All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Self-hosted Mailcow, relaying through MXRoute
I self-host my emails using Mailcow. Inbound emails come directly to my server, but outbound emails are routed through MXRoute because their deliverability is much better than mine.
Someone asked about this setup in another thread:
@Daniel15 said:
@the_doctor said: Do you have any tips to get the IP reputation up?
I cheated 🤣 I relay outbound emails through MXRoute.
I already had a good Black Friday package for MXRoute. I set up a catchall account for each domain in MXRoute, then on my server I use Mailcow and configured each domain to use the relevant account for relaying. Inbound mail comes directly to me, while outbound email goes via MXRoute. It works great.
I would have used MXRoute but I have some specific requirements. My email account has ~400k emails in it. I need to clean it up at some point, but I do search through them to find old emails sometimes. Search on an account that size is just impossible without something like Solr (which MXRoute doesn't use). I used to have this account at MXRoute and tried their search but gave up after waiting a minute with no results.
Oh, can I message you about your setup? I used to self host, then switched to MXRoute but I've been having issues with increased spam and legit emails I signed up to not making it through despite whitelisting the domain.
So I was thinking about self hosting the receiving again, and using MXRoute for outbound.
so I figured I'd post here rather than just PMing them.
In Mailcow, set up your domains and mailboxes like normal. I assume you've already done this.
In MXRoute's cPanel or DirectAdmin, create one account per domain.
Configure the account as a catchall for the domain. In cPanel, this is under Forwarders / Aliases → Add Domain Forwarder. Not sure where it is in DirectAdmin as I don't have any DirectAdmin accounts to test with. The reason it needs to be a catchall is so it can be used to send mail from any address at the domain.
Set your MX record to your server (not MXRoute), and the SPF to both your server and MXRoute. Example SPF:
v=spf1 ip4:198.51.100.1 ip6:2001:db8::1 include:mxroute.com -all
where 198.51.100.1 and 2001:db8::1 are your server's IPs. You can use mx instead of specifying the IPs, but that adds an extra DNS lookup, and SPF records fail if there's too many DNS lookups required.
If you use DKIM/DomainKeys, configure it for both your server and MXRoute, using different selectors for each. Details about how to configure this are outside the scope of this post.
In Mailcow, go to Configuration (in the top menu) → Configuration & Details → Routing tab.
Under "Add sender-dependent transport", add the login details for your account:
Once it's added, click the "test" button next to it
Enter a from address at your domain, leave the to address as [email protected], and ensure it works (you get a 250 OK at the end):
Go to Configuration → Mail Setup → Domains, and click "Edit" next to the domain
In the "Sender-dependent transports" dropdown, select the correct relay for this domain:
Now send an email through webmail or your email client, and see if it works. 
These instructions show Mailcow since that's what I use, however it uses a standard Postfix feature called sender_dependent_relayhost_maps, so you can do the same thing through other systems like Mail-in-a-box or by directly modifying the Postfix config.
Comments
Very helpful tutorial👍
Mailcow is super nice and simple. I have a server setup and relaying mail through Amazon SES to avoid delivery issues.
+1 for this very helpful tutorial
But, why not just use mxroute?
bruh, you should read the post.
Covered in my original post:
Additionally I like having more control over the spam filtering.
How is SoGo?
I actually did a very similar setup a few hours before you posted this tutorial
I'm currently using a small Netcup VPS with Mailcow. Outbound emails are being relayed through Postmark and it works super well! It's my first time using Mailcow and it's a very nice piece of software. I probably would've used MXRoute instead, but I preferred Postmark because the UI is very nice and it has pretty nice tracking features (+ I'm primarily sending & not receiving mail).
It can't handle the size of my inbox so I don't use it.
I've got Roundcube and Afterlogic Webmail Lite configured (separately to Mailcow) but very rarely use them. In general I've found that self-hosted webmail clients are stuck in the 2000s - they poll for updates instead of using real-time updates, create a new IMAP connection on every poll rather than having a persistent connection, no push notifications, etc. which makes them pretty inefficient and error-prone, so I don't usually use them.
I thought you're a server provider? Not using your own servers? 🤔 (or is it intentionally outside your network?)
I'd like to know what backup strategy of mailcow you use. Can you give some insight?
So what email client do you actually use?
I knew I forgot to mention something in my comment. Hahaha. I use Mozilla Thunderbird. I've tried a bunch of email clients and Thunderbird is still the best.
I use Borgbackup to back up the entire maildir (vmail Docker volume) plus the Mailcow configs. It works pretty well. Make sure you also back up the crypt-vol-1 Docker volume as it contains the encryption key for the maildir. I think I just backup all the Docker volumes but I can check my config tomorrow (about to go to sleep now).
This might be slightly offtopic but, people what email client do you use for mobile?
In DirectAdmin, I just create another account for relaying without setting up catchall. Works fine.
Also in the DirectAdmin, you could turn off the DKIM so only Mailcow's DKIM will be used.
