Email deliverability is a reputation problem as much as a technical one. When your server sends mail from a shared IP address, your deliverability rides on every other tenant’s sending behavior. One spammer on the same IP pool can push your legitimate email into spam folders for weeks. A dedicated IP on a dedicated server…
The Dedicated IP Advantage for Email
IP Reputation and Shared Hosting Risk
Major inbox providers (Google, Microsoft, Yahoo) evaluate inbound email based on the sending IP’s reputation history. Spam complaints, high bounce rates, and known spam sources all degrade an IP’s reputation score. On shared hosting, you have no control over what your IP neighbors send.
On a dedicated server with a dedicated IP, your sending reputation is exclusively yours to build and maintain. A clean IP with consistent sending volume and low complaint rates achieves good deliverability within 4-6 weeks of warmed-up sending. That reputation persists as long as you maintain clean list hygiene.
IP Warming for New Dedicated Servers
Starting transactional or bulk email from a brand-new IP requires a warmup period. Inbox providers are suspicious of a new IP suddenly sending high volume. The standard approach: start with 500-1,000 emails per day in week one, double weekly for 4-6 weeks, and monitor bounce rates and spam complaints throughout.
For organizations sending critical transactional email (password resets, order confirmations) from day one, maintain the new IP exclusively for transactional messages during warmup. Keep bulk or marketing email on a separate IP or service until the primary IP is fully warmed.
Postfix and Dovecot: The Linux Mail Stack
Architecture Overview
Postfix handles SMTP (sending and receiving mail). Dovecot handles IMAP and POP3 (client access to stored mail). Together they form the most common self-hosted Linux mail stack. Both are mature, well-documented, and run efficiently on dedicated hardware.
For an organization with 200 mailboxes and moderate email volume, the resource requirements are modest: Postfix and Dovecot together consume under 2GB of RAM during normal operation, leaving most of the server’s memory available for other services or for a large Dovecot mailbox index cache that speeds IMAP folder operations.
Authentication Configuration: SPF, DKIM, DMARC
These three DNS-based authentication mechanisms are not optional if you want reliable inbox placement. All three should be configured before sending any production email from a new server:
SPF (Sender Policy Framework): A TXT record in your DNS zone listing which IP addresses are authorized to send mail for your domain. A strict SPF record with -all (hard fail) for unauthorized senders reduces phishing using your domain.
DKIM (DomainKeys Identified Mail): Postfix signs outbound messages with a private key. Recipients verify the signature against the public key in your DNS. Opendkim integrates with Postfix and handles key rotation. Use 2048-bit RSA keys; 1024-bit is no longer sufficient.
DMARC (Domain-based Message Authentication): A policy record specifying what receiving servers should do when SPF or DKIM checks fail. Start with p=none to monitor failures, then tighten to p=quarantine and eventually p=reject once you confirm all legitimate sending sources are authenticated.
DMARC reporting (rua= tag) sends XML reports from major inbox providers showing authentication failures. Set up a DMARC report parser (dmarcian or a self-hosted parser) to review these reports during the first 30 days after launch.
Anti-Spam Configuration
SpamAssassin and Rspamd
SpamAssassin is the traditional Linux spam filter, rule-based and widely deployed. Rspamd is a modern alternative with substantially better performance (handles thousands of messages per second vs. SpamAssassin’s tens or hundreds), Bayesian filtering, and a cleaner configuration model. For new deployments in 2026, Rspamd is the better choice.
Rspamd integrates with Postfix via the milter interface. Configure it to reject messages scoring above 15 (clear spam), quarantine messages scoring 6-15 (probable spam), and pass messages below 6. Tune these thresholds based on your first month’s false positive rate.
DNS Blocklists and Real-Time Checks
DNSBL checks: Configure Postfix to reject mail from IPs listed on Spamhaus, Barracuda, and similar blocklists at the SMTP connection level. This stops spam before Rspamd has to evaluate it.
