Running Mailcow inside a TrueNAS Incus LXC
I just finished standing up a full Mailcow stack inside a Debian Trixie LXC on my TrueNAS system, and it’s working beautifully. ![]()
Setup highlights:
- Host: TrueNAS SCALE with Incus
- Guest: Debian Trixie LXC (static IP on my LAN)
- Storage: mounted my /mnt/vega/docker/stacks/mailcow dataset into the container at /mailcow so all configs, mail, and certs live on ZFS
- Installed Docker + Docker Compose inside the LXC
- Pulled and launched Mailcow as usual (docker compose up -d)
Working services so far:
- Postfix (SMTP on 25/465/587)
- Dovecot (IMAP/POP3 on 993/995/143/110)
- SOGo (webmail/calendar/contacts)
- ACME auto-renewal with Let’s Encrypt
- Rspamd + ClamAV for filtering
Why I like this approach:
- Keeps Mailcow totally isolated from my host
- ZFS dataset makes backups and snapshots super easy
- Certificates, mailboxes, and configs persist outside the container lifecycle
- Easier to nuke/redeploy the LXC if something breaks, without touching my mail data
How I did it (5 steps):
- Create the LXC:
incus launch images:debian/trixie mailcow
incus config device add mailcow mailcowdata disk source=/mnt/vega/docker/stacks/mailcow path=/mailcow
incus config device add mailcow eth0 nic nictype=bridged parent=br0 name=eth0
- Gave it a static IP (192.168.1.8 in my case).
- Install Docker inside the LXC:
apt update && apt upgrade -y
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
- Verified with docker run hello-world.
- Prepare Mailcow:
cd /mailcow
git clone https://github.com/mailcow/mailcow-dockerized .
cp mailcow.conf.example mailcow.conf
./generate_config.sh
- Bring it up:
docker compose pull
docker compose up -d
- Finish setup:
- Pointed DNS (A + MX + SPF, DKIM, DMARC) at my static IP
- Verified ACME pulled a Let’s Encrypt cert automatically
- Logged into the admin UI and reset the default password
So far, I’ve been able to connect Thunderbird and iOS Mail to it, and TLS certs are valid with Let’s Encrypt.