Self-hosted email, honestly reviewed. No marketing fluff — just what running your own mail server actually involves.

TL;DR

What it is: A complete, self-hosted email server packaged as a Docker Compose stack — SMTP, IMAP, webmail, spam filtering, antivirus, and admin interface all in one [2][4].
Who it’s for: Technical founders, privacy-conscious organizations, and teams paying for Google Workspace or Zoho per-seat who want to cut recurring costs and move their email data off US-jurisdiction servers [3].
Cost savings: Google Workspace Business Starter runs $6/user/month ($360/year for 5 users). Mailu on a $10/month VPS handles unlimited users and domains for $120/year flat.
Key strength: One of the three leading full self-hosted mail stacks in the Docker space (alongside mailcow and docker-mailserver), praised for including everything out of the box without the complexity of mailcow [2][4].
Key weakness: Running your own mail server is genuinely hard — deliverability, IP reputation, and email blacklists are a category of problem Mailu doesn’t solve for you. The software is solid; the challenge is everything around it [1][4].

What is Mailu

Mailu is a set of Docker images that, together, form a complete mail server. You get standard protocols (IMAP, SMTP, Submission), a web-based admin interface, multiple webmail options, spam filtering, antivirus scanning, and all the security plumbing (DKIM, DMARC, SPF, DANE, MTA-STS, TLS) bundled into a single Docker Compose file. The project describes itself as “insular email distribution” — meaning it’s designed as a self-contained unit, not something you wire into an existing MTA.

The project sits at 7,116 GitHub stars and has been running since 2016 under the name Freeposte.io before rebranding. The core configuration files and code are MIT-licensed, which is what matters for self-hosting. The README is explicit: “all components are free software and compatible with the MIT license” [README].

What distinguishes Mailu from other self-hosted mail stacks is positioning. Portalzine’s 2026 Docker anti-spam guide [4] identifies exactly three leading full self-hosted mail stacks — mailcow, Mailu, and docker-mailserver — and the distinctions matter. Mailcow is the most feature-complete but also the heaviest. Docker-mailserver is the most minimal: no admin UI, configuration-file-only. Mailu sits in the middle: more polished than docker-mailserver (you get a real web admin interface), less heavy than mailcow. Geekflare’s comparison [2] describes it as “feature-rich yet simple-to-use” — specifically contrasting it with options that require more manual assembly.

Why people choose it

The three sources that cover Mailu alongside alternatives agree on what draws people to it.

The Google Workspace bill. For teams paying Google Workspace per-seat, the math gets uncomfortable at any meaningful size. 10 users on Business Starter is $720/year. 20 users is $1,440/year. Mailu on a modest VPS handles unlimited users across unlimited domains for the cost of the server. The geekflare comparison [2] frames this as the core pitch: you own the infrastructure and the data.

Data sovereignty and US jurisdiction avoidance. The European alternatives guide [3] covers this honestly: the CLOUD Act, FISA Section 702, and the Patriot Act give US authorities access to data held by US-based providers regardless of where it’s physically stored. For European organizations, activists, journalists, or anyone with clients in regulated industries, routing all business email through Google or Microsoft means accepting US legal jurisdiction over that data. The same guide cites the European Data Protection Supervisor explicitly warning that the CLOUD Act conflicts with GDPR [3]. Mailu, running on a European VPS you control, removes that exposure.

The “everything in one compose file” setup. The alternative to Mailu for privacy-focused teams is assembling Postfix + Dovecot + Rspamd + ClamAV + Roundcube + a management interface yourself. That’s weeks of configuration work. Mailu’s entire point is that it’s already assembled [4]. The inguide.in setup guide [1] walks through the full process and it’s genuinely manageable for someone with basic Linux experience — a few hours to a working server, not weeks.

The middle ground between barebones and heavy. Docker-mailserver gives you a functional mail server but you’re editing config files to manage users and domains. Mailcow is powerful but heavier to run and maintain. Mailu’s web admin interface [README] lets you add domains, manage users, set quotas, configure aliases, view antispam stats, and handle global announcements through a browser, not a terminal. That matters for anyone managing email for a team rather than just themselves.

