Install ‘iRedMail’ (Fully Featured Mail Server) with Virtual Domains, Webmail, SpamAssassin & ClamAV in Linux

After HTTP and shadow DNS services, mail (SMTP, POP, IMAP and all related encrypted mail protocols) is one of the most used service in Internet, and also, one of the most sensible, due to spam and open-relay mail servers.

Install iRedMail in Linux
Install iRedMail in Linux

This tutorial will guide you through installing a full mail server with MTA, MDA and MUA software in a few minutes on RHEL, CentOS, Scientific Linux and Debian, Ubuntu, Linux Mint with Postfix, Virtual Domains and Users with MySQL, Dovecot – support for POP3/POP3S, IMAP/IMAPS, Roundcube – Webmail and also, mail spam and virus scanning with SpamAssassin and ClamAV, all installed using a single software package called ‘iRedMail’.

What is iRedMail

iRedMail is an Open Source full featured mail server solution that can spare a lot of time for system administrators for complex configurations, has support for all major Linux distributions and ships with the following Linux packages.

  1. Postfix: SMTP service – default MTA.
  2. Dovecot: POP3/POP3S, IMAP/IMAPS, Managesieve service – default MDA.
  3. Apache: Web server.
  4. MySQL/PostgreSQL: Storing application data and/or mail accounts.
  5. OpenLDAP: Storing mail accounts.
  6. Policyd: Postfix policy server.
  7. Amavisd: An interface between Postfix and SpamAssassin, ClamAV. Used for spam and virus scanning.
  8. Roundcube: Webmail – default MUA.
  9. Awstats: Apache and Postfix log analyzer.
  10. Fail2ban: scans log files (e.g. /var/log/maillog) and bans IPs that show malicious system attempts.

Requirements

  1. CentOS 6.5 minimal installation – CentOS 6.5 Installation Guide
  2. A valid DNS MX record that points to your mail server responsible for your domain name.

Also, this tutorial is designed for testing and learning purposes only and does not use a valid MX records, nor a valid DNS domain mane, all of configurations are made locally using virtual recipients with MySQL (can receive or send mail between local domain users only – local domain name provided from hosts file) but be aware that, although our system can’t receive mails from internet domains, it can actually relay mails to those domain mail servers through Postfix MTA, even if you reside on a private IP address space, with no valid MX record and using a fictional domain, so pay much attention to what you’re doing.

Step 1: Initial Configurations and Static IP Address

1. After first reboot login with your root account and make sure your system is up to date and install some useful packages needed for later usage.

On RHEL/CentOS/Scientific Linux
# yum update && yum upgrade
# yum install nano wget bzip2
On Debian/Ubuntu/Linux Mint
# apt-get update && apt-get upgrade
# apt-get install nano wget bzip2

2. Because this box acts like a Mail Server, a static IP needs to be configured on Network Interface. To add a static IP open and edit your NIC configurations file located on /etc/sysconfig/network-scripts/ path and add the following values.

On RHEL/CentOS/Scientific Linux
# nano /etc/sysconfig/network-scripts/ifcfg-eth0

Use this file as a template and replace it with your customize values.

DEVICE="eth0"
BOOTPROTO="static"
HWADDR="00:0C:29:01:99:E8"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="7345dd1d-f280-4b9b-a760-50208c3ef558"
NAME="eth0"
IPADDR=192.168.1.40
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
Setup Static IP Address
Setup Static IP Address

After you finish editing your NIC file, open network file from the same location as above and add your server unqualified hostname on HOSTNAME directive.

# nano /etc/sysconfig/network-scripts/network
Setup System Hostname
Setup System Hostname
On Debian/Ubuntu/Linux Mint
# nano /etc/network/interfaces

Replace following values with your settings.

auto eth0
iface eth0 inet static
  address 192.168.1.40
  netmask 255.255.255.0
  gateway 192.168.1.1
  dns-nameservers 192.168.1.1
  dns-search 8.8.8.8

Once, you finish with your network file, now add your hostname in /etc/hostname file.