On Android I use FairEmail (https://email.faircode.eu/). It's one of my favourite email clients across any platform. Very customisable, reliable, and its developer is on this forum (@M66B ). It has all the features I need, including the ability to show a unified thread list across multiple folders by default, rather than just the inbox, and enable/disable notifications on a per-folder basis. I have a LOT of Sieve filtering rules, so per-folder configuration is important.
Takes a bit of tinkering to configure it exactly how you'd like, but it's worth it. The out-of-the-box settings are reasonable for average users.
I was going to, but I decided not to. If there was an outage on one of my nodes which happened to contain the mail server, I wouldn't be able to send emails to affected users which would probably cause some clients to be worried or angry.
Usually, a lot of my infrastructure is ran on a separate provider or on separate hardware, so in the event of an outage affecting my nodes or a massive network outage, I would still be able to communicate with my clients
Emails are particularly important to keep separated, as I usually keep everyone up to date on what's happening via email.
Netcup has proved to be decent, and offers a decent amount of resources for very cheap (2C/2GB/40GB 2.99 euro). Also, I believe port 25 is unlocked by default so I can fallback to sending mail without the relay just in case I ever need it (or if I don't need something with high email reputation).
Regarding 2xDKIM's.
Am I correct that I can name DKIM selector as I like?
For example:
1 selector will be:
mailcow._domainkey
2 selector will be:
mxroute._domainkey
and that will work ok?
Yeah, you can have as many domain keys as you like, only the one you specify in the signing header will be looked up. A lot of people just use the date they set it up or changed it.
Obviously you could do a record per host that will sign outgoing mail, but if you reuse the same name when you change the key, you run the risk that mails already sent but not yet delivered might fail the check.
Thanks for the post @Daniel15 routing through my MXRoute BF specials is next on my mailcow setup. I've been very happy with the performance of mailcow, currently run in a VM on a 16TB SYS (RAID10). Haven't had delivery issues either if everything is setup correctly and clean OVH subnet. I was able to sync 12yrs worth of Gmail (~80gig) among other accounts and completely selfhost.
In terms of backup, I have a another proxmox server at home which I use the inbuilt mailcow imap sync tool to keep a duplicate of the mail in case of catastrophic server failure - have tried a failover and works well.
this should be OK, however IIRC DA doesn't have an option to change the DKIM selector, so you'll be stuck with
x._domainkeyfor MXrouteIn my usekey:
1. DNS on cloudflare.
2. Shared hosting with cPanel with mailchannels for sending some site stuff
3. MXroute as primary for mailboxes
My plan is:
1. Get DKIM #1 from cpanel on shared, put it on cloudflare TXT via shared._domainkey;
2. Get DKIM #2 from cpanel on MXRoute, do the same with mxroute._domainkey.
3. Profit.
But Seems that cPanel by default wish dkim with "default._domainkey" name (both on shared hosting and on mxroute).
So, they waiting for default selector with unique keys. How to avoid this?
If the shared hosting is already using MailChannels, why not use it for mailbox as well?
Or, you could use DA for MXroute (might need a new package) to use
xas the selectorBoth of this solutions is workaround.
I am just interested from technical point is it possible to avoid such a requirements.
As far as I'm aware, there's no way to change the DKIM selector (as long as you don't have access to DKIM's config itself) other than the default one provided by each panel.
Mailcow does however allow you to choose the DKIM selector, so you should be OK when using mailcow.
Nice, thanks for sharing. Do you guys know if there is an easy way to setup postfix to automatically fall back on an external smtp server when delivery fails? I ended up sending to several domains (like hotmail.com) with the external server, and using mine for all other domains, but the possibility to automatically try to send from another server would be better.
I'm looking to do this as well! Going to try using MailChannels as the primary relay and if that were to ever fail, which it shouldn't, but if it does, failover to MXRoute.
Bulk Email service providers generally use these strategies for delivery of email.
I agree. I've been using it since the first beta came out, which is nearly 20 years now. It's the best client for IMAP servers.
My only real complaint, which you may know about, is the "filter these messages" feature. This feature acts as a folder-specific search, and it's glacially slow. It apparently doesn't use the same search index that the global Thunderbird search uses. Instead, it appears to grep through the message data without any optimization.
The global search is fast, but I rarely want to search ALL of my accounts. I know an email is in a certain inbox or sent folder that I'm currently looking at, so I'd like to filter those messages by typing in a term right above the message list. And there's no fast way to do this.
I don't have quite as many messages as you do, at least not in a single folder. But the message filter really chokes when you get into the multiple tens of thousands of messages.
Edit:
Heh, and here's the bug report -- 15 years old:
https://bugzilla.mozilla.org/show_bug.cgi?id=383895
As far as I know, there's no way to do this on a per-domain basis with Postfix. MXRoute uses ZoneMTA to handle retrying via a different server, but I don't know anything about it so can't help there. @jar would know more.
Yeah I have the same complaint. I'm not sure how much dev work is happening with Thunderbird these days given that it's now community-maintained.
I started archiving them into separate folders - Emails older than 5 years are in archive folders by year (archiving by year is another useful Thunderbird feature I haven't seen in other clients).
Thanks for the tutorial @Daniel15 - very helpful!
What does your inbound spam filter look like?
I've found that the hardest to manage.