Email Services using iRedMail on CentOS 7 - rharmonson/richtech GitHub Wiki
Pubished: Octobr 10, 2017
iRedMail is an All-in-One secure email solution with a community version and a paid Pro version with commercial support. The primary difference between the two is the commercial support and user interface for many advance tasks in iRedMail Pro. The community version supports the same functionality, but may require command line or manual editing of configuration files.
iRedMail may use the following components:
- Nginx or Apache
- MariaDB, Postgres, or LDAP
- Postfix
- Dovecot
- ClamAV
- Amavis
- SpamAssassin
- Roundcubemail
- Awstats
- iRedAPD & iRedAdmin
Complete a clean Minimal installation of CentOS 7. My CentOS 7 build guide is found here:
Use only the CentOS and EPEL repositories to avoid package conflicts. If additional repositories are needed for other features such as SpaceWalk or oVirt, use yum-plugin-priorities package to reduce the occurrence of breaking package updates.
Prior to installing iRedMail, you must have the correct host name. Verify your FQDN using hostnamectl. To set the hostname (/etc/hostname), execute the following:
# hostnamectl set-hostname mail.mydomain.net
Additional, you may need to update /etc/sysconfig/network. In my experience, the use of network appears to be deprecated.
Update the loopback device to resolve to the FQDN.
# vi /etc/hosts
127.0.0.1 mail.mydomain.net mail localhost localhost.localdomain
Create a DNS record or update /etc/hosts. This would the an opportune time to create both the A and MX records. [Out of Scope]
Set SELinux to permissive using setenforce 0 for the current bash session. To set SELinux as disabled across reboots, update /etc/selinux/config by executing the following where:
# sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
Create an iptables script to configure IPv4 policies. I only use IPv4, but if IPv6 is enabled, create an ip6tables script as well.
I don't use firewalld, and I assume you followed my CentOS 7 installation guide. If you are using firewalld, skip this section and respond 'y' to the iRedMail installer to configure firewalld.
This script will not be used until after the iRedMail completes.
# touch ip4-default.fw
# chmod +x ip4-default.fw
# vi ip4-default.fw
Results
#!/bin/bash
# iRedMail IPv4 Polcies
#Flush current policies
iptables -F
# Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow established sessions to receive traffic
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Accept on localhost
iptables -A INPUT -i lo -j ACCEPT
#ICMP Echo (OPTIONAL)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
# Accept incoming SSH
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT
# iRedMail
## SMTP
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 25 -j ACCEPT
## HTTP/S
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 443 -j ACCEPT
## POP3/S
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 110 -j ACCEPT
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 995 -j ACCEPT
## IMAP/S
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 143 -j ACCEPT
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 993 -j ACCEPT
## SMTP Submission
iptables -I INPUT -p tcp -m conntrack --ctstate NEW --dport 587 -j ACCEPT
# Save Changes
service iptables save
# Service
systemctl restart iptables
systemctl status iptables
Reference: http://www.iredmail.org/docs/network.ports.html
CentOS 7 Minimal installations do not install wget nor bzip2. You may use curl as an alternative to download iRedMail.
# yum install wget bzip2
Results
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bzip2 x86_64 1.0.6-13.el7 base 52 k
wget x86_64 1.14-15.el7 base 547 k
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 599 k
Installed size: 2.0 M
Is this ok [y/d/N]:
then
# mkdir ~/temp
# cd ~/temp
# wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.7.tar.bz2
Results
# wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.7.tar.bz2
--2017-10-07 14:58:47-- https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.7.tar.bz2
Resolving bitbucket.org (bitbucket.org)... 104.192.143.1, 104.192.143.3, 104.192.143.2, ...