# nano /etc/hostnames

3. Then open /etc/resolv.conf file and append your DNS IP servers system wide like in the screenshot below.

# nano /etc/resolv.conf

Add the following content with your favorite name servers.

search mydomain.lan
nameserver 8.8.8.8
nameserver 8.8.8.8
Add DNS Entries
Add DNS Entries

4. After all the configurations above had been written to their corresponding files restart your network service to apply newly configurations and verify it using ping and ifconfig commands.

# service network restart	[On RedHat based systems]

# service networking restart	[On Debian based systems]
Restart Network Services
Restart Network Services
# ifconfig
Verify Network
Verify Network

5. Now that your static network is fully operational, edit /etc/hosts file and add your unqualified and FQDN hostname like the example below.

# nano /etc/hosts
127.0.0.1   centos.mydomain.lan centos localhost localhost.localdomain
192.168.1.40 centos.mydomain.lan centos
Add System Hostname
Add System Hostname

To verify your hostname configuration issue, run hostname and hostname –f commands.

# hostname
# hostname -f
Verify System Hostname
Verify System Hostname

6. Another useful package is bash-completion (auto-complete commands sequence using [Tab] key) which is provided by EPEL repository under RedHat based systems and then update your sources.

On RHEL/CentOS/Scientific Linux
# rpm –Uvh http://fedora.mirrors.romtelecom.ro/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# yum repolist && yum upgrade
Install Epel Repository
Install Epel Repository

After your sources had been updated install bash-completion utility (answer Yes on all questions).

# yum install bash-completion
Install Bash Completion in CentOS
Install Bash Completion
On Debian/Ubuntu/Linux Mint

The bash-completion package under Debian based systems can be easily installed using following command.

# apt-get install bash-completion

7. The last step is to add a system user with root privileges. First add the user and setup its password.

# adduser your_user
# passwd your_user
Add New User
Add New User

After your user has been added, open /etc/sudoers file and uncomment %wheel group, then add your newly created user to wheel group.

# nano /etc/sudoers

Search and uncomment wheel group line to look like this.

%wheel                ALL=(ALL)            ALL
Add User to Sudoers
Add User to Sudoers

Close the file and add your user to wheel group issuing the following command.

# usermod -aG wheel your_user
Add User to Wheel Group
Add User to Wheel Group

8. Before we can start download and install iRedMail software, reboot your system, then login with your newly created user and make sure everything is fully functional.

Login With New User
Login With New User

Step 2: Install iRedMail

9. In order to downlad iRedMail archive package you must visit it’s official download page section or you can use wget command to download the last version ( 0.8.7 at the time of writing this article).

# wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.7.tar.bz2
Download IRedMail
Download IRedMail

10. After iRedMail archive download finishes, extract it using the following command.

# tar xvjf iRedMail-0.8.7.tar.bz2

11. Then enter newly extracted iRedMail directory path, mark iRedMail.sh script with executable permissions then run it.

# cd iRedMail-0.8.7
# chmod +x iRedMail.sh
# sudo ./iRedMail.sh

12. After initial system checks the program starts adding required repository then the first guidance prompt asks you whether you wish to continue with installation or abort. Choose Yes to continue.

Initial System Checks
Initial System Checks
Downloading iRedMail Packages
Downloading iRedMail Packages
Click Yes to Confirm Installation
Click Yes to Confirm Installation

13. iRedMail uses Maildir format to store e-mails on /var/vmail system path where it creates separated directories for every domain that you append to your MTA server. If you’re comfortable with this path hit Next to move forward with server configurations else provide your desired location then Next.

Enter Mailbox User Path
Enter Mailbox User Path

14. On the next step choose you preferred database to store mail domains names and recipients that will connect to Postfix. This tutorial focuses on MySQL database, so choose MySQL using [Space] bar then continue with Next and provide a strong password for MySQL root account.

Select MySQL Database
Select MySQL Database
Set MySQL Administrative Password
Set MySQL Administrative Password

15. On the next step add your first virtual domain name. If you own a registered domain name added here (add just the domain name not system FQDN).

