If you have ever built a mail server from the ground up, you know that it can be a tedious venture. There is another option for those of us who don’t want to spend time editing countless configuration files. iRedMail is an amazing shell script that automatically installs and configures all the components necessary for a fully functional mail server. iRedMail uses a complete package of open-source software, including:
Postfix – Mail transfer agent (MTA).
Dovecot – POP3 and IMAP server.
Apache, Nginx – Web server.
OpenLDAP, Idapd – LDAP server for storing mail accounts.
MySQL, MariaDB, PostgreSQL – SQL Server for application data. It can also be used to store mail accounts.
SpamAssassin – spam scanner.
ClamAV – Virus scanner.
Amavisd-new – Interface between Postfix, SpamAssassin, and ClamAV.
Roundcube – Webmail client.
SOGo Groupware – Calendar, contact, and tasks service.
Fail2ban – Bans IPs that look malicious.
Awstats – Apache and Postfix log analyzer.
iRedAPD – Postfix policy server.
In this tutorial, we will walk through all of the steps to get your mail server running and get it secured with SSL using Let’s Encrypt.
An Ubuntu 16.04 Instance with at least 2GB of memory. A fresh installation is recommended.
A non-blacklisted IP address. If your IP address is on a blacklist, it could prevent your emails from ever reaching their destination.
Before getting started with the installation, you should update your system.
sudo apt-get update
sudo apt-get upgradeNext, we will want to set our fully qualified domain name (FQDN) hostname. On Ubuntu, the hostname is set in 2 files, /etc/hostname and /etc/hosts.
Open /etc/hostname.
sudo nano /etc/hostnameAdd your short hostname to the file, not your FQDN. If your full domain is mail.example.com your file should look like this.
Next, open /etc/hosts and add your FQDN.
127.0.0.1 mail.example.com mail localhost localhost.localdomainReboot your server.
sudo shutdown -r nowYou can now verify your hostname.
hostname -fNow that your FQDN has been set, we can move on to the installation. Download the latest version of iRedMail using wget. You can find the latest build by visiting the iRedMail download page.
tar xvf iRedMail-0.9.7.tar.bz2
cd iRedMail-0.9.7Next, extract the tarball and then cd to the directory.
tar xvf iRedMail-0.9.7.tar.bz2 cd iRedMail-0.9.7Then, add permission to the script and run it with sudo.
chmod +x iRedMail.sh
sudo bash iRedMail.shYou will see a setup wizard that will ask you some questions:
Where would you like to store your mailboxes? The default location is /var/vmail.
Which web server would you like to use?
The backend to use for storing your mail. If you choose MySQL or MariaDB, you will also need to set the SQL root password. This should be a strong password, and avoid using special characters, as this will cause errors.
Your first mail domain. This will be your domain from earlier, minus the subdomain. For example, if you set your domain as mail.example.com Then you would enter example.com as your first mail domain name.
Your domain administrator password, also avoiding special characters.
Which optional components would you like installed? Minimally, you should select Roundcube and iRedAdmin.
Now that everything has been entered, we just need to review the settings and begin the installation. After installation, you will be asked if you would like to use the firewall rules provided by iRedMail. The rule will be copied to /etc/default/iptables. To use this option, enter “y” and continue. You will then be shown some vital data, including:
Roundcube webmail URL.
SOGo groupware URL.
Web admin panel URL.
Login username and password.
This data can also be found at /home/yourusername/iRedMail-0.9.7/iRedMail.tips.
Reboot your server.
sudo shutdown -r nowAfter rebooting, you can access the web admin page at https://mail.example.com/iredadmin using your domain. To access your email, use the Roundcube page at https://mail.example.com/mail. iRedMail installs the server with a self-signed certificate, which requires special permissions to open the page in your browser. It is recommended that you upgrade to an official CA certificate. Let’s Encrypt is a CA that offers free certificates. Visit Setup Let's Encrypt on Linux for information on using this service. Once the certificate is obtained, you will need to replace the self-signed certs.
sudo cp /path/to/your/cert /etc/ssl/certs/iRedMail.crt
sudo cp /path/to/your/key /etc/ssl/private/iRedMail.keyRestart all services using the key. If you’ve used Nginx for your web server, you would replace apache2 with nginx.
sudo systemctl restart postfix
sudo systemctl restart apache2
sudo systemctl restart dovecot