Set up email for a customer

Before you start

Email accounts are a Pro-tier feature — the Mail page is locked on Community installs. If you're on Community, this guide won't apply. Confirm you're on Pro by checking https://<your-host>:2087/license — the badge at the top of the page should say Pro or Developer.

You also need port 25 to be reachable outbound. Most VPS providers block port 25 by default to prevent spam. Hetzner, OVH, Scaleway will lift the block after a verification step; DigitalOcean and Vultr typically won't. If your provider blocks 25, you'll need to configure an SMTP relay (Mailgun / SES / Postmark) for outbound — inbound still works fine on 25 once your DNS points at the panel.

Step 1 — Add the customer's domain

Admin → Domains → Add domain. Pick the customer who'll own it. The panel automatically:

• Creates a DNS zone in PowerDNS (if PowerDNS is your authoritative DNS).
• Generates SPF, DKIM, and DMARC records you'll need at the registrar.
• Provisions a Let's Encrypt cert for mail.<domain> via Caddy — needed for IMAP/SMTP TLS.

Step 2 — Create the mailbox

Switch to the customer panel (port 2083, log in as that customer) → Email → Create mailbox.

• Address: e.g. info@example.com
• Password: minimum 12 chars; the panel rejects anything weaker.
• Quota: per-mailbox disk cap; defaults to whatever the customer's package allows.

Step 3 — DNS records (published automatically)

When you create the first mailbox on a domain, NovaPanel publishes the MX, SPF, DKIM, and DMARC records into PowerDNS for you — including generating the DKIM signing key and wiring opendkim to sign outbound mail. If PowerDNS is authoritative for the domain, there's nothing to copy. The records look like:

; replace mail.example.com with the panel hostname
@        MX  10 mail.example.com.

; SPF — bare zone, authorises the panel's A/MX hosts
@        TXT "v=spf1 a mx ip4:203.0.113.10 ~all"

; DKIM — selector is "nova"
nova._domainkey  TXT "v=DKIM1; k=rsa; p=MIGfMA0G..."

; DMARC — policy comes from Mail Server → DMARC Policy
_dmarc   TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@example.com; fo=1"

If the domain's registrar (not PowerDNS) is authoritative, copy these from admin → DNS Zones → <domain> and add them at the registrar instead. Created mailboxes before this version? Click Republish mail DNS on the Mail Server page to generate keys and (re)publish all four records for every existing mail domain.

Step 4 — Wait for propagation, then test

Give the DNS records 5-30 minutes to propagate. Then from the customer panel → Email → <mailbox> → Send test email. The panel sends a probe to the address and checks delivery + spam score.

Or test manually — log into the bundled Roundcube webmail at https://mail.<domain>/ using the mailbox address + password and send yourself a message.

Common issues

"Mail accepted by us but never arriving at Gmail"

Almost always SPF / DKIM / DMARC misalignment, or a missing PTR record. Start at admin → Mail Deliverability: pick the domain and it runs live checks for SPF, DKIM, DMARC, reverse DNS (PTR), and the major blocklists (Spamhaus, SpamCop, Barracuda) against what the rest of the internet actually sees. Anything red there is your culprit. You can also cross-check with mail-tester.com. Note: PTR/rDNS is set at your VPS/cloud provider, not in NovaPanel.

"Connection refused on port 25"

Your VPS provider is blocking outbound 25. Two options: (1) ask them to lift the block (most will after a verification email), (2) configure an SMTP relay in admin → Mail Server → Relay. Postmark and SES both work well.

"DKIM signature failed"

Confirm the TXT record is published exactly as the panel shows it — line breaks and quotes are easy to mangle in registrar UIs. Some registrars (Hover, GoDaddy) insert linebreaks silently; paste into a text editor first to confirm there's only one logical line.

Next steps

• Configure DNS for a new domain — if PowerDNS isn't authoritative yet
• Troubleshooting — Mail issues section covers more edge cases