About the time of Edward Snowden's NSA PRISM revelations, I began exploring alternative email systems. Australia-based FastMail caught my attention because of a friend's recommendation and the seemingly better privacy protections its home country offered:
“Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it."
However, some of FastMail's servers are actually hosted in the U.S. and email can be compromised in a variety of ways. Whether you use a third party service or host your own email, if privacy and security are your main concerns, you need to build your skill set on multiple levels.
I have no illusions that self-hosting your email will keep the government from reading it if it wants to. For example, Amazon recently received a $600 million contract to run the CIA’s cloud operations. But it will make it slightly more difficult and encourage open source innovators to move platforms towards a more private, more secure world.
If minimizing costs is your concern, keep in mind running your own mail server won't be free—it can easily cost from $7 to $15 monthly or more, depending on your configuration. And I highly recommend running a dedicated instance or server—mixing other apps on the same server can expose your email to a broad variety of threats.
One such platform I began experimenting with is iRedMail, an open source email server solution which runs on common Linux systems. iRedMail bundles RoundCube, an open source webmail client. Together, both provide a fairly decent Gmail alternative. And iRedMail supports IMAP and POP so you can run it with a variety of smartphone and tablet apps and desktop mail clients.
In this tutorial series, I'll walk you through the basics of installing and configuring iRedMail and RoundCube. If you want additional assistance, iRedMail also offers a premium administrative console and paid installation and support.
Don't be fooled into thinking this will be as easy as running WordPress. It's not. In addition to issues of security and privacy, you have to convince other mail servers to trust your mail server. So You'd Like to Send Some Email (Through Code) describes some of the complexity of managing this challenge, including configuring Reverse PTR and DomainKeys Identified Mail.
Overview of iRedMail Features
iRedMail is a free, full-featured, open source email server solution. It provides a straightforward automated installation procedure and runs on seven versions of Linux: Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, FreeBSD and OpenBSD. It's an open source project licensed under GPLv2.
With iRedMail, you control your own data. All of your personal data is on your server, not on a third party's. Mail can be stored with either PostgreSQL, MySQL or OpenLDAP.
For mail sending and delivery, it provides SMTP via Postfix and uses Dovecot to provide POP3/POP3S and IMAP/IMAPS. It provides several layers of anti-spam and threat protections including Amavisd, SpamAssassin, ClamAV and Fail2ban.
Here's a view that represents the overall iRedMail architecture:
Image credit: http://workaround.org/ispmail/lenny/bigpicture
It provides integrated webmail via Roundcube, which has its own developer community providing themes and plugins.
Here's a complete list of RoundCube features.
Configuring Your Operating System
Now I'll walk you through installing iRedMail with MySQL on Ubuntu 14.x. I'll be using this guide to installing and configuring Ubuntu at Digital Ocean, with one primary difference. Instead of using the LAMP stack in the Applications tab, we want to use the default Ubuntu 14.04 installation in the Distributions tab, as shown below during the setup process:
Of course, you can use any generic virtual server that you wish.
If you're using the 512MB memory instance, you will want to set up a swap file (scroll to Configuring Your Droplet), otherwise the anti-virus software will likely crash and prevent mail delivery.
Configuring Your Domain Name
Once you've received your IP address, you will need to map your domain name's DNS to the IP address. And you will need a secondary domain for the mail services.
For example, I'm using red.lookahead.me as a subdomain for my installation—it's my primary server hostname:
red.lookahead.me A 188.8.131.52
But during the installation, iRedMail will also require a mail server domain or subdomain. I'm using mailserver.lookahead.me:
mailserver.lookahead.me A 184.108.40.206
Important: Choosing Your Default Domains
I chose the domains above for demonstration purposes, and those choices are reflected in the screenshots throughout the installation process below.
Another way to configure iRedMail is to set up your server with hostname mail.yourexampledomain.com and receive email at your root domain. So, again, when creating your server instance, set the hostname as mail.yourexampledomain.com. And, when prompted by iRedMail for your virtual server, provide the root domain.
In other words: instead of red.lookahead.me, configure the hostname as mail.yourexampledomain.com. Instead of mailserver.lookahead.me, specify yourexampledomain.com.
This will allow you to log in to Roundcube webmail at http://mail.yourexampledomain.com and send and receive email from email@example.com right out of the box.
Of course, you'll also need to add MX records with your domain name registrar for your chosen domain to route messages to your iRedMail server. Here's an example:
lookahead.me. 1800 MX red.lookahead.me. 10
Running the iRedMail Installation Script
We run the iRedMail installation from \root. So first we download the code and extract it from the BitBucket archive:
cd /root wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.0.tar.bz2 tar xjf iRedMail-0.9.0.tar.bz2
Then we'll run the installation script:
cd iRedMail-0.9.0 bash iRedMail.sh
iRedMail will begin walking you through its installation wizard. You can often accept the default responses.
First, you can set a path for the mailbox store:
Then you can choose whether to use Nginx or Apache:
Next you can choose your mail store. We'll use MySQL for this demonstration:
Specify a password for MySQL Server's administrator account:
Then provide your secondary domain name for the mail server—not your server hostname. I'm using mailserver.lookahead.me:
Specify a password for the administrator user account:
That completes the initial configuration. A file will be written to
/root/iRedmail-0.9.0/config which needs to be secured but may be needed to refer to:
Click continue to begin the actual automated installation process. When it's done, you'll be shown your server URLs for using Roundcube and the administrative panel, iRedAdmin.
Congratulations, you're about ready to launch iRedMail. Reboot your server and let's check out what we've created.
In your browser, visit your webmail address, e.g. http://yourexampledomain.com/mail. You'll be greeted with the Roundcube login screen.
When you log in, you'll see the Roundcube mailbox console:
Click Compose to send your first message:
We'll explore Roundcube and its customization options further in an upcoming tutorial.
Now, let's explore the administration panel for iRedMail. Visit http://yourexampledomain.com/iredadmin to see the back-end login panel:
When you log in, you'll see the iRedAdmin Dashboard:
Here, you can manage domains and accounts configured for your mail server:
And you can manage administrators:
Using the Add menu, you can add users:
In the next tutorial, I'll walk you through additional configurations of iRedMail and explore its administration back-end console.