Connecting to bitbucket.org (bitbucket.org)|104.192.143.1|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://bbuseruploads.s3.amazonaws.com/e392fe45-c2cf-4346-aa1e-6c05d480ba75/downloads/cbcf86f8-a9a0-4178-99b6-85f8a775aefd/iRedMail-0.9.7.tar.bz2?Signature=Zv6Cu4Drz%2F58LWCReVaW3S3kffA%3D&Expires=1507415179&AWSAccessKeyId=AKIAIQWXW6WLXMB5QZAQ&versionId=NZS6iLNnFB_h8ir.gTnY_4lGUlJDLzRm&response-content-disposition=attachment%3B%20filename%3D%22iRedMail-0.9.7.tar.bz2%22 [following]
--2017-10-07 14:58:47-- https://bbuseruploads.s3.amazonaws.com/e392fe45-c2cf-4346-aa1e-6c05d480ba75/downloads/cbcf86f8-a9a0-4178-99b6-85f8a775aefd/iRedMail-0.9.7.tar.bz2?Signature=Zv6Cu4Drz%2F58LWCReVaW3S3kffA%3D&Expires=1507415179&AWSAccessKeyId=AKIAIQWXW6WLXMB5QZAQ&versionId=NZS6iLNnFB_h8ir.gTnY_4lGUlJDLzRm&response-content-disposition=attachment%3B%20filename%3D%22iRedMail-0.9.7.tar.bz2%22
Resolving bbuseruploads.s3.amazonaws.com (bbuseruploads.s3.amazonaws.com)... 52.216.80.224
Connecting to bbuseruploads.s3.amazonaws.com (bbuseruploads.s3.amazonaws.com)|52.216.80.224|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 146012 (143K) [application/x-tar]
Saving to: ‘iRedMail-0.9.7.tar.bz2’
100%[======================================>] 146,012 351KB/s in 0.4s
2017-10-07 14:58:49 (351 KB/s) - ‘iRedMail-0.9.7.tar.bz2’ saved [146012/146012]
Unarchive
# tar xjf iRedMail-x.y.z.tar.bz2
Results
drwxr-xr-x. 8 root root 164 Jun 30 20:28 iRedMail-0.9.7
-rw-r--r--. 1 root root 146012 Aug 9 03:00 iRedMail-0.9.7.tar.bz2
WARNING!
The installer assumes UID/GID 2000, 2001, and 2003 are available. Use groupmod -g and usermod -u as appropriate to change existing accounts using 2000, 2001, 2003, or alter iRedMail.sh. Also, you may notice odd ownership of the unarchive iRedMail. Execute chown -R root:root [file] if it annoys you. It should not matter for root is, well, root.
Begin the installer
# cd ~/temp/iRedMail-0.9.7
# bash iRedMail.sh
Respond to the installer questions which will result with a summary screen prior to package installation and configuration. I choose to use nginx and mariadb.
Summary
***********************************************************************y**
***************************** WARNING ***********************************
*************************************************************************
* *
* Below file contains sensitive infomation (username/password), please *
* do remember to *MOVE* it to a safe place after installation. *
* *
* * /root/temp/iRedMail-0.9.7/config
* *
*************************************************************************
********************** Review your settings *****************************
*************************************************************************
* Storage base directory: /var/vmail
* Mailboxes:
* Daily backup of SQL/LDAP databases:
* Store mail accounts in: MariaDB
* Web server: Nginx
* First mail domain name: mydomain.com
* Mail domain admin: [email protected]
* Additional components: Roundcubemail Awstats iRedAdmin
Packages
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
