How to Install iRedMail on Debian 12
Introduction
iRedMail is an open-source email server solution that enables the deployment of a fully functional email system. It integrates multiple components for mail transfer, retrieval, storage, virus scanning, spam detection, and secure communication. iRedMail uses the Postfix mail transfer agent and includes a web administration interface for managing email accounts, domains, and other server settings.
This article explains how to install iRedMail on a Debian 12 server.
Prerequisites
Before you begin:
- Deploy a Debian 12 server instance on Vultr with at least 4 GB RAM.
- Create 2 domain name DNS A records pointing to the instance's IP address. For example,
mail.example.comandexample.com. - Access the server using SSH as a non-root user with sudo privileges.
- Update the server.
- Open a new Vultr support ticket and request the SMTP port
25to be unblocked on your instance.
Install iRedMail
iRedMail is not available in the default package repositories on Debian 12. Follow the steps below to set up the server and install iRedMail using the latest installation script.
Change the server hostname to your mail domain.
console$ sudo hostnamectl set-hostname mail.example.com
Open the
/etc/hostsfile.console$ sudo nano /etc/hosts
Add your mail domain
mail.example.comas a value of127.0.1.1.127.0.1.1 mail.example.com mailSave and close the file.
The above host configuration enables the server to resolve your mail domain to the system address.
Download the latest iRedMail installation archive using
wget.1.7.1in the URL with the latest version number.console$ wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.7.1.tar.gz
The above command downloads the archive version
1.7.1. Visit the official iRedMail download page to verify the latest version to download on your server.Extract files from the archive.
console$ tar xvf 1.7.1.tar.gz
Switch to the extracted files directory.
console$ cd iRedMail-1.7.1
Enable execute permissions to the iRedMail installation script.
console$ chmod +x iRedMail.sh
Run the automatic installation script to install iRedMail on your server.
console$ sudo bash iRedMail.sh
Reply to the following prompts to install iRedMail on your server.
Press Enter to start the installation process.
Default mail storage path: Press Enter to use the default
/var/vmaildirectory.Preferred web server: Keep
Nginxselected and press Enter to enable the web server.Choose Preferred backend uses to store mail accounts: Press the Down arrow key and press Space to select MariaDB as the database backend.
LDAP suffix: Press Enter to use the default domain format to create a directory tree.
Password for MySQL administrator: Enter a new strong password to assign the
rootdatabase user account on your server.Your first domain name: Enter your domain to use when sending and receiving emails on the server. For example,
example.comPassword for the mail domain administrator: Enter a new strong password to assign the
postmastermail administrator account.Optional components: Select optional components to install on your server and press Enter to apply changes.
Enter Y when prompted to continue and save your iRedMail installation options.
< Question > Continue? [y|N]Enter Y to allow SSH connections on the default port
22through the firewall.< Question > Restart firewall now (with ssh ports: 22)? [y|N]
Reboot the server to apply the iRedMail installation changes.
console$ sudo systemctl reboot
Open the HTTP port.
console$ sudo ufw allow 80
Open the HTTPS port.
console$ sudo ufw allow 443
Open the mail port
25.console$ sudo ufw allow 25
Configure the DNS records
Follow the steps below to configure DNS records such as SPF, DMARC, and DKIM to enable the delivery of emails from your mail server.
Log in to your domain registrar such as Vultr DNS and create the following DNS records.
Create a new MX (Mail Exchange) record with the following details.
- Type:
MX - Name:
@ - Priority:
10 - Value:
mail.example.com
- Type:
Create a new SPF (Sender Policy Framework) record with the following details. Replace
192.0.2.1with your actual server IP address.- Type:
TXT - Name:
@ - Value:
"v=spf1 a mx ip4:192.0.2.1 -all"
- Type:
Create a new TXT record to set up SPF. Set the record name to
@. If you're using a subdomain for the email address domain, set the record name to the subdomain. Set the data to the text below. Replace192.0.2.1with your server's IP address.v=spf1 a mx ip4:192.0.2.1 -allThe SPF record instructs the recipient server to only allow mail from your server's IP address.
Create a new DMARC (Domain-based Message Authentication, Reporting, and Conformance) record with the following details. Replace
dmarc-reports@example.comwith your domain administrator's email.- Type:
TXT - Name:
_dmarc - Value:
"v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; pct=100"
- Type:
Create a new DKIM (DomainKeys Identified Mail) record:
Run the following command in your server's terminal to view your domain's DKIM records generated by the
amavisdiRedmail utility.console$ amavisd showkeys
Your output should similar to the one below.
