Skip to content
Back to writing
Infrastructure6 min read

Running a Self-Hosted SMTP Server on a Raspberry Pi

A practical write-up on building a full mail stack with Docker and Mailcow, configuring SPF/DKIM/DMARC, and dealing with the realities of deliverability on residential infrastructure.

DockerLinuxNetworking

Overview

This project was implemented on a Raspberry Pi 3B+ using Docker and Mailcow, with Dovecot for IMAP/POP3 retrieval and Postfix for SMTP handling.

After evaluating a few options, Mailcow ended up being the most practical fit because it bundled the core mail-server pieces into one maintainable stack. The Docker-based install made it fast to get running and easier to reason about.

DNS configuration

SPF record

Configured to specify which IP addresses were allowed to send email for the domain:

v=spf1 ip4:103.73.84.10 -all

DKIM record

Implemented public/private key signing for authentication:

v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7uJT/kZ4duo5AMPMLHeM+7q+EtN31BTaFW6iPBo8ODS9IlkPhfKR6GX049eeN3etSp5qLNpgDoTBNUzjtBRL+GBqp5pGrse2M7epoBHcAqxnHe90tK0Hxi85sgPglKMTNCfumpdjnczeS245kL498FP3lemQy8NaT7kvi60NrJIG/BNku0mm3q7FfVLS5eenIT1otAnQjCAcYo6OlD5p58C+2ILArSOrsZnfR5FEzIDiR7PUhe/DEDx2lmkgClxODiGhIRhVPrE4R68hao4qxxEL/2F/AgYL2rXN3rGGLV8CVG45FbvJrhikhZPlAvvFpz+hlcJaY15e6JoMjul9wIDAQAB

DMARC record

Used a strict policy for SPF/DKIM failures:

v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:6073b76057d14a61a0ae6b1ab6e31efd@dmarc-reports.cloudflare.net;

What made it interesting

Residential IP blocklisting

The server's residential IP was initially blocklisted by Spamhaus, which is a pretty common outcome when you try to host mail from a home connection. That was resolved with an exclusion request, but it immediately highlighted how much of email deliverability is about reputation rather than just technical correctness.

Reverse DNS limitations

The bigger issue was reverse DNS. ISP restrictions meant reverse DNS couldn't be configured properly, which made delivery to providers like Gmail and Outlook much harder. Messages technically arrived, but often landed in spam.

SMTP behaviour notes

One of the more useful takeaways from testing was seeing how the SMTP envelope and the message body differ in practice:

HELO mail.gibibyte.com
MAIL FROM:<keane@gibibyte.com>
RCPT TO:<recipient@example.com>
DATA
From: Keane <keane@gibibyte.com>
To: recipient@example.com
Subject: Test

Hello world
.
QUIT

The main lesson: transport uses the envelope, while the visible message fields sit inside the DATA section and can be manipulated independently, subject to authentication checks and server policy.

Key findings

  • Only the envelope headers (MAIL FROM / RCPT TO) are used for actual message transport.
  • From and To headers inside the message body can diverge from the envelope.
  • Some mail servers enforce tighter alignment than others.
  • Deliverability is often constrained less by setup quality and more by network reputation and DNS control.

Building a mail server taught me that “works” and “delivers well” are two very different milestones.