MySQL-python x86_64 1.2.5-1.el7 base 90 k
altermime x86_64 0.3.10-10.el7 epel 57 k
amavisd-new noarch 2.11.0-1.el7 epel 862 k
awstats noarch 7.6-3.1.el7 epel 2.3 M
clamav x86_64 0.99.2-8.el7 epel 846 k
clamav-server x86_64 0.99.2-8.el7 epel 107 k
clamav-server-systemd noarch 0.99.2-8.el7 epel 21 k
clamav-update x86_64 0.99.2-8.el7 epel 96 k
dos2unix x86_64 6.0.3-7.el7 base 74 k
dovecot x86_64 1:2.2.32-2.el7.centos iRedMail 4.3 M
dovecot-mysql x86_64 1:2.2.32-2.el7.centos iRedMail 88 k
dovecot-pgsql x86_64 1:2.2.32-2.el7.centos iRedMail 91 k
dovecot-pigeonhole x86_64 1:2.2.32-2.el7.centos iRedMail 396 k
firewalld noarch 0.4.4.4-6.el7 base 416 k
logwatch noarch 7.4.0-32.20130522svn140.el7 base 402 k
lz4 x86_64 1.7.3-1.el7 epel 82 k
mariadb x86_64 1:5.5.56-2.el7 base 8.7 M
mariadb-server x86_64 1:5.5.56-2.el7 base 11 M
nginx x86_64 1:1.10.2-2.el7 epel 505 k
patch x86_64 2.7.1-8.el7 base 110 k
pax x86_64 3.4-19.el7 base 74 k
perl-DBD-MySQL x86_64 4.023-5.el7 base 140 k
perl-LDAP noarch 1:0.56-5.el7 base 411 k
perl-Mail-SPF noarch 2.8.0-4.el7 base 140 k
php-common x86_64 5.4.16-42.el7 base 564 k
php-fpm x86_64 5.4.16-42.el7 base 1.4 M
php-gd x86_64 5.4.16-42.el7 base 127 k
php-imap x86_64 5.4.16-7.el7 epel 38 k
php-intl x86_64 5.4.16-42.el7 base 97 k
php-ldap x86_64 5.4.16-42.el7 base 52 k
php-mbstring x86_64 5.4.16-42.el7 base 505 k
php-mcrypt x86_64 5.4.16-7.el7 epel 20 k
php-mysql x86_64 5.4.16-42.el7 base 101 k
php-pear-Net-IDNA2 noarch 0.1.1-10.el7 epel 25 k
php-pecl-apcu x86_64 4.0.11-1.el7 epel 62 k
php-pgsql x86_64 5.4.16-42.el7 base 86 k
php-xml x86_64 5.4.16-42.el7 base 125 k
py-bcrypt x86_64 0.4-4.el7 epel 26 k
python-beautifulsoup4 noarch 4.3.2-1.el7 epel 149 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-sqlalchemy x86_64 0.9.8-2.el7 base 2.9 M
python-webpy noarch 0.37-8.el7 epel 142 k
spamassassin x86_64 3.4.0-2.el7 base 1.2 M
tmpwatch x86_64 2.11-5.el7 base 38 k
unrar x86_64 5.0.3-1.el7.rf iRedMail 125 k
unzip x86_64 6.0-16.el7 base 169 k
uwsgi x86_64 2.0.15-1.el7 epel 364 k
uwsgi-plugin-python x86_64 2.0.15-1.el7 epel 76 k
Updating:
postfix x86_64 3:2.10.1-6.el7.centos iRedMail 2.5 M
Installing for dependencies:
arj x86_64 3.10.22-22.el7 epel 171 k
cabextract x86_64 1.5-1.el7 epel 43 k
clamav-data noarch 0.99.2-8.el7 epel 111 M
clamav-filesystem noarch 0.99.2-8.el7 epel 21 k
clamav-lib x86_64 0.99.2-8.el7 epel 3.8 M
clucene-core x86_64 2.3.3.4-11.el7 base 528 k
fontconfig x86_64 2.10.95-11.el7 base 229 k
fontpackages-filesystem noarch 1.44-8.el7 base 9.9 k
freeze x86_64 2.5.0-16.el7 epel 31 k
gd x86_64 2.0.35-26.el7 base 146 k
gdbm-devel x86_64 1.10-8.el7 base 47 k
glibc-devel x86_64 2.17-196.el7 base 1.1 M
glibc-headers x86_64 2.17-196.el7 base 675 k
gperftools-libs x86_64 2.4-8.el7 base 272 k
kernel-headers x86_64 3.10.0-693.2.2.el7 updates 6.0 M
libX11 x86_64 1.6.5-1.el7 base 606 k
libX11-common noarch 1.6.5-1.el7 base 164 k
libXau x86_64 1.0.8-2.1.el7 base 29 k
libXpm x86_64 3.5.12-1.el7 base 55 k
libc-client x86_64 2007f-16.el7 epel 562 k
libdb-devel x86_64 5.3.21-20.el7 base 38 k
libicu x86_64 50.1.2-15.el7 base 6.9 M
