A Guide to Self-Hosting Calendar & Contacts with Mailcow & SOGo

Welcome to the next phase of our sovereign cloud. In Module 2, we forged the heart of our kingdom: a powerful, secure, and resilient Ubuntu server, ready and waiting to do our bidding. Today, we give it its first and most important job.

We are not starting with a small, novelty application. We are going right for the jugular of Big Tech’s surveillance machine. We are reclaiming the two most sensitive, intimate, and valuable datasets you own: your calendar and your contacts.

Think about it. Your contacts list—your “social graph”—is the map of your personal and professional life. Your calendar is the record of your past and the plan for your future. It knows where you are, who you’re meeting, and what you’re doing, every single day. Google and Apple don’t just “store” this information for your convenience. They scan it, parse it, and feed it into the massive surveillance engine that builds your advertising profile. When you get a flight confirmation, Google adds it to your calendar. This isn’t just a “feature”; it’s a demonstration of the total, unfettered access you have given them.

Reclaiming this data is the single biggest step you can take in “de-googling” your life.

To do this, we will be installing Mailcow, a powerful, all-in-one, “dockerized” mail server suite. While its primary purpose is email (which we will tackle in the next post), it comes bundled with a fantastic piece of open-source groupware called SOGo. It is SOGo that will provide our industry-standard CalDAV (for calendars) and CardDAV (for contacts) server.

This is a long, technical, and incredibly rewarding installation. By the end, you will have a private, secure, and open-standards-based server for the very heart of your day, accessible from all your devices, and owned by no one but you.

Understanding the Open Protocols: CalDAV and CardDAV

For decades, we’ve been tricked into thinking that our data is tied to a brand. You have a “Google Calendar.” You have an “iCloud Calendar.” This is a lie.

The data is just a calendar. The technology that makes it sync is an open, universal standard called CalDAV. The technology for contacts is CardDAV.

These are just like HTTP, the protocol for websites. They are open, documented, and supported by hundreds of different applications. The only reason your Google Calendar doesn’t easily sync with your Apple Calendar is that these companies have intentionally broken the open standard to create their walled gardens.

By setting up our own CalDAV and CardDAV server, we are breaking free. We are building a “protocol-first” solution, which means we will be able to sync our data to any compatible client—Android, iPhone, Windows, macOS, or Linux. We are liberating our data from the application and the brand, giving us true freedom and portability.

Our Strategy: “Docker-in-a-VM”

As we discussed in Post 8, our architecture of choice is the Fortress. We will create a dedicated Virtual Machine for our productivity services.

Inside this VM, we will install Mailcow. Mailcow is “dockerized,” meaning it’s not one giant application but a collection of many small, specialized applications (a web server, a database, SOGo, etc.) that all run in their own isolated containers.

This gives us the best of all worlds:

1. The Fortress (VM): Our entire Mailcow setup is contained within a single VM. Backing it up is as simple as shutting it down and copying its single qcow2 file (as we learned in Post 11).
2. The Apartment Block (Docker): Inside the VM, Mailcow uses Docker to manage its own complex dependencies, making the installation and update process vastly simpler for us.

Let’s begin.

Preparing Your New Tenant (The VM)

We need to create a brand new, dedicated VM for Mailcow. This application is a beast and will run our entire productivity suite, so we will give it more resources than our sync-server.

1. Launch virt-manager: Connect to your host server with ssh -X and launch virt-manager just as we did in Post 10.
2. Create a New VM: Follow the exact same steps you did in Post 11. Here are the specifications for this new VM:
   • OS ISO: Use the same Ubuntu Server 22.04 LTS ISO.
   • Memory (RAM): Mailcow is memory-hungry. Give it a minimum of 4096 MB (4 GB). 8192 MB (8 GB) is strongly recommended if you have it.
   • CPUs: Give it at least 2 vCPUs, 4 is ideal.
   • Storage: Give it a larger disk. 50 GB is a good starting point.
   • Name: mail-server.
   • Customize before install: Check this box.
   • Network: Select “Bridge br0”.
3. Customize the VM: Just as we did before, optimize the new VM:
   • CPU: Select “Copy host CPU configuration.”
   • Disk 1: Change the “Disk bus” to VirtIO and ensure “Storage format” is qcow2.
   • NIC: Change the “Device model” to virtio-net.
   • Remove: Remove the “Tablet,” “Sound,” and “USB” hardware.
4. Install Ubuntu Server: Begin the installation and proceed through the Ubuntu installer with these specific settings:
   • Network: When you get to the network screen, configure a static IP. This is mandatory.
     • Address: 10.0.0.51
     • Gateway: 10.0.0.1
     • Name servers: 10.0.0.1
     • Search domains: home.arpa
   • Storage: Use the default (use entire disk).
   • Profile: Create a new user (e.g., mailadmin) and password.
   • SSH: Check “Install OpenSSH Server.”
   • Snaps: Do not install any server snaps.
5. Reboot and Verify: Finish the installation, “eject” the virtual CDROM (by disconnecting it in the storage settings), and boot up your new VM. You should be able to SSH into it from your desktop: ssh mailadmin@10.0.0.51
6. Update: Run a full update on your new VM: sudo apt update && sudo apt upgrade -y

