Programs

MAIL-SRVR

Self-host your own email on a real domain — Postfix and Dovecot under the hood, with DKIM, SPF and DMARC signed for you at install time.

Overview

MAIL-SRVR packages a hardened Postfix + Dovecot + Rspamd pipeline with sensible defaults. When you enable mail for a domain, KillTheHost:

Generates a 2048-bit DKIM key pair.
Publishes the public DKIM key as a TXT record through Namecheap.
Publishes an SPF record scoped to your Cloudflare tunnel egress.
Publishes a DMARC record in quarantine mode.
Generates a TLS certificate via Cloudflare Origin CA.

Enable mail for a domain

Open the Mail tab in the control panel.
Click Enable mail and choose the domain.
Confirm the DNS records that will be created. You’ll need Domain Sync configured for this step.
Create your first mailbox — you’re done in under a minute.

DNS records

These are the records MAIL-SRVR will create on your behalf for a domain example.com:

zone file (abridged)

@            MX     10  mail.example.com.
mail         A          <your tunnel egress>
@            TXT        "v=spf1 include:example.com ~all"
kth._domainkey  TXT     "v=DKIM1; k=rsa; p=..."
_dmarc       TXT        "v=DMARC1; p=quarantine; rua=mailto:[email protected]"

Mailboxes & aliases

Create mailboxes (real inboxes with a password) and aliases (forward-only addresses) from the Mail tab. Aliases can point to a local mailbox, to another domain, or to an external address.

bash

$./launch.sh mail mailbox new [email protected]
$./launch.sh mail alias new [email protected] -> [email protected]

Email clients

Use the following settings in any IMAP/SMTP-compatible client:

Protocol	Host	Port	Security
IMAPS	`mail.example.com`	`993`	TLS
Submission	`mail.example.com`	`587`	STARTTLS

Deliverability

The Mail dashboard displays:

DKIM, SPF and DMARC pass rates for the last 7 days.
Bounces categorised by reason.
A live tail of the outbound queue.