Should I use IMAP or POP3 with VestaCP mail?

IMAP (993 SSL) is recommended because it syncs mail across devices and keeps messages on the server.

Why do my emails land in spam?

Common causes are missing SPF/DKIM/DMARC records and misconfigured PTR (Reverse DNS) for the server IP.

Why am I not receiving email even though the mailbox exists?

Usually MX records still point elsewhere or DNS has not propagated; also verify required ports and firewall rules.

How to Create a Mailbox in VestaCP: Account, DNS, Security, and Setup (Step-by-Step)

How to create a mailbox in VestaCP

VestaCP (Vesta Control Panel) is a lightweight server control panel commonly used on VPS or small dedicated servers to manage websites, domains, DNS, and email accounts. Creating a mailbox in VestaCP is relatively simple, but making email actually work reliably (inbound, outbound, deliverability, and security) requires paying attention to DNS records, certificates, server identity (hostname/PTR), and authentication (SPF/DKIM/DMARC).

Before you start, confirm you have a server with administrative access and that VestaCP is already installed. VestaCP is most often deployed on Virtual Servers because you need control over ports, firewall rules, and DNS. For higher performance and isolation, consider Dedicated Servers. If you prefer a managed service without maintaining a panel, start with Hosting.

Security note: email servers are frequent attack targets. At minimum, you want strong passwords, TLS encryption, correct DNS, and a clean sending reputation. If the server is new, avoid sending high volumes in the first days because deliverability may be weak until reputation signals build. If email is business-critical, consider additional filtering and monitoring.

1) Add the domain in VestaCP (WEB and DNS)

To create a mailbox on your domain, the domain must exist in the panel. VestaCP typically allows adding it in WEB (website) and DNS (zone records). It is usually easier if VestaCP manages the DNS zone because SPF/DKIM and related records are then maintained in one place. If DNS is hosted elsewhere, you must replicate the required records manually.

In VestaCP, go to “WEB” → “Add Web Domain” and enter the domain. Then go to “DNS” → “Add DNS Domain” and add the same domain. Some installations can auto-create DNS when adding a web domain, but do not assume it—verify. Ensure your domain is pointed to your server either by delegating nameservers (if VestaCP runs DNS) or by setting correct A records and MX records at your external DNS provider.

2) Add the mail domain and create the mailbox account

Open the “MAIL” section in VestaCP. The workflow is typically: (1) add a Mail Domain, (2) create an account under that domain. Click “Add Mail Domain”, enter your domain, and save. Then open that domain in the MAIL list and click “Add Account”. Enter the mailbox name (for example, info, support, john) and set a password.

Password strength is critical. Use a long unique password and avoid sharing one mailbox password across the team. If you need a shared address (like info@), consider creating personal mailboxes and using forwarders or a process around message handling instead of credential sharing. If quotas are available, set realistic limits—too small will block mail, too large can fill the disk and affect the entire server.

3) Make sure mail services and ports are available

VestaCP commonly uses Postfix for SMTP and Dovecot for IMAP/POP3. For external email to function, required ports must be reachable: 25 (SMTP), 465 (SMTPS), 587 (Submission), 143/993 (IMAP), 110/995 (POP3), and often 80/443 for webmail and certificate issuance. Some providers restrict port 25 by default to reduce spam; if you cannot send outbound mail, confirm whether port 25 is blocked in your environment.

If you run a firewall (iptables/nftables/firewalld), allow only the needed ports. Do not open everything. If you do not need POP3, keep it closed. Security at the network layer is as important as password hygiene.

4) DNS records: A, MX, SPF, DKIM, DMARC

To receive email, your domain must have correct MX records pointing to your mail server host—often “mail.yourdomain.com”. That hostname must have an A record pointing to your server IP. Then add deliverability records: SPF (TXT), DKIM (TXT), and DMARC (TXT). VestaCP may generate DKIM keys and show you the TXT value. If VestaCP manages DNS, it may add DKIM automatically; otherwise you must add it at your DNS provider.

An SPF record often looks like “v=spf1 a mx ip4:SERVER_IP -all” or a variant matching your architecture. DKIM is a longer TXT record containing a public key. DMARC can start with “p=none” to collect reports and reduce risk, then evolve to “quarantine” or “reject”. Without these records, mail is more likely to land in spam or be rejected by strict receivers.

5) Server identity: hostname and PTR (Reverse DNS)

Outbound deliverability strongly depends on server identity. Ideally, your server has a correct hostname (for example, mail.yourdomain.com), an A record matching the IP, and a PTR record that resolves the IP back to that hostname. If PTR is missing or mismatched, many receivers reduce trust and may classify your mail as suspicious. PTR is typically configured by the IP owner (your hosting provider) and is one of the most common reasons why “mail sends but lands in spam”.

For business sending, use a static IP and request/configure PTR properly. Also confirm that Postfix HELO/EHLO matches your hostname. These details are small but heavily weighted in modern anti-spam filtering.

6) Access: webmail and email clients

VestaCP often installs Roundcube webmail. You can access it via a webmail host (like webmail.yourdomain.com) if configured, or via links in the panel. For email clients, prefer IMAP over SSL/TLS on port 993. For SMTP sending, use 465 (SSL) or 587 (STARTTLS). The username is typically the full email address, and the password is what you set in VestaCP.

If your mail client shows certificate warnings, the typical cause is a mismatch between the certificate and the hostname you are using (for example, connecting via IP instead of the mail hostname). Fix by installing a proper SSL certificate for your mail/webmail hosts and always using the correct hostnames in the client configuration.

7) Aliases, forwarding, and catch-all (use carefully)

VestaCP supports aliases, forwarding, and sometimes catch-all behavior. Catch-all often attracts spam, so it is best used only temporarily during migration. A safer model is creating explicit addresses and forwarding rules. For team workflows, avoid sharing mailbox passwords and consider setting up process-driven handling of shared inbox mail.

8) Quick troubleshooting when things go wrong

If mail does not arrive: check MX records, the A record for your mail hostname, and confirm ports 25/465/587 are reachable. If mail lands in spam: verify SPF/DKIM/DMARC and PTR alignment. If clients cannot connect: confirm IMAP 993 and SMTP 465/587 with TLS, plus firewall rules. If outbound sending fails: confirm port 25 restrictions and review server reputation signals.

After setup: a practical checklist

After creating the mailbox, run a quick verification: (1) send a test email to an external address and confirm you can receive replies, (2) confirm webmail login works, (3) configure a client with IMAP/SMTP and TLS, (4) verify MX records are correct, (5) add SPF/DKIM/DMARC, (6) configure hostname and PTR if you send externally. This ensures the mailbox is not only “created in the panel” but actually functional and reliable.

If email is critical, add backups and monitoring: disk usage alerts, log review, and regular security updates. VestaCP is a convenient panel, but it requires operational discipline. With a clean process, your mail service becomes stable, predictable, and much easier to troubleshoot.