based, very light | Small servers, minimal overhead |
| **Mail-in-a-Box** | Automated full setup | Beginners, minimal Linux skill |
***
## 3. Plan Resource Allocation for 300 Users
| Resource | Minimum | Recommended | Notes |
|-----------|-------------|------------------|-------------------------------------|
| CPU | 2 vCPUs | 46 vCPUs | Mail servers handle multiple processes |
| RAM | 4 GB | 8 GB | Spam filters & IMAP sessions require memory |
| Storage | 300 GB SSD | 500 GB SSD or NVMe | Fast disk I/O improves email access |
| Network | 100 Mbps | 1 Gbps preferred | For smooth inbound/outbound mail flow |
***
## 4. Deploying Your Mail Server on Proxmox VE
### 4.1 Create Virtual Machines or LXC Containers
- **Mail Server VM:** 6 vCPUs, 8GB RAM, 500GB SSD (running Mailcow or iRedMail)
- **Mail Gateway VM:** 2 vCPUs, 4GB RAM, 40GB SSD (optional, for Proxmox Mail Gateway)
### 4.2 Install Mail Server Software
**Mailcow Installation (Recommended Docker Setup):**
```bash
apt update && apt install -y git docker.io docker-compose
# Clone Mailcow and generate config
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
./generate_config.sh
docker compose pull && docker compose up -d
```
Access the admin panel at `https://mail.example.com`
**iRedMail Installation (LXC or VM):**
```bash
# Download and extract
wget https://github.com/iredmail/iRedMail/archive/tags/1.6.2.tar.gz
tar zxvf 1.6.2.tar.gz
cd iRedMail-1.6.2
bash iRedMail.sh
```
Choose required options during setup.
### 4.3 Configure DNS Records
- Set MX records to point to your mail server domain.
- Add SPF, DKIM, and DMARC TXT records.
- Configure A/CNAME records for mail-related subdomains.
***
## 5. Using Proxmox Mail Gateway (PMG) for Spam Filtering (Optional but Recommended)
- Install PMG as separate VM.
- Configure PMG to relay mail to your Mailcow/iRedMail server.
- Set your MX records in DNS to point to PMG.
***
## 6. Integrate Cloudflare Zero Trust Tunnel for Secure External Access
### 6.1 Create Tunnel
- In Cloudflare Zero Trust dashboard, create a new tunnel.
- Download configuration/token.
### 6.2 Install cloudflared
```bash
curl -L -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared.deb
cloudflared service install <your-token>
```
### 6.3 Map Subdomains and Ports
- In Zero Trust dashboard, add hostnames such as `mail.example.com` and map to your mail server IP and ports.
- Use **HTTPS** for webmail/admin interface.
- Use **TCP tunneling** for SMTP (25, 465, 587), IMAP (143, 993).
### 6.4 DNS Settings in Cloudflare
- Use **DNS-only (grey cloud)** for mail protocol ports.
- Use **Proxy (orange cloud)** for web interfaces.
### 6.5 Secure Access
- Apply Zero Trust access policies requiring authentication to admin panels.
- Restrict inbound access to tunnel IP only.
***
## 7. Firewall and Network
- Block all direct public access to mail ports except from Cloudflare tunnel.
- Open firewall ports on VMs for Cloudflare's IP ranges
- Use static IPs and bridge networking in Proxmox.
***
## 8. Backup, Monitoring, and Maintenance
- Schedule daily backups + snapshots of mail storage and VMs.
- Monitor Cloudflare tunnel service and logs.
- Regularly update mail server software and cloudflared.
- Monitor spam statistics and user mailbox quotas.
***
### Summary
By following these steps, you build a robust, efficient, and secure self-hosted email solution on Proxmox VE, leveraging Cloudflare Zero Trust tunnel for external access and strong identity control. This setup balances performance, security, and manageability, tailored to a company with 300+ emails.
***
If you want, I can assist with detailed configurations, example scripts, or troubleshooting next. Just let me know your preferred mail server software and Proxmox setup details!