How to Install iRedMail on Ubuntu 22.04

Updated on 30 April, 2025
How to Install iRedMail on Ubuntu 22.04 header image

iRedMail is a free, open-source mail server solution that enables the deployment of a fully functional email system. It integrates components for mail transfer, retrieval, storage, spam filtering, virus scanning, and secure communication, along with a web interface for managing email accounts, domains, and server settings.

This article explains how to install the iRedMail server on Ubuntu 22.04.

Prerequisites

Before you begin:

Install iRedMail

Follow the steps below to configure the hostname for your server, install iRedMail, and configure it.

  1. Open the terminal and run the following command to set the hostname.

    console
    $ sudo hostnamectl set-hostname mail.example.com
    
  2. Open the /etc/hosts file.

    console
    $ sudo nano /etc/hosts
    
  3. Update the 127.0.1.1 and 127.0.0.1 entries to include your mail domain to enable correct name resolution on your server.

    ini
    # Part of file: /etc/hosts
    
    127.0.1.1 mail.example.com mail
    
  4. Verify the active server hostname.

    console
    $ hostname -f
    

    Output:

    mail.example.com
  5. Download the latest iRedMail release file.

    console
    $ wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.7.3.tar.gz
    

    The above command downloads the iRedMail version 1.7.3 release file. Visit the official download page to verify the latest version to install on your server.

  6. Extract files from the tar archive.

    console
    $ tar -xvf 1.7.3.tar.gz
    
  7. Switch to the extracted iRedMail files directory.

    console
    $ cd iRedMail-1.7.3
    
  8. Update the server package index before running the main script.

    console
    $ sudo apt update
    
  9. Run the iRedMail installation script.

    console
    $ sudo bash iRedMail.sh
    
  10. Press Enter when prompted to start the installation wizard. Then, reply to each of the following prompts to install iRedMail on your server.

    • Default mail storage path: Press Enter to use the default /var/vmail directory.

    • Preferred web server: Keep Nginx selected and press Enter to enable the web server.

    • Choose backend for mail accounts: Press the Down arrow key and press Space to select MariaDB as the database backend.

    • LDAP suffix: Press Enter to use the default domain format for the directory tree.

    • MySQL administrator password: Enter a strong password for the root database user.

    • Your first domain name: Enter your domain to use for sending and receiving emails (e.g., example.com).

    • Mail domain administrator password: Enter a strong password for the postmaster mail administrator account.

    • Optional components: Select optional components to install and press Enter to apply changes.

    • Enter Y when prompted to continue and save your iRedMail installation options.

      < Question > Continue? [y|N]
    • Enter Y to use firewall offered by iRedMail and allow SSH connections on the default port 22.

      < Question > Would you like to use firewall rules provided by iRedMail?
      < Question > File: /etc/nftables.conf, with SSHD ports: 22. [Y|n]
    • Enter Y to allow SSH connections on the default port 22 through the firewall.

      < Question > Restart firewall now (with ssh ports: 22)? [y|N]
  11. Reboot the server to apply the iRedMail installation changes.

    console
    $ sudo systemctl reboot
    

iRedMail Post Installation

iRedMail requires valid MX, SPF, DKIM, and DMARC records for your mail domain to send and receive emails. Log in to your domain registrar and configure the following DNS records to enable email functionality on your iRedMail server.

  1. Create a new MX (Mail Exchange) record with the following details.

    • Type: MX
    • Name: @
    • Priority: 10
    • Value: mail.example.com
  2. Create a new SPF (Sender Policy Framework) record with the following details. Replace 192.0.2.1 with your actual server IP address.

    • Type: TXT
    • Name: @
    • Value: "v=spf1 a mx ip4:192.0.2.1 -all"
  3. Create a new DKIM (DomainKeys Identified Mail) record:

    • Run the following command in your server's terminal to view your domain's DKIM records generated by the amavisd iRedMail utility.

      console
      $ sudo amavisd-new showkeys
      

      Your output should be similar to the one below.

      ; key#1 2048 bits, s=dkim, d=example.com, /var/lib/dkim/example.com.pem
      dkim._domainkey.example.com.     3600 TXT (
        "v=DKIM1; p="
        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+56AfGG9pAdkFNiw5nt"
        "6NifxPCB+2offAblD8ZIXpTg3Z9vT8dy8glDGL/BBdlzfAnX6FxQz1NuKstDLFZc"
        "MfNo3TiKvEAjrrSet7fdfI79inqeQyKkGqaRn+vn2VK/qnD4hZMESLk2V4Ovpb+H"
        "47q1AjybY7QDDHp2cIQFJ8oAkUFColAwEHSuW6PpJkQI9A9NfBHFrSQRZG33EYHA"
        "hAf0sLclA5u+ahaPTkxK5cL76w1kRp668L7qi+SI6fWZpzNnlFDrmfwdEtywvSvS"
        "4igHoHhncGGqo6bjTlI2cV92aBZ1e2n84MGp1JqjBhQWZjsFDr4tOxrKlE8F4Vhe"
        "FQIDAQAB")

      Copy all contents in bracelets () to use as your DKIM record's data.

