Introduction
Want your own ultra-private email like name@yourdomain.com with a beautiful webmail interface?
This guide walks you through setting up a full mail server in under an hour using Luke Smith’s legendary EmailWiz script + Roundcube webmail — all on a $2–3/month VPS.
Everything is free, open-source, and 100% under your control.
Step 0: Grab a Cheap VPS
Good providers with frequent sales:
- Contabo
- LowEndTalk “Offers” section
- Hostinger (my affiliate if you want to support me -> https://hostinger.com.br?REFERRALCODE=waterdownfall)
Requirements:
- Any location (USA works fine)
- Debian 10 or 11 (we’ll use Debian 10 in this guide)
- At least 1 GB RAM (2 GB+ recommended)
- Set hostname during signup to your domain (e.g., sobremail.com)
Wait for deployment → grab root password from email → SSH in.
Step 1: Basic VPS Hardening
ssh root@your-vps-ip
apt update && apt upgrade -yChange root password:
passwdCreate and upload an SSH key (do this from your local machine):
ssh-copy-id root@your-vps-ipNow disable password login:
nano /etc/ssh/sshd_configChange:
PasswordAuthentication no
UsePAM noThen:
systemctl restart sshdOnly your SSH key works now — much safer.
Step 2: Install EmailWiz (the magic script)
apt install curl nginx python3-certbot-nginx -yPoint these DNS records to your VPS IP:
- yourdomain.com → VPS IP (A record)
- mail.yourdomain.com → VPS IP (A record)
Run Luke’s script:
curl -LO lukesmith.xyz/emailwiz.sh
sh emailwiz.shFollow the prompts:
- Say Yes/Y to everything
- When asked for “System mail name” → enter ONLY yourdomain.com (NOT mail.yourdomain.com!)
Wait ~5–10 minutes. When it finishes, it gives you three DNS records to add:
- DKIM TXT record (mail._domainkey.yourdomain.com)
- DMARC TXT record (_dmarc.yourdomain.com)
- SPF TXT record (root domain)
Add them at your DNS provider (Cloudflare, Namecheap, etc.).
Step 3: Set Up Reverse DNS (Critical for Deliverability!)
In Cloudcone panel → Networking → rDNS → set to yourdomain.com
Do NOT enable IPv6 (Cloudcone doesn’t support IPv6 rDNS yet — it will hurt deliverability).
Step 4: Create Your First Mailbox
useradd -G mail -m yourusername
passwd yourusernameYour email is now: yourusername@yourdomain.com
Test in Thunderbird/IMAP client:
- IMAP: mail.yourdomain.com (port 993, SSL/TLS)
- SMTP: mail.yourdomain.com (port 465, SSL/TLS)
Step 5: Install Roundcube Webmail
Add backports + PHP 8.x repo:
apt install -y lsb-release ca-certificates apt-transport-https software-properties-common gnupg2
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/sury-php.list
wget -qO - https://packages.sury.org/php/apt.gpg | apt-key add -
apt update
apt install -y php8.0-fpm php8.0-common php8.0-gd php8.0-imap php8.0-mysql php8.0-curl php8.0-zip php8.0-xml php8.0-mbstring php8.0-intl mariadb-serverSecure MySQL:
mysql_secure_installationCreate Roundcube database:
mysql -u root -p
CREATE DATABASE roundcube;
CREATE USER 'roundcubeuser'@'localhost' IDENTIFIED BY 'strongpassword';
GRANT ALL ON roundcube.* TO 'roundcubeuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;Download & extract Roundcube (latest complete version):
cd /var/www
wget https://github.com/roundcube/roundcubemail/releases/download/1.6.9/roundcubemail-1.6.9-complete.tar.gz
tar xvf roundcubemail-1.6.9-complete.tar.gz
mv roundcubemail-1.6.9 roundcube
rm roundcubemail-1.6.9-complete.tar.gz
chown -R www-data:www-data /var/www/roundcube/temp /var/www/roundcube/logs
mysql roundcube < /var/www/roundcube/SQL/mysql.initial.sqlNginx config for Roundcube (/etc/nginx/sites-enabled/roundcube):
server {
listen 80;
listen [::]:80;
server_name yourdomain.com;
root /var/www/roundcube;
index index.php;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
expires 360d;
access_log off;
}
}Test & reload Nginx, then get SSL:
nginx -t && systemctl reload nginx
certbot --nginx -d yourdomain.comVisit https://yourdomain.com/installer → follow the wizard:
- Database: roundcube, user roundcubeuser, password you set
- IMAP host: localhost
- SMTP host: localhost
- Default host: mail.yourdomain.com
Enable all plugins except Enigma (it breaks identities in older versions).
After finishing, delete the installer:
rm -rf /var/www/roundcube/installerStep 6: Quality-of-Life Tweaks
Edit /var/www/roundcube/config/config.inc.php:
// Login with just username (no need to type @domain.com)
$config['username_domain'] = 'yourdomain.com';
// Stay logged in for 6 months
$config['session_lifetime'] = 259200;
// Disable Enigma if you enabled it
// Remove 'enigma' from $config['plugins'] arrayIncrease attachment size:
nano /etc/php/8.0/fpm/php.iniupload_max_filesize = 50M
post_max_size = 50MThen:
systemctl restart php8.0-fpmStep 7: Brute-Force Protection with Fail2Ban
apt install fail2ban -y
cd /var/www/roundcube/plugins
wget https://github.com/texxasrulez/roundcube_fail2ban/archive/refs/tags/1.4.zip
unzip 1.4.zip
mv roundcube_fail2ban-1.4 fail2ban
rm 1.4.zipEnable in Roundcube config (config.inc.php):
$config['plugins'][] = 'fail2ban';Add jail (/etc/fail2ban/jail.local – create if missing):
[roundcube]
enabled = true
port = http,https
filter = roundcube
action = iptables-multiport[name=roundcube, port="http,https"]
logpath = /var/www/roundcube/logs/errors.log
maxretry = 5
bantime = 3600Create filter (/etc/fail2ban/filter.d/roundcube.conf):
[Definition]
failregex = IMAP Error: Login failed for .* from <HOST>
ignoreregex =Restart:
systemctl restart fail2ban php8.0-fpmDone! Your webmail is now protected.
Final Result
You now have:
- Full email server with DKIM, SPF, DMARC
- Beautiful, fast Roundcube webmail
- Zero Google/Microsoft involvement
- Login once every 6 months
- Brute-force protection
- All for ~$50/year
Welcome to real email freedom.
If this guide helped you, feel free to share it or subscribe to The Self Hosting Art. Thanks for reading! 😊