Create a DNS Record in pfSense

This is a simple but vital step. We need to be able to access our new server by its name, mail-server.home.arpa.

1. Log into your pfSense web GUI (http://pfsense.home.arpa).
2. Go to Services > DHCP Server.
3. Scroll to the bottom to DHCP Static Mappings and click Add.
4. Find the MAC address of your new mail-server VM (you can get this from the ip a command on the VM, or from its hardware details in virt-manager).
5. Fill out the mapping:
   • MAC Address: (The VM's MAC)
   • IP Address: 10.0.0.51
   • Hostname: mail-server
   • Description: Mailcow VM
6. Click Save and Apply Changes.

Now, all devices on your network will know that mail-server.home.arpa is at 10.0.0.51.

Preparing the VM for Mailcow

Mailcow runs on Docker. We need to install Docker, the Docker Compose plugin, and Git.

Log into your mail-server VM via SSH to perform these steps.

Step 1: Install Git

sudo apt install git -y

Step 2: Install Docker Engine (The Official Way)

We must install Docker from its official repository, not Ubuntu’s, to ensure we have the latest version.

1. Set up the repository:# Add Docker's official GPG key: sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL [https://download.docker.com/linux/ubuntu/gpg](https://download.docker.com/linux/ubuntu/gpg) -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] [https://download.docker.com/linux/ubuntu](https://download.docker.com/linux/ubuntu) \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update
2. Install Docker Engine and Compose Plugin:sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
3. Add Your User to the Docker Group: This allows you to run docker commands without sudo (you’ll need to log out and back in for this to take effect).sudo usermod -aG docker $USER
4. Log out and log back in.
5. Verify: docker --version (Should show a recent version) docker compose version (Should show “Docker Compose version v2.x.x”)

Installing Mailcow

We are prepped and ready. Let’s install the suite.

1. Clone the Repository: We will install Mailcow in the /opt directory, a standard place for third-party software. sudo git clone https://github.com/mailcow/dockerized /opt/mailcow-dockerized
2. Enter the Directory: cd /opt/mailcow-dockerized
3. Generate the Configuration File: Mailcow comes with a setup script. sudo ./generate_config.sh
4. Answer the Questions:
   • Mail server hostname: This is the most important question. Enter the FQDN (Fully Qualified Domain Name) we just set up: mail-server.home.arpa.
   • Timezone: Enter your timezone (e.g., America/New_York).
5. This script will create a mailcow.conf file.
6. Tweak Configuration: We need to make one small change for our local-only setup. Open the file: sudo nano mailcow.conf
   • Find the line SKIP_LETS_ENCRYPT=n and change it to y:
   • SKIP_LETS_ENCRYPT=y
   • Why? Let’s Encrypt provides SSL/TLS certificates, but it can only do that for publicly accessible domains. Since our server is local-only, we’ll skip this and just access it over HTTP, which is perfectly safe inside our trusted network (or over our VPN).
   • Save the file (Ctrl+X, Y, Enter).
7. Pull the Container Images: This will download all the components Mailcow needs. This will take a long time. sudo docker compose pull
8. Run Mailcow! Once pulling is complete, bring the whole stack online in “detached” (-d) mode: sudo docker compose up -d

This will start dozens of containers. It will take a minute or two for everything to boot up. You can check the status at any time by running sudo docker compose ps from the /opt/mailcow-dockerized directory. Wait until all containers show a “State” of “Up” or “healthy.”

Configuring Your First User

Mailcow is running! Let’s access the command center.