libmcrypt x86_64 2.5.8-13.el7 epel 99 k
libmspack x86_64 0.5-0.5.alpha.el7 base 64 k
libpng x86_64 2:1.5.13-7.el7_2 base 213 k
libunwind x86_64 2:1.2-2.el7 base 57 k
libxcb x86_64 1.12-1.el7 base 211 k
libzip x86_64 0.10.1-8.el7 base 48 k
lrzip x86_64 0.616-5.el7 epel 191 k
lyx-fonts noarch 2.2.3-1.el7 epel 159 k
lzop x86_64 1.03-10.el7 base 54 k
mailcap noarch 2.1.41-2.el7 base 31 k
mailx x86_64 12.5-16.el7 base 244 k
nginx-all-modules noarch 1:1.10.2-2.el7 epel 16 k
nginx-filesystem noarch 1:1.10.2-2.el7 epel 17 k
nginx-mod-http-geoip x86_64 1:1.10.2-2.el7 epel 23 k
nginx-mod-http-image-filter x86_64 1:1.10.2-2.el7 epel 26 k
nginx-mod-http-perl x86_64 1:1.10.2-2.el7 epel 35 k
nginx-mod-http-xslt-filter x86_64 1:1.10.2-2.el7 epel 25 k
nginx-mod-mail x86_64 1:1.10.2-2.el7 epel 53 k
nginx-mod-stream x86_64 1:1.10.2-2.el7 epel 46 k
nmap-ncat x86_64 2:6.40-7.el7 base 201 k
nomarch x86_64 1.4-11.el7 epel 20 k
p7zip x86_64 16.02-2.el7 epel 651 k
p7zip-plugins x86_64 16.02-2.el7 epel 973 k
perl x86_64 4:5.16.3-292.el7 base 8.0 M
perl-Archive-Tar noarch 1.92-2.el7 base 73 k
perl-Archive-Zip noarch 1.30-11.el7 base 107 k
perl-Authen-SASL noarch 2.15-10.el7 base 57 k
perl-BerkeleyDB x86_64 0.51-4.el7 epel 148 k
perl-Business-ISBN noarch 2.06-2.el7 base 25 k
perl-Business-ISBN-Data noarch 20120719.001-2.el7 base 24 k
perl-CGI noarch 3.63-4.el7 base 250 k
perl-Carp noarch 1.26-244.el7 base 19 k
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k
perl-Convert-ASN1 noarch 0.26-4.el7 base 54 k
perl-Convert-BinHex noarch 1.119-20.el7 epel 44 k
perl-Convert-TNEF noarch 0.18-2.el7 epel 22 k
perl-Convert-UUlib x86_64 2:1.5-1.el7 epel 216 k
perl-Crypt-OpenSSL-Bignum x86_64 0.04-18.el7 base 34 k
perl-Crypt-OpenSSL-RSA x86_64 0.28-7.el7 base 38 k
perl-Crypt-OpenSSL-Random x86_64 0.04-21.el7 base 24 k
perl-DBD-SQLite x86_64 1.39-3.el7 base 1.3 M
perl-DBI x86_64 1.627-4.el7 base 802 k
perl-DB_File x86_64 1.830-6.el7 base 74 k
perl-Data-Dumper x86_64 2.145-3.el7 base 47 k
perl-Date-Manip noarch 6.41-2.el7 base 1.2 M
perl-Digest noarch 1.17-245.el7 base 23 k
perl-Digest-HMAC noarch 1.03-5.el7 base 16 k
perl-Digest-MD5 x86_64 2.52-3.el7 base 30 k
perl-Digest-SHA x86_64 1:5.85-4.el7 base 58 k
perl-Digest-SHA1 x86_64 2.13-9.el7 base 50 k
perl-Encode x86_64 2.51-7.el7 base 1.5 M
perl-Encode-Detect x86_64 1.01-13.el7 base 82 k
perl-Encode-Locale noarch 1.03-5.el7 base 16 k
perl-Error noarch 1:0.17020-2.el7 base 32 k
perl-Exporter noarch 5.68-3.el7 base 28 k
perl-ExtUtils-Install noarch 1.58-292.el7 base 74 k
perl-ExtUtils-MakeMaker noarch 6.68-3.el7 base 275 k
perl-ExtUtils-Manifest noarch 1.61-244.el7 base 31 k
perl-ExtUtils-ParseXS noarch 1:3.18-3.el7 base 77 k
perl-FCGI x86_64 1:0.74-8.el7 base 42 k
perl-File-Listing noarch 6.04-7.el7 base 13 k
perl-File-Path noarch 2.09-2.el7 base 26 k
perl-File-Temp noarch 0.23.01-3.el7 base 56 k
perl-Filter x86_64 1.49-3.el7 base 76 k
perl-GSSAPI x86_64 0.28-9.el7 base 59 k
perl-Geo-IP x86_64 1.43-3.el7 epel 87 k
perl-Getopt-Long noarch 2.40-2.el7 base 56 k
perl-HTML-Parser x86_64 3.71-4.el7 base 115 k
perl-HTML-Tagset noarch 3.20-15.el7 base 18 k