Add Virtual Domain Name
Add Virtual Domain Name

16. By default iRedAdmin creates an administrative user with full powers over your server that can be accessed through iRedAdmin panel or through Dovecot protocols (default Roundcube webmail interface or any other IMAP/POP MUA software like SquirrelMail, Rainloop, Microsoft Outlook, Mozilla Thunderbird, Evolution, Mutt, Elm etc ).

Also this postmaster administrative account is used by the system to report incidents related to mail functions or other system failures or useful information – logwatch usually sends its statistics here- so choose a strong password and continue with Next.

Enter iRedMail Administrative Password
Enter iRedMail Administrative Password

17. On the next step choose your other mail server components like iRedAdmin official administrative panel to Postfix, DKIM domain keys – ( adds a signature to message header evaluating message trust for final delivery or further relays), Roundcube default webmail interface ( if you plan to use other Mail Delivery Agent skip Roundcube ), PhpMyadmin (if you are comfortable with MySQL command line you should also skip installing PhpMyAdmin ), Awstats ( useful log statistics and analyzer ), Fail2ban ( protects your server from brute force attacks).

Select Optional Components
Select Optional Components

18. On next series of questions, depending on your optional components installed you should answer with Yes. Pay extra attention to iRedMail.tips file located on $HOME extracted directory because it contains sensitive mail server information like usernames and passwords for server applications, server configurations files, default URL and other important information.

iRedMail Configuration Completed
iRedMail Configuration Completed
iRedMail Configuration Packages
iRedMail Configuration Packages
iRedMail Installation Process
iRedMail Installation Process

19. After installation finishes reboot your system and verify iRedmail.tips file to see your server default settings – you should move this file to a secure system path with 600 permissions on it.

Verify iRedmail.tips File
Verify iRedmail.tips File
Verify Server Default Settings
Verify Server Default Settings

20. Access default web applications on the following URLs.

  1. Roundcube Webmail – https://domain_name or server_IP/mail/
  2. IRedAdmin panel – https://domain_name or server_IP/iredadmin/
  3. PhpMyadmin – https://domain_name or server_IP /phpmyadmin/
  4. Awstats – https://domain_name or server_IP/awstats/awstats.pl?config=web (or ?config=smtp)
  5. Policyd anti-spam plugin – https://domain_name or server_IP/cluebringer/

Step 3: Initial Webmail Configurations

21. iRedAdmin administrative panel offers a basic webmail interface where you can add virtual domains and accounts for your mail server that Postfix can handle through MySQL backend. To login to iRedAdmin panel point your browser to https://domain_name/iredadmin/ or https://server_IP/iredadmin/ URL and use the following default credentials.

  1. Username: postmaster@your_domain_name.tld
  2. Password: postmaster password set on #16 point
iRedAdmin Administrative Panel
iRedAdmin Administrative Panel

22. To add a user navigate to Add -> User then provide your desired username mail address and password. You can also setup the amount of space your user Mailbox can handle with Quota and you can also promote users with administrative powers over iRedAdmin panel by Marking user as Global admin.

Add a New Mail User
Add a New Mail User
User Profile Settings
User Profile Settings
Add Another Mail User
Add Another Mail User
Domain User Email List
Domain User Email List

23. Reading users email is provided by Roundcube web interface. To access it navigate to https://domain_name/mail or https://server_IP/mail/ URL and supply your mail account credentials in the form of [email protected].

Accessing the default administrative mail account postmaster you will find two initial emails, one of them including your server sensitive information. From here you can now read emails, compose and send mails to other domain users.

Login to Roundcube Webmail
Login to Roundcube Webmail
User Mail Interface
User Mail Interface
Verify Sending a Mail
Verify Sending a Mail
Confirm Received Mail
Confirm Received Mail

24. To access server Policyd anti-spam policy navigate to https://domain_name/cluebringer or https://server_IP/cluebringer/ and provide the following credentials.

