Why Not Use a Free/Paid Email Provider?
Before we start, it’s important to understand what you are about to get yourself into. Running an email server is a full-time system administrator’s job. If you are not a system admin, or do not have one employed, you are probably barking up the wrong tree. If you are not an expert on DNS, following documentation, and CLI, you are way better off using a service already established, such as IONOS Mail Business (50 GB Mailbox for $5/mo).
Why Consider Using a Free/Premium Email Provider?
- Because if you do not follow rules and policies your emails will be delivered into Spam, or worse, your domain, and/or server’s IP address will be blacklisted.
- Because you may not have hours and days to learn system administration and email server configuration.
- Because you are only using it for one personal business email or domain, and need 100% email deliverability from the start without tinkering.
As a free alternative, I recommend Mail.com.
None the less, there are many benefits to running your own email server as well, such as ultimate privacy and control of your emails. After heading my warning, if you still wish to continue with setting up your own email server, follow along!
Choosing The Right Provider
IONOS is an inexpensive web hosting company with quality services, including dedicated servers, cloud servers, and VPS. They offer services throughout the world and have some of the best prices on the internet. Exclusively, they have the best price on the internet for Plesk Web Host Edition for their servers. For $5/month you get the unlimited reseller edition of Plesk (priced $35.50/month from Plesk.com).
Plesk is a web hosting control panel that gives a web browser interface to interact with the server. For example: adding domains, creating databases, and installing WordPress. Behind the scenes, Plesk is owned by the same company as cPanel, and does a lot of the same things that cPanel does, often better.
Plesk can be chosen during the installation of any IONOS server, for many operating systems: Windows Server 2019, Ubuntu 22.04, CentOS 7, Debian 11, and some others. Only if you choose Plesk during the deployment or reimaging of a server do you get the $5/month unlimited license through IONOS. Scrolling beyond the System and version management system you will also see options for different data center locations (US, UK, Germany, or Spain). Lastly, you will spot Backup & recovery powered by Acronis. Choosing a backup package during this step is extremely recommended for several reasons:
- Having a daily backup is the #1 line of defense for servers against malware, viruses, and intrusions, and always will be.
- Having a backup is the quickest way to move your data to a new server in the case of a hardware failure (ie. dead hard drive).
- The IONOS Cloud Backup is powered by Acronis, one of the largest backup and security software companies in the world.
- If you choose the backup package during the deployment/order of a server, it will automatically install the backup agent on the server for you. If you decide to add this backup later, you will need to manually install it (via SSH if it’s Linux).
- The Cloud Backup utility is constantly being updated, and also offers vulnerability protection.
Choosing The Right Server
A root dedicated server is required in order to install an email server application, and they come in two different flavors:
- Dedicated Server (AMD, Intel, or ‘Server Deals‘). A full dedicated server sits on a rack within a datacenter and has the same possibility of hardware issues that you may incur on your home PC. A dead motherboard, a loose ethernet cord, a fried NIC. Although these are rarer, they can happen. What is not rare however is a dead hard drive. HDDs are the oldest in server hard drive technology, and they will fail somewhere between 6 month-4 years old. SSDs are newer, faster, and last longer. NVMes are even newer, faster, and last even longer. With advantages come price increases.
If you are not familiar with running hard drive health tests on some interval (monthly), then it’s only a matter of time until your server stops working. If you do catch a hard drive prior to failure, you can plan the replacement with your provider (free of charge), but it still is a pain in the butt with rebuilding RAID, and reinstalling the bootloader. In the case that you don’t have your disks in RAID, or both disks died, then you also have to restore from a backup.
Most dedicated servers with IONOS come with unlimited 1Gbps bandwidth.
- Virtualized Server (Cloud Server or VPS). A virtualized server will take out the equation of hardware failures, as the provider also employs the admins to check hard disk health and perform migrations. This has the added benefit of only focusing on software config & maintenance.
A setback to virtualized servers is that they will be more expensive than dedicated servers for the same resources. Another setback is that the provider may decide to upgrade, migrate, or change IPs on their own schedule, causing short outages (1-2 hours every so many years), perhaps at times undesirable for your business.
An IONOS VPS and Cloud Server operate fundamentally the same, however, the Cloud Server has additional benefits such as adding more than one server per contract for load balancing, as well as customizing the specific CPU, RAM, and SSD.
