If you have ever built a mail server from the ground up, you’ll know that it can be a tedious venture. There is another option for those of us who don’t want to spend the time editing countless configuration files. iRedMail is an amazing shell script that automatically installs and configures all the components necessary for a fully functional mail server. iRedMail uses a complete package of open-source software including:
Postfix– Mail transfer agent (MTA).
Dovecot– POP3 and IMAP server.
Nginx– Web server.
Idapd– LDAP server for storing mail accounts.
PostgreSQL– SQL server for application data. Can also be used to store mail accounts.
SpamAssassin– spam scanner.
ClamAV– Virus scanner.
Amavisd-new– Interface between Postfix, SpamAssassin and ClamAV.
Roundcube– Webmail client.
SOGo Groupware– Calendar, contact and tasks service.
Fail2ban– Bans IPs that look malicious.
Awstats– Apache and Postfix log analyzer.
iRedAPD– Postfix policy server.
In this tutorial, we will walk through all of the steps to get your mail server running and get it secured with SSL using Let’s Encrypt.
- An Ubuntu 16.04 instance with at least 2GB memory. A fresh installation is recommended.
- A non-root sudo user.
- A non-blacklisted IP address. If your IP address is on a blacklist it could prevent your emails from ever reaching their destination.
Installation With iRedMail
Before getting started with the installation, you should update your system.
sudo apt-get update sudo apt-get upgrade
Next, we will want to set our fully qualified domain name (FQDN) hostname. On Ubuntu, the hostname is set in 2 files,
sudo nano /etc/hostname
Add your short hostname to the file, not your FQDN. If your full domain is
mail.example.com your file should look like this.
/etc/hosts and add your FQDN.
127.0.0.1 mail.example.com mail localhost localhost.localdomain
Reboot your server.
sudo shutdown -r now
You can now verify your hostname.
Now that your FQDN has been set, we can move onto the installation. Download the latest version of iRedMail using
wget. You can find the latest build by visiting the iRedMail download page.
Next, extract the tarball and then
cd to the directory.
tar xvf iRedMail-0.9.7.tar.bz2 cd iRedMail-0.9.7
Then, add permission to the script and run it with sudo.
chmod +x iRedMail.sh sudo bash iRedMail.sh
You will see a setup wizard that will ask you some questions:
- Where you would like to store your mailboxes. The default location is
- Which web server you would like to use.
- The backend to use for storing your mail. If you choose MySQL or MariaDB you will also need to set the SQL root password. This should be a strong password and avoid using special characters as this will cause errors.
- Your first mail domain. This will be your domain from earlier minus the sub-domain. For example if you set your domain as
mail.example.comthen you would enter
example.comas your first mail domain name.
- Your domain administrator password, also avoiding special characters.
- Which optional components you would like installed. Minimally you should select
Now that everything has been entered, we just need to review the settings and begin the installation. After installation you will be asked if you would like to use the firewall rules provided by iRedMail. The rule will be copied to
/etc/default/iptables. To use this option enter “
y” and continue. You will then be shown some vital data including:
- Roundcube webmail URL.
- SOGo groupware URL.
- Web admin panel URL.
- Login username and password.
This data can also be found at
Reboot your server.
sudo shutdown -r now
After rebooting, you can access the web admin page at
https://mail.example.com/iredadmin using your domain. To access your email, use the Roundcube page at
https://mail.example.com/mail. iRedMail installs the server with a self-signed certificate which requires special permissions to open the page in your browser. It is recommended that you upgrade to an official CA certificate. Let’s Encrypt is a CA that offers free certificates. Visit Setup LetsEncrypt on Linux for information on using this service. Once the certificate is obtained you will need to replace the self-signed certs.
sudo cp /path/to/your/cert /etc/ssl/certs/iRedMail.crt sudo cp /path/to/your/key /etc/ssl/private/iRedMail.key
Restart all services using the key. If you’ve used Nginx for your web server you would replace
sudo systemctl restart postfix sudo systemctl restart apache2 sudo systemctl restart dovecot