Features

Based on the README and documentation:

Core mail protocols:

SMTP, Submission (port 587), IMAP and IMAP+ [README]
Auto-configuration profiles for email clients — setup should be automatic for modern clients [README]
Full-text search of email attachments [README]

User features:

Aliases and domain aliases [README]
Auto-reply (vacation messages) [README]
Auto-forward to external addresses [README]
Fetched accounts (pull email from external accounts into Mailu) [README]
Managesieve — user-defined email filtering rules [README]
Authentication tokens for app-specific passwords [documentation]

Admin features:

Global admin accounts [README]
Per-domain delegation (a domain can have its own admin without full server access) [README]
User quotas [README]
Announcements (server-wide messages to all users) [README]
Relay domain management [documentation]
Web-based admin interface with a full management UI [README][documentation]

Security stack:

Enforced TLS on all connections [README]
DANE (DNS-based authentication) [README]
MTA-STS (Mail Transfer Agent Strict Transport Security) [README]
Automatic Let’s Encrypt certificate management [README]
Outgoing DKIM signing [README]
ClamAV antivirus scanning with malicious attachment blocking [README]
Snuffleupagus PHP hardening for the webmail component [README]

Antispam:

Rspamd integration for spam filtering [4]
Auto-learn (Bayesian filter that trains on your mail) [README]
Greylisting [README]
DMARC and SPF enforcement [README]
Anti-spoofing rules [README]

Webmail:

Multiple webmail options available (Roundcube and others) [README][documentation]
Web-based access out of the box [README]

Deployment options:

Docker Compose (primary path) [README][1]
Kubernetes (Helm-based, documented) [documentation]
Configuration generator on the website for customizing the initial setup [documentation]

Pricing: SaaS vs self-hosted math

Mailu itself: Free. MIT-licensed components, no commercial tiers, no feature gating [README].

What you actually pay for:

A VPS to run it on. Mailu’s minimum requirements are 2GB RAM [1]. In practice, once you add ClamAV (antivirus) and Rspamd (spam filter) plus active mailboxes, 4GB is more comfortable for a team. On Hetzner or Contabo, a 4GB RAM VPS runs roughly $8–14/month. On DigitalOcean or AWS, expect $20–40/month.

One hard constraint: your VPS provider must have port 25 open. Many cheap providers block outbound port 25 by default to prevent spam. The inguide.in setup guide [1] specifically calls this out — they chose Turnkey Internet for their demonstration precisely because it provides VPS with open port 25. Hetzner opens port 25 on request. DigitalOcean requires a support ticket. Some providers never open it.

Comparison math for a 5-person team:

Option	Monthly	Annual	Notes
Google Workspace Business Starter	$30	$360	$6/user × 5
Zoho Mail Professional	$5–15	$60–180	$1–3/user × 5
ProtonMail Business	$30–75	$360–900	$6–15/user × 5
Mailu on $10/mo VPS	$10	$120	Unlimited users, unlimited domains

For a 20-person team, the Google Workspace bill becomes $1,440/year. Mailu stays at $120/year (plus slightly more VPS if you need more RAM). The savings grow with headcount.

What the math ignores: your time. Setting up and maintaining a mail server is not passive. Deliverability problems, blacklist investigations, DKIM rotation, TLS cert renewal (handled automatically by Mailu but still your problem if it fails), and storage management are all on you. If your time costs money, factor that in.

