Install ‘iRedMail’ (Fully Featured Mail Server) with Virtual Domains, Webmail, SpamAssassin & ClamAV in Linux

After HTTP and shadow DNS services, mail (SMTP, POP, IMAP and all related encrypted mail protocols) is one of the most used service in Internet, and also, one of the most sensible, due to spam and open-relay mail servers.

Install iRedMail in Linux

Install iRedMail in Linux

This tutorial will guide you through installing a full mail server with MTA, MDA and MUA software in a few minutes on RHEL, CentOS, Scientific Linux and Debian, Ubuntu, Linux Mint with Postfix, Virtual Domains and Users with MySQL, Dovecot – support for POP3/POP3S, IMAP/IMAPS, Roundcube – Webmail and also, mail spam and virus scanning with SpamAssassin and ClamAV, all installed using a single software package called ‘iRedMail’.

What is iRedMail

iRedMail is an Open Source full featured mail server solution that can spare a lot of time for system administrators for complex configurations, has support for all major Linux distributions and ships with the following Linux packages.

  1. Postfix: SMTP service – default MTA.
  2. Dovecot: POP3/POP3S, IMAP/IMAPS, Managesieve service – default MDA.
  3. Apache: Web server.
  4. MySQL/PostgreSQL: Storing application data and/or mail accounts.
  5. OpenLDAP: Storing mail accounts.
  6. Policyd: Postfix policy server.
  7. Amavisd: An interface between Postfix and SpamAssassin, ClamAV. Used for spam and virus scanning.
  8. Roundcube: Webmail – default MUA.
  9. Awstats: Apache and Postfix log analyzer.
  10. Fail2ban: scans log files (e.g. /var/log/maillog) and bans IPs that show malicious system attempts.

Requirements

  1. CentOS 6.5 minimal installation – CentOS 6.5 Installation Guide
  2. A valid DNS MX record that points to your mail server responsible for your domain name.

Also, this tutorial is designed for testing and learning purposes only and does not use a valid MX records, nor a valid DNS domain mane, all of configurations are made locally using virtual recipients with MySQL (can receive or send mail between local domain users only – local domain name provided from hosts file) but be aware that, although our system can’t receive mails from internet domains, it can actually relay mails to those domain mail servers through Postfix MTA, even if you reside on a private IP address space, with no valid MX record and using a fictional domain, so pay much attention to what you’re doing.

Step 1: Initial Configurations and Static IP Address

1. After first reboot login with your root account and make sure your system is up to date and install some useful packages needed for later usage.

On RHEL/CentOS/Scientific Linux
# yum update && yum upgrade
# yum install nano wget bzip2
On Debian/Ubuntu/Linux Mint
# apt-get update && apt-get upgrade
# apt-get install nano wget bzip2

2. Because this box acts like a Mail Server, a static IP needs to be configured on Network Interface. To add a static IP open and edit your NIC configurations file located on /etc/sysconfig/network-scripts/ path and add the following values.

On RHEL/CentOS/Scientific Linux
# nano /etc/sysconfig/network-scripts/ifcfg-eth0

Use this file as a template and replace it with your customize values.

DEVICE="eth0"
BOOTPROTO="static"
HWADDR="00:0C:29:01:99:E8"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="7345dd1d-f280-4b9b-a760-50208c3ef558"
NAME="eth0"
IPADDR=192.168.1.40
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
Setup Static IP Address

Setup Static IP Address

After you finish editing your NIC file, open network file from the same location as above and add your server unqualified hostname on HOSTNAME directive.

# nano /etc/sysconfig/network-scripts/network
Setup System Hostname

Setup System Hostname

On Debian/Ubuntu/Linux Mint
# nano /etc/network/interfaces

Replace following values with your settings.

auto eth0
iface eth0 inet static
  address 192.168.1.40
  netmask 255.255.255.0
  gateway 192.168.1.1
  dns-nameservers 192.168.1.1
  dns-search 8.8.8.8

Once, you finish with your network file, now add your hostname in /etc/hostname file.

