hMailServer – Open Source Mail Server for Windows with POP3, SMTP, IMAP, AntiVirus/AntiSpam and more Introducing hMailServer, an Open Source Mail Server for Windows with POP3, SMTP, IMAP, AntiVirus/AntiSpam and more

hMailServer - Mail Server open-source per Windows con gestione POP3, SMTP, IMAP, AntiVirus/AntiSpam e altro

Being able to send and receive e-mail message without relying to external services is often an handy feature of any dedicated server, be it a dedicated/hosted one or a VPS/cloud-based solution. In order to do so, you would want to consider the most widely used MHS (acronym for message-handling services) software available for your operating system of choose:

Believe it or not, these players handle over the 80% of the e-mail traffic on a world-wide scale. You might also have noticed that they are either Unix only or Commercial, meaning that if you’re using a Windows server you’ve got to pay another bill. If you’re up for it, here’s a link to buy a Microsoft Exchange: if you’re looking for a way to save some cache you could give a chance to hSendMail, a not-yet-so-much-known Open Source Mail Server for Windows developed by Martin Knafve – recently released upon AGPL license -which this post is mostly about.


In this post we’ll test the 5.6 hMailServer build – january 2015 – which is fully compatible with all Windows server and desktop major versions and builds from XP/2003 to Windows Server 2012 R2 and Windows 10. The software is bundled with a a really good pack of features: it supports all the MTA protocols & standards (POP3, SMTP, IMAP), a web-based Administration and/or e-mail handling management GUI available in all major languages, an extensive and well-written documentation available either online and offline, plus a lot of advanced features such as:

  • Virtual domains
  • Built-in backup
  • SSL encryption
  • Anti-spam
  • Anti-virus
  • Scripting
  • Server-side rules
  • Multilingual
  • Routing
  • MX backup
  • Multihoming
  • SQL backend

On top of that, thanks to its highly-customizable configuration settings and interface, you can also configure it as the default WebMail client for some of the most-used Ajax/PHP/.NET e-mail handling web-based frameworks (RoundCube, SquirrelMail, etc.). Not bad at all, isn’t it?


First thing you’ve to do is to download the latest version of hMailServer from the Download section of its official site. The installation is straight and forward, but in case you need help you can take a look to the official documentation’s installation guide chapter. Pay close attention when the setup wizard will prompt you to select the Database type you’ll want to use:


Choose the Database

As of today, hMailServer v5.6 currently supports four different database types:

The database of choice will be used to store some configuration options and, most importantly, the message base with all their indexes: that’s why it’s really important to choose something reliable, expecially if you’re setting up a production environment. The authors, other than reminding us that Microsoft SQL Server CE is not allowed to host commercial products, suggest the use of Microsoft SQL Server or PostgreSQL for their performance, security and overall integrity benchmarks. Our setup, proudly working since many years, proudly uses a 5.x build of the standard MySQL Community Edition: we never regretted that choice, so we can’t do anything but suggest you to use that aswell if you’re not fond of the two big giants above.

At the end of the installation process you will be asked to enter an administration password: this password will be prompted upon all connections from the administration tool to the hMailServer local instance:


Choose a well-suited password and write it down in a safe place, then double-click on the hMailServer Administrator icon you’ll find in your desktop and/or Startup panel. You’ll be prompted to select the instance where you wish to connect to, since the administration interface can be used to connect to multiple hMailServer installations as long as they are reachable via DCOM/RPC. If you only need accessing the one you just installed on localhost you won’t have any trouble finding it:


Connect hMailServer to the Database

If you’ve chosen MS SQL Compact Edition you can skip this paragraph, as you won’t be asked to do anything: otherwise, you’ll need to go through a small wizard to allow hMailServer connecting to your DB type of choice. First thing you’ll be asked for is if you want to use an existing DB or create a new one, then you’ll be asked for the connection parameters: ensure to select an username with the proper rights: at least readwritecreate/drop tables and, if you issued for a new database to be created, create database.



Configuring hMailServer is quite simple: the GUI interface is split upon a number of section, each one of them dedicated to a single aspect, protocol or job type. In the following paragraph we’ll dig through the most important ones in order to build a fully-featured Mail Server which will be capable of handling the most common task. First thing we’ll have to do is to setup the mail transportation related sections: POP3, IMAP and SMTP for one or more domains you own. In order to do that you’ll need to:

  • setup the MX Records for each domain, basically routing them to your server.
  • create an entry for that domain to hMailServer’s configuration.
  • configure the mail boxes, the alias and/or the distribution lists using the hMailServer GUI interface.
  • enable the SMTP, POP3 and/or IMAP protocols in hMailServer.

Setup the MX Records

In order to be able to manage the e-mail directed to your domain(s) you need to properly handle their MX Records, which basically are the informations received by the other mail servers when they lookup your domain in order to see where to actually route your messages: if you rely upon external, third-party e-mail handling services – such as the one from your hosting provider – your domain MX Records will be configured to point on them. In order to edit your MX Records, enter in the DNS management panel for your domain and add (or change) their IP.

Once you do that, you will have to wait some hours (usually 12-24) to have your changes propagated throughout the whole internet. After this time, each and every e-mail addressed to @yourdomain.ext will be handled over your server.

Adding a Domain

Go to the Welcome screen and click on Add Domain… to bring a tabbed settings panel into view: insert the hostname of the domain you want to configure into the General tab ( format): you can also configure one or more domain aliases – as long as you need them. Once you’re done, click on the Save button to the lower-right: a new entry will be created, along with three sub-folders for the Accounts, Aliases and Distribution lists related to this domain.