1. Open the Mailcow UI: In your web browser, go to the hostname you set: http://mail-server.home.arpa
2. You will see the Mailcow login screen.
3. Log in as Admin:
   • Username: admin
   • Password: moohoo
4. CHANGE THE PASSWORD! The first thing you should do is click on your name in the top right, go to “Edit Profile,” and change the admin password to something strong and unique.
5. Create Your First User: This is the user that will own the calendar and contacts.
   • Go to Email > Mailboxes.
   • Click Add Mailbox.
   • Username: john (or your name).
   • Domain: home.arpa will be the default domain. This is fine. Your user’s “identity” will be john@home.arpa.
   • Full Name: John Doe.
   • Password: Set a strong password for this user.
   • Click Add.

Accessing SOGo (Your New Calendar & Contacts)

We’ve created a user. Now, let’s log in to the actual SOGo application.

1. From the Mailcow UI, click the “Apps” menu at the top.
2. Click on SOGo.
3. You will be taken to the SOGo login screen. Log in with the full user credentials you just created:
   • Username: john@home.arpa
   • Password: (The user password you just set)
4. SUCCESS! You are now looking at the SOGo web interface. You will see three icons on the left: Email, Calendar, and Contacts.

Click on the Calendar icon. It’s empty, but it’s yours. Click on the Address Book icon. It’s empty, but it’s yours. You have successfully deployed a CalDAV and CardDAV server.

The Payoff – Connecting Your Devices

This is the entire point. Let’s get this data on our phones and desktops.

Method 1: Connecting Android (with DAVx⁵)

This is the recommended method for Android, as outlined in the FUTO guide.

1. Get the App: Install DAVx⁵ from the Google Play Store or F-Droid. This is the gold-standard CalDAV/CardDAV sync client.
2. Add Account: Open DAVx⁵ and click the “+” button.
3. Choose “Login with URL and username.”
4. Base URL: This is the magic part. SOGo provides a simple autodiscovery URL. Enter: http://mail-server.home.arpa/SOGo/dav/
5. Username: john@home.arpa
6. Password: (Your user password)
7. Log In: DAVx⁵ will connect, find your user account, and show you two tabs: CalDAV and CardDAV. It will have found your “Personal Calendar” and “Personal Address Book.”
8. Sync: Give the account a name (e.g., “Sovereign Cloud”) and let it sync.
9. Verification: Open your phone’s default Calendar app (like Google Calendar). Go to its settings. You will now see your new “Sovereign Cloud” calendar listed. Events you create here will sync to SOGo. Open your phone’s default Contacts app. Your new “Sovereign Cloud” address book will be a storage location. Contacts you create here will sync to SOGo.
10. You have done it. You have bi-directional, native sync.

Method 2: Connecting Desktop (with Thunderbird)

Thunderbird is a fantastic, open-source email, calendar, and contacts client.

1. Install Thunderbird: Download it from thunderbird.net.
2. Add Calendar:
   • Go to the Calendar tab. In the left-hand “Calendar” pane, right-click and select “New Calendar…”.
   • Choose “On the Network.”
   • Username: john@home.arpa
   • Location: http://mail-server.home.arpa/SOGo/dav/john@home.arpa/
   • Click “Find Calendars.” It will ask for your password.
   • It will find your calendars. Check the box for “Personal Calendar” and click Subscribe.
3. Add Contacts:
   • Go to the “Address Book” tab.
   • Go to File > New > CardDAV Address Book…
   • Username: john@home.arpa
   • Location: http://mail-server.home.arpa/SOGo/dav/john@home.arpa/
   • Click Continue. It will find your address book.
   • Click Continue again to finish.

You now have your private calendar and contacts syncing perfectly to your desktop, completely independent of Google.

What’s Next? (And What About Email?)

Take a deep breath. This was a massive installation, but the payoff is equally huge. We have reclaimed the very core of our daily productivity. Note that this server is currently only accessible from inside your network or over your OpenVPN—which is exactly what we want. Your data is 100% firewalled from the public internet.

You may have noticed that SOGo has a fully functional “Mail” tab. We’ve just installed a complete, powerful, complex mail server. But we haven’t configured it to talk to the outside world. That is a complex task that deserves its own, dedicated guide.

In the very next post, “Self-Hosted Email That Actually Works,” we will tame the beast. We will configure Mailcow to use an SMTP Relay (as recommended by the FUTO guide) to guarantee our emails get delivered, and we will set up the critical public DNS records (SPF, DKIM, and DMARC) that will make the internet trust our new, sovereign mail server.