Deployment reality check

The inguide.in guide [1] gives the most honest picture of what setup actually involves:

Before you touch Mailu, you need:

A domain name [1]
A VPS with at least 2GB RAM and open port 25 — verify this before purchasing [1]
Correct PTR (reverse DNS) record — your IP must reverse-resolve to your mail hostname. Most VPS providers let you set this in the control panel, but it requires a manual step [1]
DNS records: A record for your mail hostname, MX record pointing to it, then DKIM/SPF/DMARC records after Mailu generates your DKIM key [1]

What Mailu handles:

Docker Compose orchestration of all components [README]
Automatic TLS via Let’s Encrypt [README]
Spam filtering and antivirus out of the box [README]
The web admin interface for ongoing management [README]

What Mailu doesn’t handle:

Your IP’s sending reputation. If you rent a fresh VPS IP, major providers (Gmail, Outlook) may defer your first emails for hours or reject them until your IP establishes reputation. Some IPs come pre-listed on spam databases from previous tenants. You need to check your IP against MXToolbox before sending production email.
Deliverability debugging. Getting email reliably delivered to Gmail and Outlook inboxes involves DMARC reporting, DKIM alignment, IP warmup, and sometimes direct outreach to postmaster tools. Mailu gives you the technical plumbing; deliverability is still your problem.
Backup. Mailu stores email on disk in Docker volumes. Your backup strategy is your own concern.

The portalzine guide [4] places Mailu alongside mailcow and docker-mailserver as a production-ready full stack, which is accurate — the software itself is mature. The hard part of self-hosted email isn’t the software.

Realistic time estimate: 2–4 hours for a technical user to go from a fresh VPS to a working, correctly configured mail server. Non-technical users will struggle with DNS configuration and the port 25 / IP reputation issues — these require command-line comfort and some email infrastructure knowledge.

Pros and cons

Pros

Everything bundled. SMTP, IMAP, webmail, spam filtering, antivirus, admin UI — one Docker Compose file [README][4]. No assembly required.
Free, MIT-licensed components. No commercial licensing, no feature gating, no vendor to negotiate with [README].
Web admin interface. Real browser-based management for domains, users, aliases, quotas — unlike docker-mailserver which is config-file-only [README][documentation].
Strong security defaults. DANE, MTA-STS, Snuffleupagus, ClamAV, Rspamd, enforced TLS — the security stack is comprehensive and configured by default, not opt-in [README][4].
Per-domain delegation. You can manage multiple domains with different admins per domain — useful for hosting email for multiple organizations or clients [README].
Kubernetes support. Helm charts available for teams that run K8s [documentation].
Active project. Running since 2016, regular releases (2024.06 is current), Matrix community channel [README][documentation].

Cons

Email deliverability is not a Mailu problem — but it’s your problem. This is the biggest honest caveat for self-hosted email generally. Mailu gives you correct DKIM/SPF/DMARC infrastructure, but IP reputation is yours to manage [1].
Port 25 gatekeeping. Many VPS providers block outbound port 25. This isn’t obvious until you’re mid-setup [1].
Heavier than docker-mailserver. If you need email for one person and want minimal resource usage, docker-mailserver is lighter. Mailu’s full stack with ClamAV needs 4GB RAM to breathe comfortably.
No LDAP/SSO in the community edition — user management is internal to Mailu. You can’t sync with an existing directory [documentation].
Complex DNS setup is on you. Reverse DNS, DKIM records, DMARC policy, DMARC reporting — Mailu generates the keys but you configure the DNS. A mistake in PTR records means your mail gets rejected silently.
Limited third-party reviews. Unlike Activepieces or n8n, Mailu doesn’t have a body of independent operational reviews documenting long-term maintenance experience. Most available guides [1][2] are setup tutorials, not “here’s what broke after 6 months of production use” retrospectives.

Who should use this / who shouldn’t

Use Mailu if:

You’re paying Google Workspace or Zoho per-seat for a team, you have a technical person who can manage a Linux server, and you want to cut that bill.
You’re in Europe or handling data for European clients and want email outside US legal jurisdiction [3].
You need to host multiple domains with separate admins under one installation — agencies, freelancers, small hosting operations.
You want a full mail stack without assembling Postfix + Dovecot + Rspamd + webmail yourself.
You’re comfortable with Docker Compose and DNS.

Think twice if:

You’ve never managed a Linux server and don’t have budget for someone who has. Email self-hosting has a different error profile than other self-hosted tools — a misconfigured Nextcloud serves broken pages; a misconfigured mail server silently drops your business email.
Your VPS provider blocks port 25 and won’t open it. Verify this first.
Your IP has a poor sending reputation (common with recycled datacenter IPs). You’ll fight deliverability problems before you fight anything else.