Configure E-Mail Accounts, Aliases and Distribution lists

For each domain defined under the the Domains node you’ll be able to create as many Accounts, Aliases and Distribution Lists as you want to. Let’s see how each one of them actually works.


Each Account is basically a dedicated mailbox in the format of accountName@domain.ext: once created, the server will accept e-mail messages sent to this address and store them into its database. For each Account name you will also be asked to define a password, which will be used to grant access to hMailServer‘s POP3 and/or IMAP services to receive and send e-mail. Adding accounts is basically what you need to do for each and every e-mail you want to create for yourself and/or for any of your users.


An alias, just like the name suggests, is nothing more than an alternative name for an existing account (and its related e-mail address).  As soon as you create an alias and bind it to an account, each e-mail sent to aliasName@domain.ext will we accepted by the server and routed to the accountName@domain.ext address. Creating one or more alias is often an excellent way to manage e-mail received by multiple senders ([email protected], [email protected], [email protected] and so on) and still receive them using a single, centralized e-mail address.


For further information about e-mail aliases we strongly suggest you to read this Wikipedia page.

Please notice that hMailServer allows you to create aliases for any e-mail address, alias or distribution list (see below), including those not managed by it: meaning that you’ll be able to create aliases for your gmail address, just to make an example.

Distribution lists

A Distribution list is rather similar to an alias, except that it routes a copy of each received messages to multiple e-mail addresses instead of just one: those among you that are familiar with how mailing-lists work will find that Distribution lists are pretty much that. You will be also able to choose who can send messages to the list: hMailServer supports three configuration modes: Public (everyone can send messages, including non-subscribers), Membership (subscribers only) or Announcements (only a single e-mail address). To keep it simple, use Public if you need to host an open, support-based mailing-lists, Announcements for newsletters or similar one-way-only communications, and Membership for any other scenario.


Enable POP3 and/or IMAP protocols

The last step we need to handle is to ensure that POP3 and/or IMAP are properly configured. Open the hMailServer’s management interface and expand the Protocols node:


Ensure that the checkboxes near to the protocols you want to activate for your users are checked. If you also want to activate the e-mail message relay feature using SMTP you can do that now and save yourself some time (see below). For additional info regarding POP3, IMAP and SMTP protocols, I strongly suggest taking a look at this useful post from the hMailServer official docs.

Enable SMTP protocol

Let’s now see what we need to do to configure hMailServer to send e-mail messages through SMTP. These are the required steps to perform:

  • Enable the SMTP protocol (if you didn’t that already, see above).
  • Setup the proper access/login credentials.

Open the hMailServer management interface and click on the Protocols tree node: ensure that the SMTP protocol is enabled.


SMTP Authentication Setup

Configuring a SMTP service will make your server prone to spam-bots attack, which could lead to highly unwanted scenarios, such as tens thousands of unwanted e-mail messages being snet through your service: whenever something happens, there’s also a high chance that your hostname will be banned by other SMTP relay services. For all these reasons is highly recommended to properly setup a multi-factor security and auth mechanism that will prevent any illicit access from unauthorized parties.

In order to do that, open the hMailServer admin panl and navigate to the Advanced -> IP Ranges node entry. Expand the node with a mouse click and check the settings related to the internal IP for the Local Area Network (such as localhost) or the external ones (such as internet). You can setup access rules for specific IP addresses and/or IP classes, and also selectively enable or disable each service (POP3, IMAP, SMTP) for each one of them.


Configure delivery permissions

The four checkboxes in the Allow deliveries from section allow you to configure e-mail delivery / forwarding permissions in the following way:

  • Local to Local will allow or not the sending of e-mails from and sent to internal mailboxes (or managed/configured on hMailServer).
  • Local to Externalwill allow or not the sending of emails from internal mailboxes (see above) and sent to external mailboxes (i.e. any other mailbox not managed by the local hMailServer instance).
  • External to Local will allow or not e-mail messages from external mailboxes to be sent to internal mailboxes.
  • External to External will allow or disallow e-mails to be sent from and to external mailboxes.

Require SMTP Authentication

Similarly, the four checkboxes in the Require SMTP authentication section will allow you to request or not the need for authentication for the four options described in the previous paragraph.

As we can see, hMailServer allows us to configure different Allow deliveries from and Require SMTP authentication permissions for each range of IPs that we define: this feature is particularly convenient in some situations, such as when we need to configure an SMTP server that allows non-authenticated access to use the mail() PHP function: that function, as many of us would already know, doesn’t allow us to specify authentication credentials, an issue that I addressed in a previous article and to which hMailServer might be an excellent solution.

IMPORTANT: It’s worth noting that by default hMailServer does not require SMTP authentication to send mail received from a service that has a local IP address (localhost,, as you can see by looking at the screenshot shown above. With regard to services that connect with any external IP, it is usually good practice to disable authentication when the recipient is an internal mailbox (managed by / configured on hMailServer) so that external SMTP servers will be able to send emails to the local instance: nonetheless, it’s strongly recommended to always configure proper authentication rules for sending to external services (local to external, external to external) to prevent our server to be used by spam services or malicious scripts to convey potentially unwanted messages.


That’s it for now: now you should be able to properly configure hMailServer with all its basic functionality. For any other configuration needs, I strongly suggest to take a look at the hMailServer official docs.

DISCLAIMER: this is an honest review which reflects the author’s thoughts on the product: neither him nor this blog received anything in order to write or publish it.


About Dark

Lead Developer, IT Project Analyst, UI Designer, Web Enthusiast. IT Architect for websites, interfaces, services & apps built for web & mobile devices. Microsoft MVP for Development Technologies since 2018.

View all posts by Dark

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.