Mailu configuration

Version

Before starting, read the docs!

Mailu is not perfectly documented, but still has a lot of documentation available at mailu.io. Make sure you read the appropriate documentation for your setup and have all the requirements ready when using this wizard.

Step 1 - Initial configuration

Before starting, some variables must be set.

In the following sections we need to set the postmaster address. This is a combination of the postmaster local part and the main mail domain. The main mail domain is also used as "server display name". This is the way the SMTP server identifies itself when connecting to others. The Postmaster will get an e-mail address <postmaster>@<main_domain>. This address will receive the DMARC "rua" and "ruf" reports. Or in plain English: if receivers start to classify your mail as spam, this postmaster will be informed.


/ hour

/ day

/ day

The admin interface is the main Mailu-specific bit, it provides tools to manage your email domains, users, etc.

The API interface is a RESTful API for changing the Mailu configuration. Anything that can be configured via the Mailu web administration interface, can also be configured via the RESTful API. For enabling the API, an API token must be configured. It is not possible to use the API without an API token.


Step 2 - Pick some features

Mailu comes with multiple base features, including a specific admin interface, Web email clients, antispam, antivirus, etc. In this section you can enable the services to you liking.

A Webmail is a Web interface exposing an email client. Mailu webmails are bound to the internal IMAP and SMTP server for users to access their mailbox through the Web. By exposing a complex application such as a Webmail, you should be aware of the security implications caused by such an increase of attack surface.


An antivirus server helps fighting large scale virus spreading campaigns that leverage e-mail for initial infection. Make sure that you have at least 1GB of memory for ClamAV to load its signature database.
A Webdav server exposes a Dav interface over HTTP so that clients can store contacts or calendars using the mail account.
Fetchmail allows users to retrieve mail from an external mail-server via IMAP/POP3 and puts it in their inbox.
Oletools scans documents in email attachments for malicious macros. It has a much lower memory footprint than a full-fledged anti-virus.
Tika enables the functionality for searching through attachments. Tika scans documents in email attachments, process (OCR, keyword extraction) and then index them in a way they can be efficiently searched. This requires significant resources (RAM, CPU and storage).

Step 3 - expose Mailu to the world

A mail server must be exposed to the world to receive emails, send emails, and let users access their mailboxes. Mailu has some flexibility in the way you expose it to the world.

Among Mailu services, the front server is the one accepting connections, be it directly from the outside world, through a reverse proxy or in any complex configuration that you might want to set up. It needs to listen on some IP addresses in order to expose its public services. You must at least set up an IPv4 or an IPv6 address if you wish to access Mailu.

Warning You must use specific addresses, please avoid generic all-interfaces addresses like 0.0.0.0 or ::. How to find these addresses.

The unbound resolver enables Mailu to do DNSSEC verification, DNS root lookups and caching. This also helps the antispam service not to get blocked by the public or ISP DNS servers.

Your server will be available under a main hostname but may expose multiple public hostnames. Every e-mail domain that points to this server must have one of the hostnames in its MX record. Hostnames must be comma-separated. If you're having trouble accessing your admin interface, make sure it is the first entry here (and possibly the same as your DOMAIN entry from earlier). Also make sure that the first entry in this list resolves to the IP address of your server, and that the reverse DNS entry for the IP address of your server resolves to this first entry in this list.