Running a self-hosted mail server on a Hong Kong VPS gives you complete control over email infrastructure — no per-seat SaaS fees, full access to mail logs, custom filtering rules, and the ability to operate transactional email from your own domain with maximum deliverability control.
For Asia-Pacific businesses sending email to Chinese users (QQ Mail, 163.com, Sina Mail) and international recipients simultaneously, a properly configured Hong Kong VPS mail server with a native Hong Kong IP and clean reputation is the most reliable foundation for high-deliverability email.
Before starting: Self-hosted mail servers require careful ongoing management. For transactional email at high volume (10,000+ emails/day), consider a hybrid approach: self-hosted for inbound and low-volume outbound, plus a transactional API (SendGrid, AWS SES, or Mailgun) for bulk sends.
Prerequisites
- A Hong Kong VPS with at least 2 vCPU and 2 GB RAM
- Ubuntu 22.04 LTS
- A dedicated IP address (included with all Server.HK VPS plans)
- A domain name with full DNS control
- Port 25 not blocked by your provider (verify before starting — some providers block outbound port 25 by default)
Step 1: Set Up Hostname and Reverse DNS (PTR Record)
A proper PTR record (reverse DNS) is essential for email deliverability — receiving mail servers check that your sending IP’s PTR record matches your mail server’s hostname. Without a PTR record, many mail servers will reject or spam-folder your email.
# Set the system hostname
hostnamectl set-hostname mail.yourdomain.com
# Verify
hostname -fContact Server.HK support to set the PTR (reverse DNS) record for your VPS IP to mail.yourdomain.com. This is a provider-side configuration — you cannot set it yourself in DNS.
Step 2: Install Postfix (SMTP Server)
apt update && apt upgrade -y
apt install -y postfix postfix-mysql dovecot-core dovecot-imapd \
dovecot-pop3d dovecot-lmtpd opendkim opendkim-tools \
certbot spamassassinDuring Postfix installation, select Internet Site and enter your mail domain (yourdomain.com).
Basic Postfix configuration
nano /etc/postfix/main.cf# Identity
myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
# Network
inet_interfaces = all
inet_protocols = ipv4
# Domains to receive mail for
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# Relay — do not relay for other domains
mynetworks = 127.0.0.0/8
# TLS (SSL) configuration
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_security_level = may
# SASL authentication for outbound relay (if using smarthost)
# Remove these lines for direct delivery
# relayhost = [smtp.relay.com]:587
# Anti-spam
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org
# Message size limit (50MB)
message_size_limit = 52428800systemctl restart postfix
systemctl enable postfixStep 3: Install SSL Certificate for Mail Server
certbot certonly --standalone \
-d mail.yourdomain.com \
--email your@email.com \
--agree-tos \
--no-eff-emailStep 4: Configure Dovecot (IMAP/POP3)
nano /etc/dovecot/dovecot.confprotocols = imap pop3 lmtp
mail_location = maildir:~/Maildir
nano /etc/dovecot/conf.d/10-ssl.confssl = required
ssl_cert = </etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
nano /etc/dovecot/conf.d/10-auth.confdisable_plaintext_auth = yes
auth_mechanisms = plain loginsystemctl restart dovecot
systemctl enable dovecotStep 5: Configure SPF, DKIM, and DMARC (Critical for Deliverability)
These three DNS records are the foundation of email deliverability. Without them, your email will be rejected or spam-foldered by most major mail providers.
SPF Record
Add a TXT record to your domain’s DNS:
Name: yourdomain.com
Type: TXT
Value: v=spf1 ip4:YOUR_VPS_IP mx ~allThis tells receiving servers that only your VPS IP (and your MX server) are authorised to send email from your domain.