# nano /etc/hostnames

3. Then open /etc/resolv.conf file and append your DNS IP servers system wide like in the screenshot below.

# nano /etc/resolv.conf

Add the following content with your favorite name servers.

search mydomain.lan
nameserver 8.8.8.8
nameserver 8.8.8.8
Add DNS Entries

Add DNS Entries

4. After all the configurations above had been written to their corresponding files restart your network service to apply newly configurations and verify it using ping and ifconfig commands.

# service network restart	[On RedHat based systems]

# service networking restart	[On Debian based systems]
Restart Network Services

Restart Network Services

# ifconfig
Verify Network

Verify Network

5. Now that your static network is fully operational, edit /etc/hosts file and add your unqualified and FQDN hostname like the example below.

# nano /etc/hosts
127.0.0.1   centos.mydomain.lan centos localhost localhost.localdomain
192.168.1.40 centos.mydomain.lan centos
Add System Hostname

Add System Hostname

To verify your hostname configuration issue, run hostname and hostname –f commands.

# hostname
# hostname -f
Verify System Hostname

Verify System Hostname

6. Another useful package is bash-completion (auto-complete commands sequence using [Tab] key) which is provided by EPEL repository under RedHat based systems and then update your sources.

On RHEL/CentOS/Scientific Linux
# rpm –Uvh http://fedora.mirrors.romtelecom.ro/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# yum repolist && yum upgrade
Install Epel Repository

Install Epel Repository

After your sources had been updated install bash-completion utility (answer Yes on all questions).

# yum install bash-completion
Install Bash Completion in CentOS

Install Bash Completion

On Debian/Ubuntu/Linux Mint

The bash-completion package under Debian based systems can be easily installed using following command.

# apt-get install bash-completion

7. The last step is to add a system user with root privileges. First add the user and setup its password.

# adduser your_user
# passwd your_user
Add New User

Add New User

After your user has been added, open /etc/sudoers file and uncomment %wheel group, then add your newly created user to wheel group.

# nano /etc/sudoers

Search and uncomment wheel group line to look like this.

%wheel                ALL=(ALL)            ALL
Add User to Sudoers

Add User to Sudoers

Close the file and add your user to wheel group issuing the following command.

# usermod -aG wheel your_user
Add User to Wheel Group

Add User to Wheel Group

8. Before we can start download and install iRedMail software, reboot your system, then login with your newly created user and make sure everything is fully functional.

Login With New User

Login With New User

Step 2: Install iRedMail

9. In order to downlad iRedMail archive package you must visit it’s official download page section or you can use wget command to download the last version ( 0.8.7 at the time of writing this article).

# wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.7.tar.bz2
Download IRedMail

Download IRedMail

10. After iRedMail archive download finishes, extract it using the following command.

# tar xvjf iRedMail-0.8.7.tar.bz2

11. Then enter newly extracted iRedMail directory path, mark iRedMail.sh script with executable permissions then run it.

# cd iRedMail-0.8.7
# chmod +x iRedMail.sh
# sudo ./iRedMail.sh

12. After initial system checks the program starts adding required repository then the first guidance prompt asks you whether you wish to continue with installation or abort. Choose Yes to continue.

Initial System Checks

Initial System Checks

Downloading iRedMail Packages

Downloading iRedMail Packages

Click Yes to Confirm Installation

Click Yes to Confirm Installation

13. iRedMail uses Maildir format to store e-mails on /var/vmail system path where it creates separated directories for every domain that you append to your MTA server. If you’re comfortable with this path hit Next to move forward with server configurations else provide your desired location then Next.

Enter Mailbox User Path

Enter Mailbox User Path

14. On the next step choose you preferred database to store mail domains names and recipients that will connect to Postfix. This tutorial focuses on MySQL database, so choose MySQL using [Space] bar then continue with Next and provide a strong password for MySQL root account.