Greylisting: Temporarily reject mail from unknown senders; legitimate mail servers retry, spam bots typically do not. Postgrey or Rspamd’s greylisting module handles this.
Rate limiting: Postfix’s anvil daemon tracks connection rates per sending IP. Limiting connections per minute per IP stops burst-sending from compromised accounts.
Storage Planning for Mailboxes
Capacity Calculation
Mailbox storage requirements depend heavily on retention policies and user behavior. A realistic planning formula: average mailbox size x number of mailboxes x retention factor.
Dovecot’s maildir format stores each message as a separate file. On NVMe storage, IMAP folder listing and search operations that would be slow on spinning disk complete quickly even for large mailboxes with tens of thousands of messages. Users on Dovecot-backed IMAP with NVMe storage notice faster folder switching and search vs. hosted email services that provision shared storage.
Dovecot Full-Text Search
Dovecot’s FTS (Full Text Search) plugin indexes mailbox contents for fast server-side IMAP SEARCH operations. Without it, IMAP search scans every message file sequentially. With it, search queries against a 50GB mailbox complete in milliseconds. Solr or Flatcurve (Dovecot’s newer built-in FTS backend) provide this capability. FTS indexes require roughly 15-20% additional storage overhead relative to mailbox size.
Microsoft Exchange on Dedicated Windows Servers
Exchange Server requires Windows Server licensing and significantly higher hardware requirements than a Linux mail stack. Exchange 2019 minimum specifications are 128GB RAM for the Mailbox role, though production deployments should plan for more. This aligns well with InMotion’s Extreme Dedicated Server at 192GB DDR5 ECC RAM.
Exchange licensing (or Microsoft 365 E3/E5 for hosted Exchange) adds substantial cost on top of server infrastructure. For organizations standardized on the Microsoft ecosystem with Outlook clients, Teams integration requirements, or Unified Messaging needs, Exchange on dedicated hardware remains the right choice. For organizations evaluating fresh, a Linux mail stack with Roundcube or SOGo webmail is substantially lower cost.
Compliance Logging Requirements
HIPAA Email Compliance
HIPAA requires that email containing Protected Health Information (PHI) be encrypted in transit (TLS) and at rest, with access logs demonstrating who accessed which messages. Postfix enforces opportunistic TLS on outbound mail; configure mandatory TLS with certificate verification for known healthcare partner domains. Dovecot logs all IMAP connections and folder access events.
SEC 17a-4 and Legal Hold
Financial services firms subject to SEC Rule 17a-4 must retain business communications for 3-7 years in a non-rewritable, non-erasable format. Self-hosted email with write-once storage (or a compliance journal configured to copy all mail to an immutable archive) satisfies this requirement. Third-party archiving tools like MailStore Server integrate with Postfix/Dovecot to provide compliant archiving.
Legal Hold for Litigation
When litigation places email on legal hold, the ability to preserve and produce specific mailboxes or date ranges is critical. Self-hosted email with direct filesystem access makes this straightforward: preserve the maildir directories, export via a forensically sound process, and provide chain-of-custody documentation. Hosted email services add lawyer and discovery fees to this process that dedicated hosting eliminates.
Server Configuration Recommendations by Scale
Under 100 mailboxes (Essential): Postfix + Dovecot + Rspamd fits comfortably with 64GB RAM. IMAP index cache uses 4-8GB. Storage sufficient for 5-year retention at average mailbox sizes.
100-500 mailboxes (Advanced): Same stack; additional RAM headroom for FTS index and Dovecot connection handling under higher concurrent user load.
Exchange Server (Extreme): 192GB DDR5 ECC meets Exchange 2019 production requirements. ECC RAM prevents bit-flip corruption in Exchange database files.
Getting Started
InMotion’s APS team can assist with Postfix and Dovecot initial configuration under Premier Care. For organizations migrating from hosted email to self-hosted, InMotion Solutions handles the mailbox migration process, which is typically the most time-sensitive part of the transition.