How to Install iRedMail on CentOS 7 for Samba4 AD Integration – Part 10

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

14 Responses

  1. Gabriel says:

    Hello, how you add new e-mail adress ?Thank you

    • Matei Cezar says:

      You add user to AD server. The AD database will be queried by the mail server.

      • Iulian Murgulet says:

        … like postmaster user mention by you at point 16? OR without this user in AD we can finish the ssetup ?

        • Matei Cezar says:

          That user is just a local user used by iRedMail to manage the mail system. Once you’ll be integrated into AD you won’t need or ever use this local postmaster user to maintain accounts database. All your accounts will be managed from Samba Active Directory.

  2. Matei Cezar says:

    It works with as many users your AD has defined, no limit so far. This design is destined for LANs access only. You can setup a domain such as to be accessed from LAN only, as long as the domain is not registered officially with a domain register. If you don’t want the mail system iredMail to read all mail users you can simply setup a OU or groups of users and query only those specific groups or OUs.

    • Iulian Murgulet says:

      Hello Matei, it would be nice to add this statement at the beginning of your tutorial – “This design is destined for LANs access only, and not to send/receive mails to/from Internet”, so anybody can understood this restriction from the beginning.

      Also if someone want to communicate with others Internet mail server. it is very possible to use a separate mail server (like a proxy), who can route mails to/from iredMail server to others Internet mail servers.

      This proxy mail server, will must know only the emails address used by iredMail, without any passwords. This kind of setup is very common for the guys who use Exchange (internal LAN mail server) and a postfix/what-ever as a proxy server.

      • Matei Cezar says:

        If you have a registered domain with a domain register behind a public IP address than you can use this setup to send/receive mail. The domain in this can is a private .local domain.

        • Iulian Murgulet says:

          Please try to use very specific terms, so I can be sure, when you speak about DNS domain, and when you speak about AD domain. These are different things. So if I understood correctly, you say, that we can have an AD domain like .local, and an DNS like

          • Matei Cezar says:

            No, I didn’t say that! I’ve said you can setup an AD with a private .local domain name or with a registered domain name such as .com domain. Anyway, AD domains work hand in hand with a DNS server.

          • Iulian Murgulet says:

            So, you say something like this:

            1. You can use iRedMail using ldap from an AD (private) like .local and send/receive emails to/from any Internet mail server (without any other services/servers, like a mail relay or whatever)
            2. You can use iRedMail using ldap from an AD like and send/receive emails from any Internet mail server(without any other services/servers, like a mail relay or whatever)

            For 2. I agree with you, it is possible, but like I said, if this AD is the only AD in this environment, it is not a very wise idea. Even if you create a separated OU only for persons who will use this mail server(in this case you will lose SingleSignOn advantage).

            For 1., yes I see many broken mail servers that were trying to send mail from an address like [email protected], or others funny things like this.

            Have a nice day Matei!

            What I am trying to say is the fact that any piece of software could be setup so it can work in many ways, but in some cases, it is not wise/secure to try something like this. You can for example to use a logon http page, it is working, but it is not safe, and sometimes you could have big problems if you use http instead of https.

  3. moon says:

    kindly clear me, how many users iRedmail 0.9.6 free version support, unlimited or limited users?

    one more thing, its working fine with windows 7 and via web access, but not working in windows xp with MS Outlook. any good suggestion for windows xp outlook client?

    • Iulian Murgulet says:

      If I remember (not so sure) you need some specific options in dovecot server. But if you can provide some logs from iredmail/dovecot/postfix, maybe I can help. What is not working (smtp and/or imap/pop), and how do you configure Faultlook (express or Mico?)

  4. Iulian Murgulet says:

    Thx Matei/ Multumesc Matei

    You forget to say the most important thing, like the fact, that this setup will work only in Lan, not over Internet. Or maybe you do not say that from your point of view, it is a good idea to have a AD like so this dns domain could be resolved from lan but also from internet.

    From my point of view this is very bad. Any AD must be resolve only from lan. Any Internet host must be resolved by any dns server connected on Internet. It is not a good idea to put all your eggs in the same basket ;)

    Also if my memory is ok, in a previous tutorial wrote by you, you say you need to use some un-exising dns domain name for AD. Now you have another opinion. From another point of view is not ok that any very secure system(mail is not) to read your ALL your AD users. But I can say your tutorial is very useful.

    Let say iredmail is ok, if you do not need nothing special… but if you want some simple things like … lets say a new transport entry in postfix, you must dig … and maybe you will find this not so easy.

    What is your test case? For 20 users is ok? Any iredmail must be warned. .. this is an elephant. Apache, Mysql, postfix, and so on.

    Do you need an elephant? Can you ?

Leave a Reply to Iulian Murgulet Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.