  1. User Name: [email protected]
  2. Password: postmaster password
Login to Policyd anti-spam Policy
Login to Policyd anti-spam Policy
Policyd Web Administration
Policyd Web Administration

25. To view your mail server statistics navigate to https://mydomain.lan/awstats/awstats.pl/?config=smtp or https://mydomain.lan/awstats/awstats.pl and use the following credentials.

  1. User Name: [email protected]
  2. Password: postmaster password
Login to Awstats
Login to Awstats
View Mail Server Statistics
View Mail Server Statistics
Mail Server Monthly History
Mail Server Monthly History

26. If you want to check your server’s opened connections and listening daemon state with their afferent sockets issue the following commands.

# netstat -tulpn   ## numerical view
# netstat -tulp    ## semantic view
Check Server Open Connections
Check Server Open Connections
Check Server Listening Daemons
Check Server Listening Daemons

27. To debug other problems with mail transactions or view your server live working you can use the following commands.

# tailf /var/log/maillog   ## visualize mail logs in real time
# mailq    		   ##  inspect mail queue
# telnet    		   ## test your server protocols and security form a different location
# nmap                     ## scan your server opened connections from different locations
Visualize Mail Logs in Real Time
Visualize Mail Logs in Real Time
Check Server Status
Check Server Status

28. Now you have deployed a full mail environment, the only thing that is missing, at least on this topic is a valid domain name with a MX DNS record to receive mail from other internet domains but local SMTP server can and will relay mail on other Internet valid domains so pay extra attention who you send mails because you can get into illegal problems with your ISP.

From the screenshot below you can see that I have send an email from my local non-valid domain to one of my google.com accounts and the email was successfully received by my google account.

Verify Outgoing Mails
Verify Outgoing Mails

Unlike other network services where you install and forget about them for a long time managing a mail server is a continuous hard work due to mail service related problems like SPAM, open relay and message bounces.

Reference Links

iRedMail Homepage

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Matei Cezar
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

32 Comments

Leave a Reply
  1. Hi,

    Need to help for how to setup snipe it tool email notification from Roundcube mail server ( Done only internal mail communication), what and which setting needs to be done Roundcube server

    Reply
  2. Hello dude;

    I have a full operational iredmail site, now I want to have multiples mail domains, can I do this with only one server and only one static ip address?

    Reply
  3. Can you create a tutorial regarding DNS and MX Records? I just finished setting up my iredadmin server and I don’t know what to do next. Just like yours, I can receive emails from roundcube to gmail but it is in the spam area. I just need to reply back from gmail to roundcube but I guess that’s where the MX Records will come into play. Thanks!

    Reply
    • You must buy a public domain and use the registar name servers or setup your own dns server. Then you add the a,mx and spf records

      Reply
  4. Thanks for the tip about changing iredadmin.tips to 600. I was going to delete it, but iRedAdmin told me it’s best not to. Glad that now nobody can read the document but the server/STFP itself.

    Reply
  5. centos.mydomain.lan in my case is a CNAME that points to the same IP as the mail server. In this tutorial i have no MX record setup whatsoever!
    so what you actually domain here? adiss.com.my ? in that case the A or CNAME record must point to host where the mail is installed in order to be able to browse adiss.com.my/mail url. (ex: adiss.com.my IN a 10.0.0.1; IN MX 10 adiss.com.my)

    Reply
  6. Hi,

    Thanks for such wonderful and detailed tutorial. I am little lost in host setup and MX record setup.

    In the screenshot under step 19, the webmail URL is

    https://centos.mydomain.lan/mail

    But in step 20, its mentioned that

    Roundcube Webmail – https://domain_name or server_IP/mail/

    if my domain is adiss.com.my and I want my user to be able to access mail using adiss.com.my/mail

    What should be the host setup ? how the screenshot under Step 19 look like ?

    What would be my ideal MX record for this scenario ?

    Reply
  7. Hi, I found your post very informative. I’ve setup iRedMail and it can send email within its domain. How can I make it communicate with other domains such as yahoo, gmail and others.
    Thank You so much in advance.

    Reply
    • You mean you want to send and receive mail from public domains? You must buy and register a public domain name and add the proper DNS records on the domain registrar or your DNS provider or your own DNS Server (A, MX, SPF, PTR and DKIM) to pint to your mail server host.

