Advertisement
  1. Code
  2. Email Applications
Code

Running Your Own Open Source Email Server: Administering iRedMail

by
Difficulty:IntermediateLength:MediumLanguages:
This post is part of a series called Running Your Own Open Source Email Server.
Running Your Own Open Source Email Server
Running Your Own Email Server: Customizing Roundcube
Final product image
What You'll Be Creating

This is part two of a tutorial series for Running Your Own Open Source Email Server. In this tutorial, I'll guide you through configuring and customizing iRedMail's administrative back-end console, iRedAdmin. You can use iRedAdmin to add domains, manage users and more. I'll also cover how to configure your DNS records to help your server coexist well with other mail servers and their spam filters.

Administering iRedMail With iRedAdmin

As we touched on briefly in part one, iRedAdmin is the free back-end administrative console for iRedMail. It's designed to help you only with the basics of managing your mail server. A more feature-rich premium version, iRedAdmin-Pro, is available from the iRedMail team.

You don't need to upgrade and I'm not encouraging you to, but here are some of the basics about the Pro edition:

The Premium Alternative: iRedAdmin Pro

Here's a portion of the feature comparison between the free and pro versions:

IRedMail Feature Comparison Between iRedAdmin Free and Pro

You can explore a demo version of iRedAdmin Pro here. Pricing for the Pro edition begins at $399 for a one year license:

iRedMail iRedAdmin Pro Pricing

Reviewing Our Configuration

You can review your iRedMail installation settings and credentials by browsing the iRedMail.tips file—wherever you moved it to for safe keeping:

It will provide you your initial administrator account information as well as the URL for logging into the administrative console. Here's an example copy and a portion of what it will look like:

Let's log in again and explore our administration panel for iRedMail. Visit http://yourdomain.com/iredadmin to see the back-end login panel:

iRedMail Administration Login

When you log in, you'll see the iRedAdmin Dashboard:

iRedMail Administration Dashboard

Adding a Domain

If we want our mail server to receive email for multiple domains, we can visit the Domains and Accounts page:

iRedMail Administration Domains

Click Add Domain and add your new domain name:

iRedMail iRedAdmin Add Domain Name

You'll be taken to the domain view page:

iRedAdmin Domain View

And, your new domain will appear back on the Domains list:

iRedAdmin Domains List

Of course, you'll need to add MX records with your domain name registrar for your new domain to route email to your iRedMail server. Here's an example:

Adding Users

From the Domains and Accounts page, click Add Users and provide the mailbox information for your next user:

iRedAdmin Add User

When you add them, you'll be taken to the User View page:

iRedAdmin View User

You can make a new user an Administrator by clicking Global Admin.

If you return to the Domains and Accounts page and click on the Domain view icon, you can then click on the Users thumbnail menu to see the users associated with the domain:

iRedAdmin Domain Users

And you can manage administrators with the Admin tab:

iRedMail Administration Admins

Configuring Catch-All User

I recommend you set up a catch-all mailbox with your iRedMail server. Whenever I sign up at websites, I use websitename@mydomain.com as the email registration address. This helps somewhat with minimizing the data mining between advertising services by email address. It can also help you identify the source of spam generated from third parties. I describe a few more ways to enhance personal privacy here.

You must configure this manually via the database in the free version of iRedAdmin. 

Follow these steps to configure a catch-all mailbox for your domain. Log in to your iRedMail server instance. Then, log in to mysql with your administrator password (also in the iRedMail.tips file listed above):

From MySQL, for each domain, provide the forwarding mailbox address to deliver to:

Configuring Mail Server Domain Records (DNS)

If you read So You'd Like to Send Some Email (Through Code) which I linked to in the last tutorial, you likely saw that mail servers are requiring a number of DNS settings to help them filter out likely spammers. To ensure the reliable delivery of mail from our own server, there are a few DNS settings we will want to customize.

Set Up a Reverse PTR Record

The iRedMail documentation does a good job of describing how Reverse PTR records work and why you need them:

The most common use for looking up a PTR record is done by spam filters. Concept behind this idea is that fly by night spammers who send e-mails out using fake domains generally will not have the appropriate reverse PTR setup at the ISP DNS zone. This criterion is used by spam filters to detect spam. If your domain does not have an appropriate reverse PTR record setup then chances are email spam filtering softwares MIGHT block e-mails from your mail server.

Reverse PTR records are configured by the owner of the IP address you're using, so this is likely your hosting provider. For example, in my case it's Digital Ocean, which configures your Reverse PTR automatically based on your server's hostname. Consult your hosting provider to determine the best way to configure your own Reverse PTR. 

If you're receiving mail for multiple domains, setting up the Reverse PTR record with a hosting provider may be more complicated.

Set Up DomainKeys Identified Mail (DKIM)

Coding Horror describes how your server uses DKIM to help other mail servers trust you:

With DKIM, you "sign" every email you send with your private key, a key only you could possibly know. And this can be verified by attempting to decrypt the email using the public key stored in your public DNS records.

iRedMail makes this fairly easy. From Terminal, type the amavisd showkeys command (for some servers it's amavisd-new):

#amavisd-new showkeys

This will display the keys which iRedMail has configured for your server. These are the DNS settings that you need to add to configure DKIM successfully. Add these records with your DNS provider:

Set Up an SPF / Sender Id Record

SPF is a spam and phishing scam fighting method which uses DNS SPF-records to define which hosts are permitted to send e-mails for a domain. This setting is reportedly less important.

You can use the Microsoft wizard to generate an SPF DNS record for your domain. It will likely look something like this:

Securing Your Server

I recommend reviewing my Securing Your Server tutorial at Tuts+. I highly recommend implementing and restricting login to SSH keys and disabling password-based login.

Next, let's double check that your SMTP server is not open to the public, i.e. exposed to spammers. Visit a tool like SpamHelp's Open Relay Test:

IRedMail Security SMTP Open Relay Test

Enter your mail hostname or IP address and click Test. We want to see the Error - could not connect to server result. This ensures that our SMTP server is NOT open to spammers.

A Note on Backups

Your e-mail is vitally important to you. Make sure you back up your server. There are a number of approaches to this which I won't delve into here. For example, my provider Digital Ocean offers automated backups for a small surcharge on each droplet or instance. If you're using Amazon AWS, Skeddly provides automated backups as a service. AWS's RDS database instances provide automated backups on their own. You can also explore backing up email through mail protocols—see GMail and IMAP backup services.

Keep in mind that each backup you create introduces potential security vulnerabilities and attack vectors between hackers and your email.

What's Next?

In the next tutorial, I'll guide you through customizations and configurations you can make with the Roundcube web-based email client.

Please post any comments, corrections or additional ideas below. You can browse my other Tuts+ tutorials on my instructor page or follow me on Twitter @reifman.

Related Links

Advertisement
Advertisement
Looking for something to help kick start your next project?
Envato Market has a range of items for sale to help get you started.