Select MySQL Database

Select MySQL Database

Set MySQL Administrative Password

Set MySQL Administrative Password

15. On the next step add your first virtual domain name. If you own a registered domain name added here (add just the domain name not system FQDN).

Add Virtual Domain Name

Add Virtual Domain Name

16. By default iRedAdmin creates an administrative user with full powers over your server that can be accessed through iRedAdmin panel or through Dovecot protocols (default Roundcube webmail interface or any other IMAP/POP MUA software like SquirrelMail, Rainloop, Microsoft Outlook, Mozilla Thunderbird, Evolution, Mutt, Elm etc ).

Also this postmaster administrative account is used by the system to report incidents related to mail functions or other system failures or useful information – logwatch usually sends its statistics here- so choose a strong password and continue with Next.

Enter iRedMail Administrative Password

Enter iRedMail Administrative Password

17. On the next step choose your other mail server components like iRedAdmin official administrative panel to Postfix, DKIM domain keys – ( adds a signature to message header evaluating message trust for final delivery or further relays), Roundcube default webmail interface ( if you plan to use other Mail Delivery Agent skip Roundcube ), PhpMyadmin (if you are comfortable with MySQL command line you should also skip installing PhpMyAdmin ), Awstats ( useful log statistics and analyzer ), Fail2ban ( protects your server from brute force attacks).

Select Optional Components

Select Optional Components

18. On next series of questions, depending on your optional components installed you should answer with Yes. Pay extra attention to iRedMail.tips file located on $HOME extracted directory because it contains sensitive mail server information like usernames and passwords for server applications, server configurations files, default URL and other important information.

iRedMail Configuration Completed

iRedMail Configuration Completed

iRedMail Configuration Packages

iRedMail Configuration Packages

iRedMail Installation Process

iRedMail Installation Process

19. After installation finishes reboot your system and verify iRedmail.tips file to see your server default settings – you should move this file to a secure system path with 600 permissions on it.

Verify iRedmail.tips File

Verify iRedmail.tips File

Verify Server Default Settings

Verify Server Default Settings

20. Access default web applications on the following URLs.

  1. Roundcube Webmail – https://domain_name or server_IP/mail/
  2. IRedAdmin panel – https://domain_name or server_IP/iredadmin/
  3. PhpMyadmin – https://domain_name or server_IP /phpmyadmin/
  4. Awstats – https://domain_name or server_IP/awstats/awstats.pl?config=web (or ?config=smtp)
  5. Policyd anti-spam plugin – https://domain_name or server_IP/cluebringer/

Step 3: Initial Webmail Configurations

21. iRedAdmin administrative panel offers a basic webmail interface where you can add virtual domains and accounts for your mail server that Postfix can handle through MySQL backend. To login to iRedAdmin panel point your browser to https://domain_name/iredadmin/ or https://server_IP/iredadmin/ URL and use the following default credentials.

  1. Username: [email protected]_domain_name.tld
  2. Password: postmaster password set on #16 point
iRedAdmin Administrative Panel

iRedAdmin Administrative Panel

22. To add a user navigate to Add -> User then provide your desired username mail address and password. You can also setup the amount of space your user Mailbox can handle with Quota and you can also promote users with administrative powers over iRedAdmin panel by Marking user as Global admin.

Add a New Mail User

Add a New Mail User

User Profile Settings

User Profile Settings

Add Another Mail User

Add Another Mail User

Domain User Email List

Domain User Email List

23. Reading users email is provided by Roundcube web interface. To access it navigate to https://domain_name/mail or https://server_IP/mail/ URL and supply your mail account credentials in the form of [email protected].

Accessing the default administrative mail account postmaster you will find two initial emails, one of them including your server sensitive information. From here you can now read emails, compose and send mails to other domain users.