DKIM (DomainKeys Identified Mail)
# Generate DKIM keys
mkdir -p /etc/opendkim/keys/yourdomain.com
opendkim-genkey -s mail -d yourdomain.com -D /etc/opendkim/keys/yourdomain.com/
chown -R opendkim:opendkim /etc/opendkim/keys/
# View the public key to add to DNS
cat /etc/opendkim/keys/yourdomain.com/mail.txtAdd the DKIM public key as a TXT record in DNS:
Name: mail._domainkey.yourdomain.com
Type: TXT
Value: v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HEREConfigure OpenDKIM:
nano /etc/opendkim.confMode sv
Canonicalization relaxed/simple
Domain yourdomain.com
Selector mail
KeyFile /etc/opendkim/keys/yourdomain.com/mail.private
Socket inet:8891@localhost
TrustAnchorFile /usr/share/dns/root.keysystemctl restart opendkim
systemctl enable opendkimConnect Postfix to OpenDKIM by adding to /etc/postfix/main.cf:
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891DMARC Record
Name: _dmarc.yourdomain.com
Type: TXT
Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com; fo=1Start with p=none (monitor only) for the first two weeks to verify SPF and DKIM are working correctly before moving to p=quarantine or p=reject.
Step 6: Open Firewall Ports
ufw allow 25/tcp # SMTP (outbound/inbound)
ufw allow 587/tcp # SMTP submission (authenticated clients)
ufw allow 465/tcp # SMTPS (SSL)
ufw allow 993/tcp # IMAPS (SSL)
ufw allow 995/tcp # POP3S (SSL)Step 7: Verify Email Deliverability
# Test SPF, DKIM, DMARC configuration
# Send a test email to: check-auth@verifier.port25.com
# The reply includes a full deliverability report
# Check your IP reputation
# Visit: https://mxtoolbox.com/blacklists.aspx
# Enter your VPS IP and check all major blacklists
# Test with mail-tester.com
# Send an email to the test address provided, get a deliverability score out of 10A properly configured mail server should achieve a score of 9–10/10 on mail-tester.com.
Deliverability for Chinese Mail Providers
Chinese mail providers (QQ Mail, 163.com/126.com NetEase, Sina Mail) have stricter filtering than international providers. Additional steps for China deliverability:
- Register with NetEase postmaster: Apply for IP whitelist at
postmaster.163.com - QQ Mail sender registration: Apply at
openmail.qq.comfor improved inbox placement - Warm up your IP: Start with low send volume (50–100/day) and increase gradually over 2–4 weeks — Chinese providers are particularly sensitive to new IP sending patterns
- Maintain low complaint rates: Chinese users mark foreign email as spam readily — ensure strong opt-in practices and easy unsubscribe
Conclusion
A self-hosted mail server on a Hong Kong VPS with properly configured SPF, DKIM, and DMARC provides full control over email infrastructure with excellent deliverability to both international and Chinese mail providers. The native Hong Kong IP and CN2 GIA routing give your mail server the best possible network foundation for reaching Chinese inboxes from an international IP.
Deploy your mail server on Server.HK’s Hong Kong VPS plans — dedicated native IP included on all plans, with PTR record configuration available on request.
Frequently Asked Questions
Is port 25 open on Server.HK Hong Kong VPS plans?
Port 25 availability varies by provider and plan. Contact Server.HK support to confirm port 25 status for your specific plan before setting up a mail server. Many providers require a support request to enable outbound port 25 to prevent spam abuse from newly provisioned VPS instances.
Should I use a self-hosted mail server or a transactional email service?
Self-hosted mail is appropriate for inbound mail, low-volume transactional notifications, and teams with the operational capacity to manage deliverability. For bulk transactional email (order confirmations, password resets at scale), a reputable transactional email API (AWS SES, SendGrid, Mailgun) provides better deliverability through pre-warmed IP pools and established sender reputation. Many production setups use both: self-hosted for inbound and self-hosted SMTP for outbound, with a transactional API for high-volume sends.
How long does it take to build email sending reputation on a new Hong Kong VPS IP?
IP warm-up typically takes 4–8 weeks of gradual volume increases. Start with 50–100 emails per day to engaged recipients, increasing by 50% per week. Major ISPs (Gmail, Microsoft, Yahoo) evaluate new IPs on engagement metrics — sends to unengaged or invalid addresses during warm-up permanently damage reputation. Focus early sends on your most engaged subscribers.