Complete Email Hosting with Built-In Mail Server
Panelica includes a fully integrated email stack — Postfix for SMTP, Dovecot for IMAP/POP3, OpenDKIM for message signing, Roundcube for webmail, and ClamAV for virus scanning. No third-party plugins. No extra licenses. No monthly per-mailbox fees like cPanel or Plesk charge.
In This Article
1. Email Account Management
Every domain hosted on Panelica can have unlimited email accounts (subject to plan quotas). Each account gets its own Maildir-format mailbox with independent protocol controls — you can enable or disable IMAP, POP3, and SMTP per account.
Per-Account Protocol Control
Toggle IMAP, POP3, and SMTP independently for each mailbox. Need a send-only notification address? Disable IMAP and POP3. Need a receive-only support inbox? Disable SMTP.
Quota Management
Set per-mailbox storage quotas in MB. Real-time usage tracking with automatic suspension when quota is exceeded. Hierarchical quotas cascade from plan → user → individual account.
Secure Authentication
Passwords are stored using Dovecot-compatible BLF-CRYPT (bcrypt). Optional IP-based access restrictions let you lock mailboxes to specific IP addresses for high-security accounts.
Migration-Ready
Panelica's migration engine transfers email accounts with original password hashes intact — your users keep their existing passwords without any reset. Zero disruption during panel migrations.
Default Maildir structure includes standard folders — Inbox, Sent, Drafts, Trash, and Junk — created automatically with proper IMAP subscriptions so mail clients discover them instantly.
2. DKIM, SPF, DMARC — Email Authentication
Gmail, Outlook, and Yahoo now require proper email authentication. Since February 2024, bulk senders must have SPF, DKIM, and DMARC records or their emails go straight to spam. Panelica configures all three automatically.
-all (hard fail), DKIM with 2048-bit RSA keys, DMARC with p=quarantine or stricter, valid PTR record, TLS encryption for all outbound mail.
DKIM (DomainKeys Identified Mail)
Panelica generates 2048-bit RSA key pairs per domain using SHA-256 hashing. The private key signs every outgoing message through OpenDKIM running as a Postfix milter on port 8891. The public key is published as a DNS TXT record that receiving servers use to verify message authenticity.
SPF (Sender Policy Framework)
Automatic SPF record generation with hard fail (-all) — only your server IP is authorized to send email for your domain. This prevents spoofing and satisfies Gmail's strict requirements.
DMARC (Domain-based Message Authentication)
Default DMARC policy: p=quarantine with forensic reporting (fo=1) and aggregate reporting to the domain postmaster. Both rua and ruf reporting URIs are configured automatically.
Cloudflare DNS Integration
If your domain uses Cloudflare DNS, Panelica's Cloudflare module automatically creates all 6 required email DNS records: MX, Mail A record, SPF (root domain), SPF (mail subdomain for HELO identity), DKIM, and DMARC. One click — complete email deliverability.
3. Email Forwarding & Catch-All
Panelica supports three forwarding modes through Postfix virtual alias maps:
Standard Forwarding
Forward [email protected] to any external address. Optionally keep a copy in the original mailbox — useful for shared inboxes where you want both the original and the forwarded copy.
Multi-Destination
A single source email can forward to multiple destinations simultaneously. Route support@ to your entire support team without mailing list overhead.
Catch-All
Forward all unmatched addresses (@yourdomain.com) to a designated mailbox. Every email sent to any non-existent address on your domain gets captured instead of bouncing.
Forwarding rules are applied through Postfix virtual alias maps, compiled to hash format for high-performance lookups. Changes take effect immediately — no manual Postfix restart required.
4. Autoresponders (Out-of-Office)
Panelica uses Dovecot Pigeonhole Sieve for autoresponders — the industry standard, not a bolted-on script. This means autoresponders are processed at the mail delivery level, not through polling or cron jobs.
