Skip to content
Klutch.sh Docs

Deploying Simple NixOS Mailserver

Introduction

Simple NixOS Mailserver is a complete, batteries-included mail server solution designed for NixOS. It integrates Postfix, Dovecot, rspamd, and other essential mail components into a cohesive, declaratively-configured system that makes running your own mail server significantly more manageable.

Unlike traditional mail server setups that require piecing together multiple components and managing complex configurations, Simple NixOS Mailserver provides a unified configuration interface through NixOS modules. This approach leverages NixOS’s declarative nature to ensure reproducible, version-controlled mail server deployments.

Key features of Simple NixOS Mailserver include:

  • Complete Solution: Includes SMTP, IMAP, spam filtering, DKIM signing, and webmail
  • Declarative Configuration: Define your entire mail server in a single Nix expression
  • Postfix and Dovecot: Battle-tested mail transfer and delivery agents
  • Rspamd Integration: Modern spam filtering with machine learning capabilities
  • DKIM Signing: Automatic email authentication for improved deliverability
  • Let’s Encrypt: Automatic SSL certificate provisioning and renewal
  • Sieve Filtering: Server-side email filtering with ManageSieve support
  • Virtual Domains: Support for multiple domains from a single server
  • Full-Text Search: Fast email search capabilities
  • Quotas: Storage quota management per user
  • Autodiscover: Automatic client configuration for popular email apps
  • Backup-Friendly: Simple backup strategies with Nix’s reproducibility

Important Deployment Considerations

Simple NixOS Mailserver is specifically designed for NixOS and requires a NixOS host system. This differs from typical Docker-based deployments. Running a mail server also has unique requirements:

DNS Configuration: Mail servers require specific DNS records including MX, SPF, DKIM, and DMARC records for proper email delivery.

IP Reputation: Sending email from cloud providers can be challenging as many IP ranges are flagged for spam. Consider your provider’s email policies.

Port Requirements: Mail servers need access to ports 25 (SMTP), 465 (SMTPS), 587 (Submission), and 993 (IMAPS).

Reverse DNS: Proper PTR records are essential for mail server reputation.

Architecture Overview

Simple NixOS Mailserver integrates several components:

  • Postfix: Handles SMTP for sending and receiving mail
  • Dovecot: Provides IMAP access and local mail delivery
  • Rspamd: Spam filtering and DKIM signing
  • Redis: Rspamd data storage
  • Roundcube (optional): Webmail interface

Configuration Example

Here’s an example NixOS configuration:

{ config, pkgs, ... }:


{
  imports = [
    (builtins.fetchTarball {
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz";
    })
  ];


  mailserver = {
    enable = true;
    fqdn = "mail.example.com";
    domains = [ "example.com" ];


    loginAccounts = {
      "user@example.com" = {
        hashedPassword = "$6$rounds=100000$..."; # Use mkpasswd
        aliases = [ "postmaster@example.com" ];
      };
    };


    certificateScheme = "acme-nginx";
  };


  security.acme = {
    acceptTerms = true;
    defaults.email = "admin@example.com";
  };
}

Deploying on Klutch.sh

While Simple NixOS Mailserver is designed for NixOS hosts, you can explore alternative mail server solutions that work well with Docker-based deployments on Klutch.sh:

  • Mailu: Full-featured mail server suite with Docker support
  • Mailcow: Comprehensive mail server with modern web interface
  • Docker-mailserver: Minimal production-ready mail server

For these alternatives, see our other deployment guides.

Setting Up DNS Records

Regardless of the mail server solution you choose, you’ll need these DNS records:

Record TypeNameValue
MX@mail.example.com (priority 10)
AmailYour server IP
TXT@v=spf1 mx -all
TXT_dmarcv=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
TXTmail._domainkeyYour DKIM public key

Additional Resources

Conclusion

Simple NixOS Mailserver represents an elegant approach to self-hosted email through declarative configuration. While it requires a NixOS environment, its approach to mail server management demonstrates how infrastructure-as-code principles can simplify complex systems.

For Klutch.sh deployments, consider Docker-based mail server solutions that offer similar functionality with container-native architectures. Whichever solution you choose, self-hosting email puts you in control of your communication infrastructure.