perl-HTTP-Cookies noarch 6.01-5.el7 base 26 k
perl-HTTP-Daemon noarch 6.01-5.el7 base 20 k
perl-HTTP-Date noarch 6.02-8.el7 base 14 k
perl-HTTP-Message noarch 6.06-6.el7 base 82 k
perl-HTTP-Negotiate noarch 6.01-5.el7 base 17 k
perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k
perl-IO-Compress noarch 2.061-2.el7 base 260 k
perl-IO-HTML noarch 1.00-2.el7 base 23 k
perl-IO-Multiplex noarch 1.13-6.el7 epel 25 k
perl-IO-Socket-INET6 noarch 2.69-5.el7 base 20 k
perl-IO-Socket-IP noarch 0.21-4.el7 base 35 k
perl-IO-Socket-SSL noarch 1.94-6.el7 base 114 k
perl-IO-Zlib noarch 1:1.10-292.el7 base 51 k
perl-IO-stringy noarch 2.110-22.el7 base 71 k
perl-JSON noarch 2.59-2.el7 base 96 k
perl-LWP-MediaTypes noarch 6.02-2.el7 base 24 k
perl-MIME-tools noarch 5.505-1.el7 epel 256 k
perl-Mail-DKIM noarch 0.39-8.el7 base 129 k
perl-MailTools noarch 2.12-2.el7 base 108 k
perl-Net-DNS x86_64 0.72-6.el7 base 308 k
perl-Net-Daemon noarch 0.48-5.el7 base 51 k
perl-Net-HTTP noarch 6.06-2.el7 base 29 k
perl-Net-IP noarch 1.26-4.el7 epel 36 k
perl-Net-LibIDN x86_64 0.12-15.el7 base 28 k
perl-Net-SMTP-SSL noarch 1.01-13.el7 base 9.1 k
perl-Net-SSLeay x86_64 1.55-6.el7 base 285 k
perl-Net-Server noarch 2.007-2.el7 epel 208 k
perl-NetAddr-IP x86_64 4.069-3.el7 base 125 k
perl-Package-Constants noarch 1:0.02-292.el7 base 45 k
perl-PathTools x86_64 3.40-5.el7 base 82 k
perl-PlRPC noarch 0.2020-14.el7 base 36 k
perl-Pod-Escapes noarch 1:1.04-292.el7 base 51 k
perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k
perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k
perl-Pod-Usage noarch 1.63-3.el7 base 27 k
perl-Razor-Agent x86_64 2.85-15.el7 epel 121 k
perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k
perl-Socket x86_64 2.010-4.el7 base 49 k
perl-Socket6 x86_64 0.23-15.el7 base 27 k
perl-Storable x86_64 2.45-3.el7 base 77 k
perl-Switch noarch 2.16-7.el7 base 22 k
perl-Sys-CPU x86_64 0.54-4.el7 base 14 k
perl-Sys-MemInfo x86_64 0.91-7.el7 base 15 k
perl-Sys-Syslog x86_64 0.33-3.el7 base 42 k
perl-Test-Harness noarch 3.28-3.el7 base 302 k
perl-Text-ParseWords noarch 3.29-4.el7 base 14 k
perl-Text-Soundex x86_64 3.04-4.el7 base 19 k
perl-Text-Unidecode noarch 0.04-20.el7 base 114 k
perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k
perl-Time-Local noarch 1.2300-2.el7 base 24 k
perl-TimeDate noarch 1:2.30-2.el7 base 52 k
perl-URI noarch 1.60-9.el7 base 106 k
perl-Unix-Syslog x86_64 1.1-17.el7 epel 29 k
perl-WWW-RobotRules noarch 6.02-5.el7 base 18 k
perl-XML-Filter-BufferText noarch 1.01-17.el7 base 11 k
perl-XML-NamespaceSupport noarch 1.11-10.el7 base 18 k
perl-XML-SAX-Base noarch 1.08-7.el7 base 32 k
perl-XML-SAX-Writer noarch 0.53-4.el7 base 25 k
perl-constant noarch 1.27-2.el7 base 19 k
perl-devel x86_64 4:5.16.3-292.el7 base 453 k
perl-libs x86_64 4:5.16.3-292.el7 base 688 k
perl-libwww-perl noarch 6.05-2.el7 base 205 k
perl-macros x86_64 4:5.16.3-292.el7 base 43 k
perl-parent noarch 1:0.225-244.el7 base 12 k
perl-podlators noarch 2.5.1-3.el7 base 112 k
perl-threads x86_64 1.87-4.el7 base 49 k
perl-threads-shared x86_64 1.43-6.el7 base 39 k