      Reply
  8. @Ruso: Edit /etc/postfix/main.conf and change myhostname and mydestination directives parameteres mo match your domain, then restart postfix. Also verify system hostname and change it if it’s the case by running /etc/hostname and /etc/hosts.

    Reply
    • @Django,
      Yes, it should work with CentOS 7, I think you should give a try…..If it didn’t worked out, udpate us.will include the instructions for CentOS 7 too…

      Reply
  9. Hi,

    Can you help me with my problem. I installed iredmail on a server and is doing great. I also configured it with ssl so that when I access mail.firstdomain.com it goes straight to roundcube.

    Now I added a new virtual domain which is mail.seconddomain.com. it is working fine but the ssl it is using is still from firstdomain.com.

    It would really be nice if I can use this domains ssl cert.

    Reply
  10. Do you mind if I quote a couple of your articles as long as I provide credit and sources back to
    your webpage? My blog is in the exact same area of interest as yours and my users would truly benefit from some of the information you provide
    here. Please let me know if this okay with you. Regards!

    Reply
  11. @Tom: You must edit apache configration files and create virtual hosts for mail services to act as subdomains….something like mail.mydomain.com.

    Reply
  12. oops… seems I left out a few more steps. Your instructions worked without a hitch… I didn’t setup httpd… Thanks for the iRedMail install.

    Reply
  13. Worked great… but, I also want to use the same vps to act as webserver… if I go to mydomain.com, I am redirected to mydomain.com/mail
    I am new at this… any suggestions?

    Reply
  14. HI Matei Cezar,

    You had a very good write up and then really saved my day on configuring iRedmail.
    Thumbs up.

    One comment is there is some problem in running the setup even when the /etc/hosts is properly entered. I finally figure out it should be done in /etc/sysconfig/network

    I saw one comment from “no names” and I think the comment is not fair. May be he does not know what he is talking about.

    Keep up your good work !!

    Reply
  15. The postmaster account it’s created on installation with the default domain…you shouldn’t delete default domain…just add other domains…why did you delete the default domain?
    If you created other accounts on domain2 you should, at least, grant one account with administrative permissions and try to login with that account.
    But to avoid other errors you should make up your mind with a default domain and reinstall from scratch iRedMail – and don’t delete the domain after.

    Reply
    • Thanks for yr quick reply is there any option to change my password of postmaster for the default account after installation it again from the scrach. And suppose if i doesn’t install LDAP suppose i install only mysql. And I am trying to implement it for production. So will there be a option to add 100-150 user from iredadmin with a .csv file to create those user at a time….
      Please reply as I will be waiting for it.

      Reply
  16. @ Matei Cezar thanks for the great tutorial. But I need a help from you. That is in the link https://my-ip-address/iredadmin when i logged in with
    u-name — [email protected]
    passwd — password of postmaster

    and successfully logged in, then I deleted my mydomain1.com and created my new mydomain2.com and under that and created 4-5 users and logged out but unable to login to the link — https://my-ip-address/iredadmin
    u-name — [email protected]
    passwd — password of postmaster

    So my request is to how can I impliment the password for [email protected] so that I can login again to the iredadmin.

    Reply
  17. The sudo accounts where made up just for security reasons ….so what you suggest here that if this sudo account is compromised is the same thing as if the very own root account is compromised. It can actually give extended security features because if you use ssh to remotely access you server, disabling root account on SSH is a security measure because the forger must also guest your login account besides your password.

    Reply
  18. PLEASE – if you are going to provide “Here’s How To Do It” type articles, please make sure you are teaching people to install things securely.

    Nowhere in your article, do you suggest removing the sudo access from the user that they set up to install iRedMail, nor removing it from the wheel group.

    Servers should ALWAYS be set up with least required access. If the account is compromised, then root on this machine is compromised as well, since sudo allows this user to run ANYTHING as root. (including sending *ALL* your mail somewhere else, or copying any of your confidential files / databases, etc, to someone else)

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.