    • Create a new TXT record using the generated DKIM information with the following details.

      • Type: TXT
      • Name: dkim._domainkey
      • Value:"<iredmail-dkim-data>"
    • Test your DKIM keys configuration using amavisd to verify the DNS record.

      console
      $ sudo amavisd-new testkeys
      

      Output:

      TESTING#1 example.com: dkim._domainkey.example.com => pass
  4. Create a new DMARC (Domain-based Message Authentication, Reporting, and Conformance) record with the following details to send aggregate reports to your administrative email dmarc-reports@example.com.

    • Type: TXT
    • Name: _dmarc
    • Value: "v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; pct=100"

Configure iRedMail to Use Trusted Let's Encrypt SSL Certificates

Follow the steps below to configure iRedMail to use trusted Let's Encrypt SSL certificates on your server.

  1. Install the Certbot Let's Encrypt client tool.

    console
    $ sudo snap install certbot --classic
    
  2. Generate a new Let's Encrypt SSL certificate for your mail domain. Replace mail.example.com and hello@example.com with your actual details.

    console
    $ sudo certbot certonly --webroot -w /opt/www/well_known -d mail.example.com -m hello@example.com --agree-tos
    
  3. Open the default iRedMail virtual host configuration for Nginx.

    console
    $ sudo nano /etc/nginx/sites-available/00-default-ssl.conf
    
  4. Add the following directives to the file after server_name _;. Replace /etc/letsencrypt/live/mail.example.com/ with your actual Let's Encrypt directory.

    ini
    ssl_certificate /etc/letsencrypt/live/mail.example.com/fullchain.pem;
    
    ssl_certificate_key /etc/letsencrypt/live/mail.example.com/privkey.pem;
    

    Save and close the file.

    The above configuration directives enable Nginx to use your domain's trusted Let's Encrypt certificates to deliver requests on your server.

  5. Open the /etc/nginx/templates/ssl.tmpl file.

    console
    $ sudo nano /etc/nginx/templates/ssl.tmpl
    
  6. Find the following configuration directives.

    ini
    ssl_certificate /etc/ssl/certs/iRedMail.crt;
    ssl_certificate_key /etc/ssl/private/iRedMail.key;
    
  7. Replace the SSL certificate and private key paths with your actual Let's Encrypt details.

    ini
    ssl_certificate /etc/letsencrypt/live/mail.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mail.example.com/privkey.pem;
    

    Save and close the file.

  8. Open the main Postfix configuration file /etc/postfix/main.cf.

    console
    $ sudo nano /etc/postfix/main.cf
    
  9. Find the following TLS settings section.

    ini
    # SSL key, certificate, CA
    #
    smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
    smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
    smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
    smtpd_tls_CApath = /etc/ssl/certs
    
  10. Replace the smtpd_tls_key_file and smtpd_tls_cert_file with your actual Let's Encrypt certificate details.

    ini
    smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
    smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
    #smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
    #smtpd_tls_CApath = /etc/ssl/certs
    
  11. Open the Dovecot configuration file /etc/dovecot/dovecot.conf.

    console
    $ sudo nano /etc/dovecot/dovecot.conf
    
  12. Find the following SSL configuration section.

    ini
    ssl_cert = </etc/ssl/certs/iRedMail.crt
    ssl_key = </etc/ssl/private/iRedMail.key
    
  13. Replace the ssl_cert and ssl_key values with your actual Let's Encrypt details.

    ini
    ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem 
    ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem
    

    Save and close the file.

  14. Restart Nginx, Postfix and Dovecot to apply your configuration changes.

    console
    $ sudo systemctl restart nginx postfix dovecot
    

Test the Mail Server

Follow the steps below to test the iRedMail server functionalities.

  1. Access iRedMail Administration Console (iRedAdmin) using your domain in a web browser such as Chrome.

    https://mail.example.com/iredadmin

    Log in to the iRedMail web administration dashboard using the postmaster administrator email and password you set during the installation process.

  2. Click the Add drop-down and select User from the list to set up a new email account.

    Navigate to the user addition page

  3. Enter your desired email information and click Add to create the new user.

    Add mail users

  4. Add the /mail path to your domain in new web browser window to access the Roundcube Webmail interface and manage your email accounts.

    Webmail console

    Enter your Postmaster user and password you set to log in to its web mail interface.

  5. Click Compose to create a new test email to your new user's email. For example, user1@example.com.

    Log in

  6. Click Send to send the test email and verify that it's successful.

    Send a test email

  7. Click Logout in the bottom left to exit the Roundcube Webmail interface.

    Log out

  8. Log in to Roundcube using the new email account you created earlier to access emails sent from the postmaster account.

    The test email

  9. Click the header link within Headers.

    Header link

  10. Verify your domain's DKIM values sent to all mail domains.

    Headers output

Conclusion

In this article, you installed iRedMail on an Ubuntu 22.04 server and secured email access using valid SPF, DKIM, and DMARC records. iRedMail supports multiple email domains, allowing you to set up a secure mail server for sending and receiving emails. For more information, visit the iRedMail documentation.

Comments

No comments yet.