perl-version x86_64 3:0.99.07-2.el7 base 84 k
php-cli x86_64 5.4.16-42.el7 base 2.7 M
php-pdo x86_64 5.4.16-42.el7 base 98 k
php-pear noarch 1:1.9.4-21.el7 base 357 k
php-process x86_64 5.4.16-42.el7 base 55 k
portreserve x86_64 0.0.5-11.el7 base 26 k
postgresql-libs x86_64 9.2.23-1.el7_4 updates 233 k
procmail x86_64 3.22-36.el7 base 171 k
pyparsing noarch 1.5.6-9.el7 base 94 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-cherrypy noarch 3.2.2-4.el7 base 422 k
python-html5lib noarch 1:0.999-5.el7 epel 206 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
systemtap-sdt-devel x86_64 3.1-3.el7 base 71 k
t1lib x86_64 5.1.2-14.el7 base 166 k
unzoo x86_64 4.4-16.el7 epel 24 k
uwsgi-plugin-common x86_64 2.0.15-1.el7 epel 50 k
Transaction Summary
================================================================================
Install 48 Packages (+176 Dependent packages)
Upgrade 1 Package
Total download size: 205 M
Downloading packages:
iRedMail Configurations
********************************************************************
* Start iRedMail Configurations
********************************************************************
[ INFO ] Create self-signed SSL certification files (2048 bits).
[ INFO ] Generate Diffie Hellman Group with openssl, please wait.
[ INFO ] Create required system account: vmail, iredadmin, iredapd.
[ INFO ] Configure Nginx web server and uWSGI.
[ INFO ] Configure PHP.
[ INFO ] Configure MariaDB database server.
[ INFO ] Setup daily cron job to backup SQL databases with /var/vmail/backup/backup_mysql.sh
[ INFO ] Configure Postfix (MTA).
[ INFO ] Configure Dovecot (POP3/IMAP/Managesieve/LMTP/LDA).
[ INFO ] Configure ClamAV (anti-virus toolkit).
[ INFO ] Configure Amavisd-new (interface between MTA and content checkers).
[ INFO ] Configure SpamAssassin (content-based spam filter).
[ INFO ] Configure iRedAPD (postfix policy daemon).
[ INFO ] Configure iRedAdmin (official web-based admin panel).
[ INFO ] Configure Roundcube webmail.
[ INFO ] Configure Awstats (logfile analyzer for mail and web server).
*************************************************************************
* iRedMail-0.9.7 installation and configuration complete.
*************************************************************************
Also, I responded
No to use firewall rules provided by iRedMail. No to /etc/firewalld/zones/iredmail.xml with SSHD. Yes to use MySQL configuration file shipped with iRedMail.
[ INFO ] Disable SELinux in /etc/selinux/config.
< Question > Would you like to use firewall rules provided by iRedMail?
< Question > File: /etc/firewalld/zones/iredmail.xml, with SSHD port: 22. [Y|n]n
[ INFO ] Skip firewall rules.
< Question > Would you like to use MySQL configuration file shipped within iRedMail now?
< Question > File: /etc/my.cnf. [Y|n]y
[ INFO ] Copy MySQL sample file: /etc/my.cnf.
[ INFO ] Enable SSL support for MySQL server.
[ INFO ] Updating ClamAV database (freshclam), please wait ...
ClamAV update process started at Mon Oct 9 17:26:55 2017
Clamav database will take a while to download and update.
