BackendSide MailPanel – API-first mail server control panel for Linux

BackendSide MailPanel turns a clean Linux server into a complete mail system. A single binary control-panel configures and supervises Postfix, Dovecot, and PostgreSQL; issues and renews TLS certificates via Let's Encrypt; manages DKIM, SPF, and DMARC; wires DNSBL and greylisting for anti-spam; and exposes everything through a modern dark dashboard and a clean REST API — for one domain or many, on Ubuntu, Debian, RHEL, AlmaLinux, or Rocky Linux.

Self-hosted · API-first: A single self-contained binary running as a systemd service. The dashboard and REST API are served from the same process on port 8080. Auth is admin login (JWT browser session) for the UI and X-API-Key header for programmatic integrations. Postfix, Dovecot, OpenDKIM, OpenDMARC, SpamAssassin, ClamAV, and postgrey are all capability-gated and reconciled atomically from a structured config — if a package isn't installed, the panel skips it cleanly.
One-click install — from clean Linux server to working mail in minutes

You don't need to be a Postfix expert. Install the .deb or .rpm on a clean Linux server and the package's setup wizard takes care of the rest — no manual editing of main.cf, no dovecot.conf juggling, no SQL pg_hba.conf puzzles.

In a single apt install or dnf install followed by one Run Installer click, the panel will:

  • Install Postfix, Dovecot, PostgreSQL, and optional anti-spam packages (postgrey, OpenDKIM, OpenDMARC, SpamAssassin, ClamAV) using the right package manager for your OS
  • Initialise PostgreSQL (postgresql-setup --initdb on RHEL-family), rewrite pg_hba.conf so the panel role uses md5 over loopback while postgres keeps peer auth
  • Create the panel database, schema, and the vmail system user that owns mailbox files in /var/mail/vhosts/
  • Write atomic Postfix and Dovecot configurations (validated with postfix check / doveconf -n before rename) and reload both services
  • Install the systemd unit, generate the API key and JWT signing secret, and start everything

Then just open http://<your-server>:8080, the wizard's last step creates your admin account, and you're managing domains, mailboxes, aliases, TLS, DKIM, anti-spam, and the mail queue from a clean web dashboard.

Linux

Download BackendSide MailPanel v0.1.0 (Build 053) for Linux

Packages for Debian / Ubuntu (DEB) and RHEL-based distributions (RPM)

Distribution Package SHA256 Checksum
DEB Ubuntu 24.04 / Debian 12 and any Debian-based distro with systemd backendside-mailpanel_0.1.0_053_amd64.deb a1c3dfd938007470eb25a9868e8e5faa971f2d7504e78219a262ca4e3ed44bec
RPM RHEL 9 / 10 · AlmaLinux 9 / 10 · Rocky 9 / 10 · CentOS Stream 9 · Fedora backendside-mailpanel_0.1.0_053_amd64.rpm ed52b64f03d33f2a63a815154ba7ee35736f8857b3c81c11c122e9c5b76ce02d
DEB Installation (Ubuntu / Debian) — one command + one click
sudo apt install ./backendside-mailpanel_0.1.0_053_amd64.deb
sudo systemctl enable --now backendside-mailpanel

Then open http://<your-server>:8080, click Run Installer, and the wizard provisions PostgreSQL, Postfix, Dovecot, and optional anti-spam packages — auto-refreshing the checklist as each component turns green.

RPM Installation (RHEL / AlmaLinux / Rocky / CentOS / Fedora)
sudo rpm -i backendside-mailpanel_0.1.0_053_amd64.rpm
sudo systemctl enable --now backendside-mailpanel

The RPM ships the same wizard and supports the same one-click first-run install via dnf. Open http://<your-server>:8080 when the package finishes installing.

Pairs with BackendSide WebMail: install both on the same host and a 📧 Webmail tab appears in the MailPanel dashboard — service controls, config editor, and log viewer for the companion app. Users get a browser-based inbox for the mailboxes MailPanel provisions.

Changelog — what's new in each build

Full release history from Build 001 to the current Build 053 — site-wide footer, brand logos, self-hosted Inter font, anti-spam (DNSBL + greylisting), TLS, DKIM/SPF/DMARC, audit log, backup/restore, security headers, atomic config writes, RHEL support, and every fix and improvement in between.

View the full changelog

User Guide — from clean server to working mail, end to end

A plain-language walkthrough for the person sitting in front of the dashboard. Install, setup wizard, domains, DNS records, mailboxes & aliases, TLS, DKIM/SPF/DMARC, mail clients, queues, sessions, security, anti-spam, webmail companion, backups, updating, and troubleshooting.