Skip it — use managed email instead — if:

Your team is non-technical and email just needs to work without maintenance.
Compliance requirements mandate a certified email provider (SOC 2, HIPAA, etc.).
You send high-volume transactional email — use a dedicated sending service (Postmark, Amazon SES) rather than self-hosted SMTP regardless.
You’re a single person — Fastmail at $3/month or Proton at $4/month is not worth replacing with a VPS you maintain.

Skip it — use mailcow instead — if:

You need LDAP/Active Directory integration and SSO for a larger organization.
You want the most actively developed and feature-rich Docker mail stack and are willing to accept the higher resource requirements.

Alternatives worth considering

mailcow — the other major Docker-based full mail stack [4]. More features, heavier resource requirements, more complex configuration. LDAP support, more active UI development. Pick mailcow if you need LDAP/SSO or want the most full-featured option.
docker-mailserver — configuration-file-only, minimal, no admin web UI [4]. Lowest resource usage. Pick this if you want maximum control and are comfortable managing everything via config files and CLI.
Modoboa — open-source mail server with a strong admin interface that handles ~90% of setup automatically [2]. Worth evaluating if Mailu’s Docker-first approach doesn’t fit your infrastructure.
Poste.io — Docker-based, gets to a working state fast, SQLite storage [2]. Less open than Mailu; the free tier has limitations. Worth considering for single-domain simple deployments.
Google Workspace — the incumbent. Best deliverability, zero maintenance, per-seat pricing that grows linearly. The right answer if you’re not ready to manage infrastructure.
Fastmail / Proton — managed email with better privacy posture than Google. Not self-hosted, but lower operational burden than running Mailu. Proton specifically is Swiss-based and outside CLOUD Act jurisdiction [3].
Rspamd (standalone) — if you already have a mail server and want better spam filtering, Rspamd as a standalone Docker container slots into any MTA via milter [4]. Not a replacement for Mailu — a different use case.

Bottom line

Mailu is a solid, mature Docker-based mail stack that bundles everything a self-hosted email server needs into a maintainable package. For teams paying Google Workspace or Zoho per-seat at meaningful scale, the financial math is clear — a $10/month VPS versus $360–1,400/year in per-seat SaaS. For European organizations concerned about US data jurisdiction, it’s a credible option with all the right technical building blocks.

The honest caveat is that self-hosted email is a different category of operational commitment than other self-hosted tools. Mailu handles the software stack well. What it can’t do is fix your IP’s reputation on Gmail’s servers, prevent your IP from landing on a spam blacklist, or absorb the debugging time when Outlook starts deferring your mail. Those are the real costs of email self-hosting, and they don’t show up in the installation guide. If you have a technical person who understands email infrastructure, Mailu is probably the cleanest path to self-hosted email. If you don’t, managed email is still the safer bet — and the savings aren’t worth the risk of your business email silently failing.

If the infrastructure piece is the blocker, that’s exactly what upready.dev handles for clients — one-time deployment, DNS configuration, deliverability verification, done.

Sources

inguide.in — “Mailu Docker Compose Setup - Build Self Hosted Mail Server”. https://inguide.in/mailu-docker-compose-setup-build-self-hosted-mail-server/
Geekflare — “11 Best Self-Hosted Email Server Platforms to Use [2026]”. https://geekflare.com/hosting/self-hosted-email-server/
woliveiras.com — “European Alternatives to US Tech: A Practical Guide”. https://woliveiras.com/posts/european-alternatives-to-us-tech-a-practical-guide/
portalZINE.DE — “Day 44: SPAM, SPAM or NO SPAM – 7 Days of Docker” (February 27, 2026). https://portalzine.de/day-44-spam-spam-or-no-spam-7-days-of-docker/

Primary sources:

GitHub repository and README: https://github.com/mailu/mailu (7,116 stars, MIT-licensed components)
Official website and documentation: https://mailu.io