Features:
- Date-range scheduling — set start and end dates for vacation responses
- HTML and plain text message support
- Configurable response frequency (respond once per sender per X hours)
- Smart filtering — automatically skips spam, mailing list messages, and bulk mail
- Checks
X-Spam-Status,List-Unsubscribe,List-ID, andPrecedenceheaders
sievec for faster execution. Vacation replies use the real user address as the sender (not null sender) to pass SPF verification at the recipient's server.
5. Spam Filtering & Virus Scanning
Multi-layer protection combines SpamAssassin scoring with ClamAV virus scanning and custom blacklist/whitelist rules:
SpamAssassin
Per-account configurable spam score threshold (default: 5.0 on a 0-10 scale). Messages above the threshold are flagged with X-Spam-Status: Yes headers for client-side filtering.
ClamAV Virus Scanning
Real-time virus scanning on incoming mail with automatic signature updates via freshclam. Per-account toggle — enable for business accounts, disable for high-volume automated inboxes if needed.
Custom Blacklists & Whitelists
Global (admin-managed) and per-user blacklists with email, domain, and wildcard pattern support. Block entire TLDs (*@*.ru) or whitelist trusted partners. Applied at the Postfix level for maximum efficiency.
6. Roundcube Webmail
Roundcube 1.6 is integrated as the default webmail client, accessible at /webmail on your panel domain. It connects to Dovecot IMAP on localhost — no external IMAP traffic, no latency, no authentication delays.
The webmail interface supports SMTP relay configuration for external providers (Gmail, SendGrid, Amazon SES) with encrypted credential storage and connection health monitoring.
7. Mailing Lists
Built-in mailing list management without requiring Mailman or external software:
- JSONB-based member management with subscription states (subscribed, unsubscribed, bounced)
- Optional public subscription page with email confirmation
- Post moderation with designated moderator emails
- Public or private message archives
- Per-list statistics: total members, total emails sent
8. Mail Queue Management
Real-time Postfix queue monitoring lets you inspect, flush, hold, and requeue messages directly from the panel. No SSH access needed, no postqueue -p commands to memorize. Stuck messages? Select and retry. Spam in the queue? Select and delete.
9. cPanel vs Plesk vs Panelica Email Comparison
| Feature | cPanel | Plesk | Panelica |
|---|---|---|---|
| Built-in mail server | Exim (dated) | Postfix | Postfix + Dovecot |
| DKIM signing | Manual setup | Plugin required | Automatic per-domain |
| SPF / DMARC | DNS template | Manual DNS | Auto-generated records |
| Webmail | Roundcube/Horde | Roundcube | Roundcube integrated |
| Spam filtering | SpamAssassin | SpamAssassin | SpamAssassin + Custom rules |
| Virus scanning | ClamAV (extra) | Dr.Web (paid) | ClamAV included |
| Autoresponder engine | Cron-based script | Built-in | Dovecot Sieve (native) |
| Per-protocol toggle | No | No | IMAP/POP3/SMTP per account |
| Migration hash preserve | No | No | Yes — zero password resets |
| Cloudflare DNS sync | No | No | 6 records auto-created |
| SMTP relay config | Exim routes | Manual | GUI with health monitoring |
| Extra license cost | $15-45/mo | $10-30/mo | $0 — included |
10. Security Architecture
Email is a critical attack surface. Panelica's email stack is designed with defense-in-depth:
- TLS encryption for all inbound and outbound SMTP connections (
smtp_tls_security_level=may) - Dovecot SASL authentication — Postfix delegates auth to Dovecot for unified credential management
- Bcrypt password hashing (BLF-CRYPT) — no MD5, no plaintext, no SHA-1
- RBAC enforcement at both handler and service layers — defense-in-depth against IDOR attacks
- AES-256 encrypted SMTP relay credentials stored in the database
- Fail2ban integration — automatic IP blocking after failed authentication attempts
- Isolated mail directories — each user's mail is stored in their home directory with strict Unix permissions (700)
Complete Email Hosting — Zero Extra Cost
Postfix, Dovecot, DKIM, SPF, DMARC, ClamAV, Roundcube — all included. No plugins to buy, no per-mailbox fees.
Start Free TrialPanelica — The server management panel that doesn't charge extra for features that should be standard.