; key#1 2048 bits, s=dkim, d=example.com, /var/lib/dkim/example.com.pem dkim._domainkey.example.com. 3600 TXT ( "v=DKIM1; p=" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zj9jaznT73JQMGCB5ag" "iSjOEEYqMQqSHRAXMHUm05ZDzy5ypzLdLYech8R+T+5S7+We0tQ0tWMAj07rB4/U" "N6BX+J8ycp5Tcsg34lxEuYh34DENoQ8n0x4YLldrO/4+L5xk5pjJpsjiG6JigLPv" "VDDzQSB+PA8Sn8NNczxRVhTFZ4AQgma7p9AnraTV+d4zjD24RD2pAvHL45BjH6NS" "A4B3V3NfTf+OVbecI5dD29RsK8DIzhGW/XGsoo7G68fGwBpZdYkww3EhjpIojpbn" "uM7JeO7rIDbczehroujPCxn52c+AuUC+pnfJuBBMXoeQ0jqabsLfmll0+KPeSuFR" "EwIDAQAB")Copy all contents in bracelets
()to use as your DKIM record's data.Create a new
TXTrecord using the generated DKIM information with the following details.- Type:
TXT - Name:
dkim._domainkey - Value:
"<iredmail-dkim-data>"
- Type:
Test your DKIM keys configuration using
amavisdto verify the DNS record.console$ amavisd testkeys
Output:
TESTING#1 example.com: dkim._domainkey.example.com => pass
Access your instance's management page and navigate to the Settings tab.
Click the reverse DNS field in your IPV4 section and replace the existing data with your domain name.
Secure iRedMail with Trusted Let's Encrypt SSL Certificates
Follow the steps below to generate Let's Encrypt SSL certificates to replace the default iRedMail self-signed certificates.
Install the Snapd package manager.
console$ sudo apt install snapd -y
Install Certbot using
snap.console$ sudo snap install certbot --classic
Activate the system-wide Certbot command.
console$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Request a new SSL certificate for your active domains. Replace
example.comandmail.example.comwith the actual domains pointing to your server's IP address, andhello@example.comwith your email.console$ sudo certbot certonly --webroot -w /var/www/html -d example.com -d mail.example.com -m hello@example.com --agree-tos
Your output should be similar to the one below when successful.
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem This certificate expires on 2024-10-30.Change the Let's Encrypt SSL directory permissions to enable read privileges for other applications such as Postfix and Dovecot on the server.
console$ sudo chmod 0755 /etc/letsencrypt/{live,archive}
Back up the default iRedMail SSL certificate file.
console$ sudo mv /etc/ssl/certs/iRedMail.crt{,.bak}
Back up the default iRedMail private key file.
console$ sudo mv /etc/ssl/private/iRedMail.key{,.bak}
Link your domain's Let's Encrypt certificate file to the
iRedMail.crtfile.console$ sudo ln -s /etc/letsencrypt/live/example.com/fullchain.pem /etc/ssl/certs/iRedMail.crt
Link the Let's Encrypt private key to
iRedMail.key.console$ sudo ln -s /etc/letsencrypt/live/example.com/privkey.pem /etc/ssl/private/iRedMail.key
Restart the Postfix, Dovecot, and Nginx system services.
console$ sudo systemctl restart postfix dovecot nginx
Access the iRedMail Interface
Follow the steps below to access the iRedMail web administration interface to manage user accounts, email domains and view mail logs on the server.
Access the iRedMail web administration interface using your management domain.
https://mail.example.com/iredadminLog in to the iRedMail interface using your first email domain's administrator email and password your set during the installation process:
- USERNAME:
postmaster@example.com - PASSWORD:
<Administrator-Password>
- USERNAME:
Click the Add drop-down and select User from the list to set up a new email account.
Enter your desired email information and click Add to create the new user.
Add the
/mailpath to your domain in new web browser window to access the Roundcube Webmail interface and manage your email.
Enter your Postmaster user and password to log in to its webmail interface.
Click Compose to create a new test email to your new user email. For example,
user1@example.com.
Click Send to send the test email and verify that it's successful.
Click Logout in the bottom left to exit the Roundcube interface.
Log in to Roundcube using the new email user you created earlier to access the email sent from the
postmasteraccount.
Click the
headerlink within Headers.
Verify your domain's DKIM values sent to all mail domains.
Conclusion
You have installed iRedMail on a Debian 12 server and configured DNS records to enable the secure delivery of emails. iRedMail enables the hosting and delivery to emails by integrating webmail solutions such as Roundcube to enable access to active email accounts. For more information, visit the iRedmail documentation.