Login to Roundcube Webmail

Login to Roundcube Webmail

User Mail Interface

User Mail Interface

Verify Sending a Mail

Verify Sending a Mail

Confirm Received Mail

Confirm Received Mail

24. To access server Policyd anti-spam policy navigate to https://domain_name/cluebringer or https://server_IP/cluebringer/ and provide the following credentials.

  1. User Name: [email protected]
  2. Password: postmaster password
Login to Policyd anti-spam Policy

Login to Policyd anti-spam Policy

Policyd Web Administration

Policyd Web Administration

25. To view your mail server statistics navigate to https://mydomain.lan/awstats/awstats.pl/?config=smtp or https://mydomain.lan/awstats/awstats.pl and use the following credentials.

  1. User Name: [email protected]
  2. Password: postmaster password
Login to Awstats

Login to Awstats

View Mail Server Statistics

View Mail Server Statistics

Mail Server Monthly History

Mail Server Monthly History

26. If you want to check your server’s opened connections and listening daemon state with their afferent sockets issue the following commands.

# netstat -tulpn   ## numerical view
# netstat -tulp    ## semantic view
Check Server Open Connections

Check Server Open Connections

Check Server Listening Daemons

Check Server Listening Daemons

27. To debug other problems with mail transactions or view your server live working you can use the following commands.

# tailf /var/log/maillog   ## visualize mail logs in real time
# mailq    		   ##  inspect mail queue
# telnet    		   ## test your server protocols and security form a different location
# nmap                     ## scan your server opened connections from different locations
Visualize Mail Logs in Real Time

Visualize Mail Logs in Real Time

Check Server Status

Check Server Status

28. Now you have deployed a full mail environment, the only thing that is missing, at least on this topic is a valid domain name with a MX DNS record to receive mail from other internet domains but local SMTP server can and will relay mail on other Internet valid domains so pay extra attention who you send mails because you can get into illegal problems with your ISP.

From the screenshot below you can see that I have send an email from my local non-valid domain to one of my google.com accounts and the email was successfully received by my google account.

Verify Outgoing Mails

Verify Outgoing Mails

Unlike other network services where you install and forget about them for a long time managing a mail server is a continuous hard work due to mail service related problems like SPAM, open relay and message bounces.

Reference Links

iRedMail Homepage

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

31 Responses

  1. Cesar says:

    Hello dude;

    I have a full operational iredmail site, now I want to have multiples mail domains, can I do this with only one server and only one static ip address?

  2. edmon says:

    Can you create a tutorial regarding DNS and MX Records? I just finished setting up my iredadmin server and I don’t know what to do next. Just like yours, I can receive emails from roundcube to gmail but it is in the spam area. I just need to reply back from gmail to roundcube but I guess that’s where the MX Records will come into play. Thanks!

    • Matei Cezar says:

      You must buy a public domain and use the registar name servers or setup your own dns server. Then you add the a,mx and spf records

  3. MZ says:

    Thanks for the tip about changing iredadmin.tips to 600. I was going to delete it, but iRedAdmin told me it’s best not to. Glad that now nobody can read the document but the server/STFP itself.

  4. Matei Cezar says:

    centos.mydomain.lan in my case is a CNAME that points to the same IP as the mail server. In this tutorial i have no MX record setup whatsoever!
    so what you actually domain here? adiss.com.my ? in that case the A or CNAME record must point to host where the mail is installed in order to be able to browse adiss.com.my/mail url. (ex: adiss.com.my IN a 10.0.0.1; IN MX 10 adiss.com.my)

  5. dwijadas says:

    Hi,

    Thanks for such wonderful and detailed tutorial. I am little lost in host setup and MX record setup.

    In the screenshot under step 19, the webmail URL is

    https://centos.mydomain.lan/mail

    But in step 20, its mentioned that

    Roundcube Webmail – https://domain_name or server_IP/mail/

    if my domain is adiss.com.my and I want my user to be able to access mail using adiss.com.my/mail

    What should be the host setup ? how the screenshot under Step 19 look like ?

    What would be my ideal MX record for this scenario ?

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.