Introduction

This is a small guide on how to set up a secure email server.

Problem Statement

In today’s world, having an email address is almost essential for a convenient life—unless you’re living under a rock.

What Are the Options?

Free email providers - Gmail, Outlook, Yahoo, Mail.com, etc.
Secure email providers - ProtonMail, Tuta, etc.
Paid email providers - Similar to the above but with more storage and features.
Hosting your own email server - Full control but requires effort.

Downsides of Using Third-Party Providers

Lack of control & trust issues – You depend on the provider’s policies and infrastructure.
No transparency – You cannot audit what happens on the server.
Protocol restrictions – OAuth enforcement and other imposed limitations.
Privacy concerns – Emails are likely monitored for ad targeting.

Upsides of Using Third-Party Providers

No need to worry about backups, setup, DNS management, or maintenance.

A widely used concept in business and strategic planning is “Owning the Ground” or “Positional Advantage.” I believe individuals should apply this principle as well. Setting up and maintaining your own email server offers significant control and security benefits in exchange for some effort.

Requirements

Our setup must meet the following criteria:

Open-source server implementation
TLS-encrypted IMAP/SMTP
Server-side encrypted emails
Anti-spam measures (DMARC, SPF, etc.)

Overall Strategy

I previously experimented with Exim and Dovecot, and while they worked well, they are complex, legacy systems that require deep technical knowledge.

Recently, I discovered Stalwart, a modern and secure email server that meets all our requirements. It even supports server-side encryption using your public PGP key. This means your emails remain encrypted on the server, even if the sender doesn’t use PGP. While emails can still be intercepted on the sender’s server or during server-to-server communication, this setup provides a much higher level of security than relying on a third party.

TBD WIP