Read the User Guide

Features

  • Multi-domain hosting: One panel serves many email domains (e.g. [email protected] and [email protected] on the same server), each with as many mailboxes and aliases as you need
  • Mailboxes & aliases: Full CRUD via dashboard and REST API; bcrypt password hashing (Dovecot {BLF-CRYPT}); automatic Maildir provisioning under /var/mail/vhosts/; per-mailbox quotas
  • Per-mailbox policy daemon: SMTP enabled flag, require-TLS, message-size limit, recipients-per-message, daily-send-count (resets midnight UTC). Enforced only on authenticated outbound submissions.
  • TLS / Let's Encrypt: Self-signed day-0 cert so 8080 / 587 / 993 work immediately; one-click Let's Encrypt issuance via certbot wrapper; automatic Postfix / Dovecot wiring; upload-your-own cert flow
  • DKIM / SPF / DMARC: OpenDKIM in sv mode (sign outbound + verify inbound) with auto-generated KeyTable / SigningTable / TrustedHosts; OpenDMARC in observe mode; postfix-policyd-spf-python wired as a recipient restriction. All three capability-gated.
  • Anti-spam (Phase 8): DNSBL rejection (default zen.spamhaus.org); greylisting via postgrey with configurable initial delay and auto-whitelist max age; spam_whitelist table with ip / cidr / domain / email entries; spampd (remote SpamAssassin) and ClamAV / clamsmtp content-filter wiring
  • Mail queue management: Per-message table backed by postqueue -j; flush queue, delete a single message, live refresh
  • Active sessions: List IMAP / POP3 sessions on Dovecot; kick (disconnect) a user with one click
  • Dashboard stats: Sent (1h / 24h) and Received (1h / 24h) cards auto-refreshing every 10 seconds, derived from journalctl SYSLOG_FACILITY=2 so they work even on Ubuntu 24.04 without rsyslog
  • Logs viewer: Dedicated tab for Postfix and Dovecot logs — 50 / 150 / 500 / 1000 line picker, keyword filter, 10-second auto-refresh, colour-coded (errors red, warnings orange, delivered/connect green)
  • Security tab: Change admin password (rewrites .env, hot-reloads); admin IP allowlist (blocks any other IP with 403 globally); per-port firewall (BSMP_FW iptables chain) with Allow / Block / Restrict for every managed port; re-applied on panel restart
  • Audit log: Every mutating admin action is recorded with who-did-what-when; viewable from a dashboard subtab
  • Backup & restore: Endpoints for the panel's own configuration and database; structured JSON logging via LOG_FORMAT=json; deep /health probe (DB, Postfix, Dovecot, disk)
  • WebMail companion: If BackendSide WebMail is installed alongside, a 📧 Webmail nav item appears with service controls (start / stop / restart), a structured config editor, and a log viewer — including Regenerate session key
  • REST API: Every dashboard action is also a documented JSON API call — authenticated via X-API-Key header (programmatic) or browser-session JWT (UI). Audit-log middleware records mutations.
  • Atomic config writes: Postfix and Dovecot config files are written to a temp file, validated with postfix check / doveconf -n, then renamed. A broken render never leaves a half-written file in place.
  • Security headers: HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy on every admin route; JWT-secret fail-closed startup; DSN scrubbing on 500s; CSP that blocks all external assets (Inter Variable font is self-hosted in the binary)
  • Single self-contained binary: UI and API embedded; no separate web server, no language toolchain on the host. .deb and .rpm with full systemd integration and shipped logrotate rules.
System Requirements:
OS: Ubuntu 24.04 LTS+, Debian 12+, AlmaLinux / Rocky / RHEL 9 or 10, CentOS Stream 9, Fedora (x86_64)
Resources: 512 MB RAM minimum (1 GB recommended), 1 GB free disk plus room for mail
Ports: 25 / 587 / 465 (SMTP), 143 / 993 (IMAP), 110 / 995 (POP3 — optional), 8080 (admin dashboard)
DNS & IP: A domain name you own, a public IP not blocked on port 25, and a PTR (reverse DNS) record for that IP
Known limitation: Greylisting (postgrey) is not currently available on AlmaLinux 10 / Rocky 10 / RHEL 10 — EPEL 10 doesn't yet ship the package. The wizard's install step logs a non-fatal warning and the reconciler's capability gate correctly skips Postfix wiring; toggling greylist on in the UI has no effect on these distros. DNSBL is unaffected.
Self-hosted & private: BackendSide MailPanel runs entirely on your own infrastructure. There is no SaaS component, no telemetry, no outbound calls, no phone-home requests — even the Inter web font is bundled inside the binary at /ui/fonts/InterVariable.woff2.

Software Screenshots

Login thumbnail
Dashboard thumbnail
Services thumbnail
Settings thumbnail
WebMail thumbnail