The iRedMail installer finishes with:
********************************************************************
* URLs of installed web applications:
*
* - Roundcube webmail: httpS://mail.mydomain.com/mail/
*
* - Web admin panel (iRedAdmin): httpS://mail.mydomain.com/iredadmin/
*
* You can login to above links with below credential:
*
* - Username: [email protected]
* - Password: yourpassword
*
*
********************************************************************
* Congratulations, mail server setup completed successfully. Please
* read below file for more information:
*
* - /root/temp/iRedMail-0.9.7/iRedMail.tips
*
* And it's sent to your mail account [email protected].
*
********************* WARNING **************************************
*
* Please reboot your system to enable all mail services.
*
********************************************************************
The firewalld package is installed by iRedMail even if it was not installed! If you user iptables-services, remove firewalld.
# systemctl stop firewalld && systemctl disable firewalld && yum -y remove firewalld
Results
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Loaded plugins: fastestmirror, priorities, versionlock
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.4.4.4-6.el7 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================
Package Arch Version Repository Size
=================================================================================
Removing:
firewalld noarch 0.4.4.4-6.el7 @base 1.8 M
Transaction Summary
=================================================================================
Remove 1 Package
Installed size: 1.8 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : firewalld-0.4.4.4-6.el7.noarch 1/1
Verifying : firewalld-0.4.4.4-6.el7.noarch 1/1
Removed:
firewalld.noarch 0:0.4.4.4-6.el7
Complete!
Execute the ip4-iredmail.fw script created earlier.
]# bash ip4-iredmail.fw
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Mon 2017-10-09 17:36:10 PDT; 3ms ago
Process: 3622 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 3688 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 3688 (code=exited, status=0/SUCCESS)
Oct 09 17:36:10 mail.mydomain.com systemd[1]: Starting IPv4 firewall w...
Oct 09 17:36:10 mail.mydomain.com iptables.init[3688]: iptables: Apply...
Oct 09 17:36:10 mail.mydomain.com systemd[1]: Started IPv4 firewall wi...
Hint: Some lines were ellipsized, use -l to show in full.
Update values in main.cf for your host, domain, and origin.
# hostname
myhostname = mail.mydomain.com
myorigin = mydomain.com
mydomain = mydomain.com
Begin by creating a sasl password file where you are using plain text (not 64bit encoded!).
# vi sasl_passwd
Results
[outbound.mailhop.org]:10025 user:password
then
# chmod 600 sasl_passwd
next, postmap
# postmap hash:/etc/postfix/sasl_password
Add a smart relay or relayhost to /etc/postfix/main.cf. After iRedMail installation, iRedMail generates its own main.cf. Add the following at the end of the file:
# 2017Oct09: DuoCircle SMTP Outbound
relayhost = [outbound.mailhop.org]:10025
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_security_options = noanonymous
Restart for changes to take effect.
# systemctl restart postfix
Reference: http://www.iredmail.org/docs/relayhost.html
ERROR!
When executing systemctl status postfix and seeing the below error, you may be missing one or more cyrus-sasl package. My installation was missing the cyrus-sasl-plain, so I yum install cyrus-sasl-plain to correct.
The following are on my working installation:
# rpm -qa |grep -i cyrus-sasl
cyrus-sasl-plain-2.1.26-21.el7.x86_64
cyrus-sasl-gssapi-2.1.26-21.el7.x86_64
cyrus-sasl-lib-2.1.26-21.el7.x86_64
Reference: https://sendgrid.com/docs/Integrate/Mail_Servers/postfix.html
If using an email cleansing service or SMTP inbound relay, you may need to disable iRedMail's Greylist filter due to the following error:
451 4.7.1 : Recipient address rejected: Intentional policy rejection, please try again later
1. Comment out using '#' all (2) "check_policy_service inet:127.0.0.1:7777" in /etc/postfix/main.cf
2. `systemctl restart postfix`
3. Disable iredapd service. <-- How?
Results
# Recipient restrictions
smtpd_recipient_restrictions =
reject_unknown_recipient_domain
reject_non_fqdn_recipient
reject_unlisted_recipient
# 2017Oct10: Disable for mxguarddog = "Intentional policy rejection"
#check_policy_service inet:127.0.0.1:7777
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
# 2017Oct10: Disable for mxguarddog = "Intentional policy rejection"
#check_policy_service inet:127.0.0.1:7777
Reference: http://www.iredmail.org/docs/manage.iredapd.html
To recieve emails, you will need to update your DNS zone with A, MX, and TXT records. How you accomplish these tasks will be specific to your DNS provider, but here is a summary of mine:
Create an "A" host record for your new server, generally, this will be your NAT'd address for the external or Internet firewall interface.
