This series of tutorials will guide you on how to integrate iRedMail installed on a CentOS 7 machine with a Samba4 Active Directory Domain Controller in order for domain accounts to send or receive mail via Thunderbird desktop client or via Roundcube web interface.
The CentOS 7 server where iRedMail will be installed will allow SMTP or mail routing services via ports 25 and 587 and will also serve as a mail delivery agent through Dovecot, providing POP3 and IMAP services, both secured with self-signed certificates issued on the installation process.
The recipient mailboxes will be stored on the same CentOS server along with the webmail user agent provided by Roundcube. Samba4 Active Directory will be used by iRedMail to query and authenticate recipient accounts against the realm, to create mail lists with the help of Active Directory groups and to control the mail accounts via Samba4 AD DC.
Step 1: Install iRedMail in CentOS 7
1. Before starting with iRedMail installation first make sure you have a fresh CentOS 7 operating system installed on your machine using the instructions provided by this guide:
2. Also, assure that the system is up-to-date with the latest security and packages updates by issuing the below command.
# yum update
3. The system will also need a FQDN hostname set by issuing the below command. Replace
mail.tecmint.lan variable with your own custom FQDN.
# hostnamectl set-hostname mail.tecmint.lan
Verify system hostname with the below commands.
# hostname -s # Short name # hostname -f # FQDN # hostname -d # Domain # cat /etc/hostname # Verify it with cat command
4. Map the machine FQDN and short name against the machine loopback IP address by manually editing
/etc/hosts file. Add the values as illustrated below and replace
mail.tecmint.lan and mail values accordingly.
127.0.0.1 mail.tecmint.lan mail localhost localhost.localdomain
5. iRedMail technicians recommends that SELinux should be completely disabled. Disable SELinux by editing /etc/selinux/config file and set SELINUX parameter from
disabled as illustrated below.
Reboot the machine to apply new SELinux policies or run setenforce with 0 parameter to force SELinux to instantly disable.
# reboot OR # setenforce 0
6. Next, install the following packages that will come in-handy later for system administration:
# yum install bzip2 net-tools bash-completion wget
7. In order to install iRedMail, first go to the download page http://www.iredmail.org/download.html and grab the latest archive version of the software by issuing the below command.
# wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.6.tar.bz2
8. After the download finishes, extract the compressed archive and enter the extracted iRedMail directory by issuing the following commands.
# tar xjf iRedMail-0.9.6.tar.bz2 # cd iRedMail-0.9.6/ # ls
9. Start the installation process by executing iRedMail shell script with the following command. From now on a series of questions will be asked by the installer.
# bash iRedMail.sh
10. On the first welcome prompt hit on
Yes to proceed further with the installation.
11. Next, choose the location where all the mail will be stored. The default directory that iRedMail uses to store mailboxes is
/var/vmail/ system path.
If this directory is located under a partition with enough storage to host mail for all your domain accounts then hit on Next to continue.
Otherwise change the default location with a different directory in case if you’ve configured a larger partition dedicated to mail storage.
12. On the next step choose the frontend web server through which you will interact with iRedMail. iRedMail administration panel will be completely disabled later, so we will use the frontend web server only to access accounts mail via Roundcube web panel.
If you don’t have thousands of mail accounts per hour accessing the webmail interface you should go with Apache web server do to its flexibility and easy management.
13. On this step choose OpenLDAP backend database for compatibility reasons with Samba4 domain controller and hit Next to continue, although we won’t use this OpenLDAP database later once we’ll integrate iRedMail to Samba domain controller.
14. Next, specify your Samba4 domain name for LDAP suffix as illustrated on the image below and hit Next to continue.
15. On the next prompt enter your domain name only and hit Next to move on. Replace
tecmint.lan value accordingly.
16. Now, setup a password for
[email protected] administrator and hit Next to continue.
17. Next, choose from the list the optional components you want to integrate with your mail server. I strongly recommend to install Roundcube in order to provide a web interface for domain accounts to access mail, although Roundcube can be installed and configured on a different machine for this task in order to free mail server resources in case of high loads.
For local domains with restricted internet access and especially while we’re using domain integration the other components are not very useful, except Awstats in case you need mail analysis.
18. On the next review screen type
Y in order to apply configuration and start the installation process.
19. Finally, accept iRedMail scripts to automatically configure your machine firewall and MySQL configuration file by typing yes for all questions.
20. After the installation finishes the installer will provide some sensitive information, such as iRedAdmin credentials, web panel URL addresses and the file location with all parameters used at the installation process.
Read the displayed information above carefully and reboot the machine in order to enable all mail services by issuing the following command.
# init 6
21. After the system reboots, login with an account with root privileges or as root and list all network sockets and their associated programs your mail server listens on by issuing the following command.
From the socket list you will see that your mail server covers almost all services required by a mail server to properly function: SMTP/S, POP3/S, IMAP/S and antivirus along with spam protection.
# netstat -tulpn
22. In order to view the location of all configuration files iRedMail has modified and the credentials used by iRedMail during the installation process for database administration, mail admin account and other accounts, display the contents of iRedMail.tips file.
The file is located in the directory where you’ve initially extracted the installation archive. Be aware that you should move and protect this file because it contains sensitive information about your mail server.
# less iRedMail-0.9.6/iRedMail.tips
23. The file mentioned above which contain details about your mail server will also be automatically mailed to the mail server administrator account, represented by the postmaster account.
The webmail can be accessed securely via HTTPS protocol by typing your machine IP address in a browser. Accept the error generated in browser by the iRedMail self-signed web certificate and log in with the password chosen for [email protected]_domain.tld account during the initial installation. Read and store this e-mail to a safe mailbox.
That’s all! By now, you’ll have a full mail server configured on your premises which operates on its own, but not yet integrated with Samba4 Active Directory Domain Controller services.
On the next part we will see how to tamper iRedMail services (postfix, dovecot and roundcube configuration files) in order to query domain accounts, send, receive and read mail.