How to install iRedMail Email Server on Ubuntu 16.04

iRedMail is a free ,open source mail server solution. With iRedMail, one can deploy an OPEN SOURCE, FULL-FLEDGED, FULL-FEATURED mail server in few minutes.

I used to AWS EC2 instance (Ubuntu 16.04) for mail server creation.The iRedMail has a detailed commands to create mail server in Ubuntu. Here, I am giving you the way I implemented and some of the problems I have faced while creating the server.

Prerequisite : Buy a domain or create sub domain for your mail server from the DNS providers.

Step 1 : Provision an EC2 instance (minimum 2GB RAM) using AWS. Attach Security group to your EC2 instance and set following inbound rules as shown in the diagram. Ports are opened for IMAP/POP and SMTP server.

Step 2 : Now SSH into your server and follow the commands given in iRedMail to install mail server into your Ubuntu instance. Overall, iRedMail will make changes to your hostname, install database server, web server and web mail client into the machine.

Step 3 : After successfully installing your mail server please reboot your server . It is very important to reboot your server after installation.

Step 4 : Now if you hit the mail server URL , you should be able to see the login screen depending on the web mail client you installed (In my case , I installed roundcube).

Step 5 : Now , lets secure your server using Let’s encrypt. Run the following command to install Let’s encrypt in your server.

First add the repository.

$ sudo add-apt-repository ppa:certbot/certbot

You’ll need to press ENTER to accept. Then, update the package list to pick up the new repository's package information.

$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

I was using nginx server so I had installed certbot for nginx. Use the relevant command for your server.

Step 6 : There are two files in /etc/nginx/sites-available/ path, named “00-default.conf” and “00-default-ssl.conf”. Find the existing server_name line in 00-default.conf and replace the underscore, _ , with your domain name:

. . .
server_name hostname.in www.hostname.in;
. . .

Save the file and quit your editor.Then, verify the syntax of your configuration file.

$ sudo nginx -t

If you get any errors, reopen the “00-default.conf” file and check for typos, then test it again.Once your configuration’s syntax is correct, reload Nginx to load the new configuration.

$ sudo systemctl reload nginx

Now import the certificate using following command.

$ sudo certbot - nginx -d example.com -d hostname.in

Now certificate is added to your site. Here, if you are using nginx , it will modify the “00-default.conf” file and it would added the following lines.

listen 443 ssl; # managed by Certbot
 ssl_certificate /etc/letsencrypt/live/hostname.in/fullchain.pem; # managed by Certbot
 ssl_certificate_key /etc/letsencrypt/live/hostname.in/privkey.pem; # managed by Certbot
 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

Just cut those lines in “00-default.conf” and add those lines in “/etc/nginx/templates/ssl.tmpl” file. Also comment the cert keys added by iRedMail in the “ssl.tmpl” file. This is very important step.

This is how “00-default.conf” file should look like :

#
# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server {
    # Listen on ipv4
    listen 80;
# Listen on ipv6.
    # Note: this setting listens on both ipv4 and ipv6 with Nginx release
    #       shipped in some Linux/BSD distributions.
    #listen [::]:80;
server_name hostname.in;
    return 301 https://$host$request_uri;
}

SSL template file :

ssl on;
ssl_protocols TLSv1.2;
# Fix 'The Logjam Attack'.
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/ssl/dh2048_param.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# To use your own ssl cert (e.g. LetsEncrypt), please create symbol link to
# ssl cert/key used below, so that we can manage this config file with Ansible.
#
# For example:
#
# rm -f /etc/ssl/private/iRedMail.key
# rm -f /etc/ssl/certs/iRedMail.crt
# ln -s /etc/letsencrypt/live/<domain>/privkey.pem /etc/ssl/private/iRedMail.key
# ln -s /etc/letsencrypt/live/<domain>/fullchain.pem /etc/ssl/certs/iRedMail.crt
#
#ssl_certificate /etc/ssl/certs/iRedMail.crt;
#ssl_certificate_key /etc/ssl/private/iRedMail.key;
ssl_certificate /etc/letsencrypt/live/hostname.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hostname.in/privkey.pem;

Now the site has become secure. But, you might notice that if you send mails from your newly created server to others, it probably goes into their spam folder. And we don’t want that to happen. We want our mails to be dropped to people’s inbox.

Step 7: To prevent mail from going to into spam folder , three important things to be done.

Firstly, you must have a reverse DNS on the IP of the mail server. Secondly, you must setup DNS record for SPF. Thirdly, you must setup a DNS record for DKIM key.

Step 8 : To setup reverse DNS , ask your IP provider to set up one for you. If you are using AWS and IP (In this case , Elastic IP)is provided by AWS, please fill out this form mentioned in this link and submit to AWS.

Step 9 : To set up SPF record in DNS, login to your DNS provider site and set up TXT record for your site with value = “ v=spf1 ip4:<your ip address here> -all”.

Step 10 : To set up DKIM record, login to your mail server which you have created and look for the mail which have mentioned the values for DKIM record. DKIM record looks like following :

dkim._domainkey.iredmail.org. 3600 TXT ( "v=DKIM1; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaK" "txFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBok" "FcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5" "EV711qseo/omquskkwIDAQAB")

Now concatenate the value in “p” as single string. It would look something like this:

p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaKtxFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBokFcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5EV711qseo/omquskkwIDAQAB

Again go to your DNS provider site and create TXT record. Put host name as “dkim._domainkey.iredmail.org”(In your case , the value provided by the mail server) and value as :

v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaKtxFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBokFcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5EV711qseo/omquskkwIDAQAB

After setting all the above records, check whether mail is properly going to the inbox. It should work fine, if everything is properly set.

Congrats!! you have created your own Mail Server.

Thanks for reading this article. Happy Coding!.