Create MX records pointing to the host created above or if using an SMTP inbound relay, the hosts as directed by the service provide. For MXGuardDog, mine are:
Priority MX Server Name
10 63f95d2d.21.ik2.com
20 63f95d2d.22.ik2.io
30 63f95d2d.23.ik2.eu
Create TXT record for SPF.
- type: TXT Record
- Host: @
- Value: v=spf1 include:outbound.mailhop.org -all
- TTL: something low if using DDNS
Reference:
Tool: http://www.kitterman.com/spf/validate.html
Create a TXT record for DKIM.
- type: TXT Record
- Host: duo-1507446930969-48be08b5._domainkey
- Value: "v=DKIM1; k=rsa; s=email; p=[areallylongstring]"
One of the advantages of using outbound and inbound relays is the use of non-standard ports to circumvent Comcast and other ISPs blocks of port 25. Jerks! Most ISP with a phone call will remove the blocks, but ISPs like Comcast as of 2014 refuse to remove blocks for residential customers.
The ports supported with SMTP relay or smarthost providers differs. DuoCircle supports the following:
- Server: outbound.mailhop.org or outbound1.eu.mailhop.org (European Union)
- SMTP Port: 25 (default), 2525, or 10025
- SMTPS (SSL/TLS): 465 (default) or 10465
Reference: http://www.iredmail.org/docs/enable.smtps.html
As part of mxguarddog.com service, you specify your server host record and your port. Any valid IPv4 port number!
Active MX Guarddog IP Addresses
- 122.103.250.12 Osaka, Japan Added Jul. 2014
- 64.38.239.80/29 Phoenix AZ, USA Added Aug. 2014
- 66.37.25.64/28 Phoenix AZ, USA Added Sept. 2015
- 208.77.151.112/29 Dallas TX, USA Added Jan. 2017
Resolution By Name
If you have one of those fancy firewalls that can apply rules by using a host name, we got you covered. We publish a list of our active IP addresses under the name servers.ik2.com.
Click this link to learn more about MXGuardDog's free spam filter.
- http://www.iredmail.org/docs/enable.smtp.auth.on.port.25.html
- http://www.iredmail.org/docs/enable.smtps.html
- http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/
- https://mailinabox.email/
- https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers
- http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/
- https://support.duocircle.com/support/solutions/articles/5000734647-postfix-configuration
- https://identitysafe.norton.com/password-generator/
- http://www.postfix.org/postconf.5.html#smtpd_sasl_authenticated_header
- https://mxguarddog.com/dc.mxservers/tab=2
- https://mxguarddog.com/faq.ip_list/#start
-
How to enable greylist but without refusing delivery from mxguarddog?
-
Research installer error:
< Question > Continue? [y|N]y
/root/temp/iRedMail-0.9.7/functions/packages.sh: line 68: perl: command not found
[ INFO ] Installing package(s): rsyslog firewalld postfix mariadb mariadb-server perl-DBD-MySQL php-common php-gd php-xml php-mysql php-ldap php-pgsql php-imap php-mbstring php-pecl-apc php-intl php-mcrypt nginx php-fpm dovecot dovecot-pigeonhole dovecot-mysql dovecot-pgsql amavisd-new spamassassin altermime perl-LDAP perl-Mail-SPF unrar pax lz4 clamav clamav-update clamav-server clamav-server-systemd php-pear-Net-IDNA2 python-sqlalchemy python-setuptools python-dns MySQL-python python-jinja2 python-webpy python-netifaces python-beautifulsoup4 python-lxml python-pycurl py-bcrypt uwsgi uwsgi-plugin-python awstats unzip bzip2 acl patch tmpwatch crontabs dos2unix logwatch lz4
- Should I use the European Union DuoCircle server? Better confidentiality?