VPS and Cloud Servers with IONOS come with unlimited 400Mbps bandwidth.
Ordering with IONOS
IONOS is one of the most secure web services and was the first to incorporate the Phone PIN for its customers as an additional step of security. If you are a first-time customer, you will need to provide a valid name, email address, physical address, and billing (with enough money to clear a reservation fee). Ordering with a VPN will result in a denial. Ordering with an incomplete address will result in a denial. A first-time order approval typically takes 24-48 hours. Check your Inbox as well as Spam from emails from IONOS and possibly their Security Team if additional documentation is required for approval.
Once approved, a dedicated server (AMD or Intel) may take up to 3 days to deploy, and a Cloud Server or VPS will take ~1 hour. Once deployed, you will receive login details in your IONOS Cloud Panel.
A Note on Custom Name Servers
In order to register your own name servers (Glue records) with IONOS, you are required to have two different IP addresses. The purpose of this is for server redundancy, which is always ideal. In an ideal setup, you have two servers, in two different data centers, on two different accounts/providers. Even better, your Master DNS runs on a third server pushing to your Slave DNS servers. In the world of servers, you can always do more to better prepare against disaster, but for the sake of simplicity, we are keeping this basic: one IP, one server.
It’s recommended to use the IONOS name servers, since it is free to use, it doesn’t require an extra IP, and they have four-times redundancy. However, if you really want to use your own custom name servers you can get away with registering a second IP address ($5/month) and configuring it to the same server.
The added benefits in using your own name server are aesthetics (white labeling your hosting) and not having to manually copy over DNS records to an external as domains are added to your server. This can save a lot of time if your hosting multiple domains.
Time To Get Started
Access your IONOS Cloud Panel, click on your server to display the Plesk Admin area login.
Login to Plesk for the first time and add your domain. It’s normal for your web browser to warn of the SSL for Plesk if accessing via the IP address link provided, just advance/continue.
Accept the End User Agreement License, from the list on the left click Domain > Add Domain. You can start with a ‘Blank website’, input your registered domain name, and leave the default to ‘Create a new subscription’.
Click on the Hosting & DNS tab, and then DNS Settings.
Here, you will see the DNS template for the domain, which are all the DNS records that need to be published at your name server. The ‘Host’ column will be the domain or subdomain subject to the record. If you have a newly registered domain, it will use the registrar’s own name servers by default. Most registrars allow you to use their name servers without issues, which is fine.
If IONOS is your registrar, you can add DNS in your IONOS control panel. If it is not, you can still add an external domain to use the IONOS name servers for free.
Configuring Your Own Name Server (optional)
If you opted in for using your own domain’s custom name servers, first you will need to add a New IPv4:
- Login to the IONOS Cloud Panel
- On the left, click Network > Public IP > Create.
- Wait 1-5 minutes for IP to configure and be added to the same firewall policy.
- Login to Plesk.
- Go to Tools & Settings > IP Addresses > Reread IP.
If Plesk fails to read the new IP, you can try restarting the server from the Cloud Panel.
Alternatively, you can click Add IP Address to manually add:
Change IP address from ‘Dedicated’ to ‘Shared’ so that all domains can use it.
- You can do an external nmap scan to confirm the new IP is being read:
- Specific to Plesk, only one IPv4 can be used per domain/subscription. This means that the secondary IP you’ve added to your singular server is indeed useless.
Your DNS at your name server should match the domain’s DNS inside of Plesk. Each record plays an important role.
- A – This is the IPv4 of the server that hosts your website. It’s important for both hosting a website, as well as pointing to the subdomain used for the MX record (mail.yourdomain).
- AAAA – This is the IPv6 of the server that hosts your website. This doesn’t always exist, and doesn’t have to. However, IPv6 traffic can often move faster, and mobile networks (like 4G/5G) tend to prefer IPv6 for loading websites.
- MX – These records point to the mail servers to use to receive incoming email. By default, Plesk will set your MX for your domain as mail.yourdomain
- NS – By default, Plesk prepared to operate as it’s own name server by creating two NS records with matching A records for ns1.yourdomain & ns2.yourdomain.
If you are not using your own your custom name server, you do not need to copy this record over to your DNS. If you did already configure your own name server following the optional steps above, you don’t need to do anything with your DNS.
- TXT – These include your DMARC and SPF records, which are additional layers of security for your email server to prevent spoofing.
Updating Hostname and SPF
Currently, your SPF record will contain a silly weird-name.serverip.plesk.page, because this matches the server’s hostname. Let’s update this in Plesk under Tools & Settings > Server Settings. Update the ‘Full hostname’ to match the MX record (mail.yourdomain) and click OK.
Then, we can update the DNS records for all domains to reflect this change. Tools & Settings > DNS Settings > Apply DNS Template Changes > Apply the changes to all zones > OK.
Now look back at Domains > yourdomain > Hosting & DNS > DNS Settings. You will find the SPF record updated.
An SPF will always start with v=spf1. The +a tells receiving mail servers that the A record (IP address) of this server is authorized to sent our email from our domain. Since the hostname now also happens to be the MX record, we also authorize sending mail from our own mail server’s IP. In many cases you may have the A record pointing to a different web server that is hosting the website than the email server. That’s why it makes sense to have both. Plesk starts us out with an SPF setting of hardfail
-all, which means spoofed emails should not be delivered to recipients. This is the more secure and recommended setting.
Adding The IPv6
Back in the IONOS Cloud Panel, click on Network > Public IP > Create. Under ‘IP Version’ be sure to select IPv6 and choose your server to be assigned to.
Allow 1-5 minutes for IPv6 to be configured.
In Plesk go to Tools & Settings > IP Addresses > Reread. If the IPv6 does not successfully get seen, manually add instead by clicking Add IP Address.
Plesk has difficulty adjusting the DNS template automatically for IPv6, so instead we have to manually enter it. Go to Tools & Settings > DNS Settings. Click on the <domain>. next to the AAAA record:
Manually enter your IPv6 address and click OK. Now do the same for the rest of the AAAA records in DNS Settings.
At the top of the page, click the button ‘Apply DNS Template Changes’ > ‘Apply the changes to all zones.’ > OK. Now you can check out your domain’s DNS (Domains > yourdomain > Hosting & DNS > DNS Settings) to confirm the IPv6s are listed.
Use an external DNS checker such as WhatsMyDNS to confirm the IPv4 as well as IPv6 are being seen around the world.
Set the Reverse DNS (PTR)
In the IONOS Cloud Panel, click Network > Public IP. Click on your IP address, scroll down, and click on your IP address under Reverse DNS. Enter your domain name as the record and click Assign DNS.
Editing the Firewall Policy
In the IONOS Cloud Panel, go to Network > Firewall Policies. Click on your firewall policy (should only be one at this point). Scroll down to see the ports that are allowed to access your server. By default, only some bare minimum ports are allowed. The ICMP protocol is not added by default, which means that your server cannot be pinged–which in turn can prevent some malicious bots from discovering your server.
Now, to add the required email ports, click on the button underneath ‘Add Predefined Values’. From this list, choose E-Mail Server. This will autofill your SMTP/IMAP/POP3 ports: 25, 110, 143, 465, 587, 993, 995. Click the green checkmark on the right to add them.
For security purposes, port 25 is blocked on all new server contracts. In order to get it unblocked, you will need to contact IONOS by phone or chat.
Enabling the SMTP Server
Back in Plesk, go to Tools & Settings > Mail Server Settings. You may notice a banner like this:
Luckily, we’ve solved this issue in the last step, so ‘Start the recheck’. Then, scroll down to and click ‘Enable SMTP service’:
Also check ‘Fix incorrectly set sender for outgoing mail’. Scroll down to the bottom and click OK.
Enable Spam Filters
In Plesk go to Extensions. On that page, search for and click Plesk Email Security, then ‘Get It Free’. Next, go to Tools & Settings > Plesk Email Security. Click ‘Install Now’. Go to the Server Settings tab and change Spam score to ‘Medium threshold’. Change Spam action to ‘Block’. Click Save.
This will filter incoming and outgoing email for spam.
The Final Tests
Head over to MXToolbox’s SMTP Diagnostics test. Input your domain name and click Test Email Server.
As long as everything went well, you will pass with all green checkmarks.
Now it’s time to send your first successful email!