Running your own Mail Server with iRedMail


apt-get update && apt-get -y dist-upgrade && apt-get clean

hostnamectl set-hostname mail
nano /etc/hosts
hostname

# get latest download link from http://www.iredmail.org/download.html
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.5-1.tar.bz2
tar jxf iRedMail-0.9.5-1.tar.bz2
cd iRedMail-0.9.5-1/
bash iRedMail.sh
# long wait
reboot


amavisd-new showkeys
# install dkim in domains DNS, name=dkim._domainkey type=TXT value="v=DKIM1; p=k32hkj..." (remove the quotes and spaces at line breaks)



# check for jessie-backports in /etc/apt/sources.list
apt-get -y install certbot -t jessie-backports
service nginx stop
certbot certonly --standalone -d mail.readycat.net
service nginx start
# test renewal, if OK add to cron
certbot renew --dry-run --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"
crontab -e
0   9   1   */2 *   certbot renew --quiet --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"
# 9am UTC is 4EST/5EDT

# add cert to configs via http://www.iredmail.org/docs/use.a.bought.ssl.certificate.html
nano /etc/postfix/main.cf

smtpd_tls_key_file = /etc/letsencrypt/live/mail.readycat.net/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.readycat.net/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.readycat.net/chain.pem

service postfix restart 

nano /etc/dovecot/dovecot.conf

ssl_ca =  { d => "readycat.net", a => 'rsa-sha256', ttl =>  7*24*3600 },
    #"spam-reporter@readycat.net"    => { d => "readycat.net", a => 'rsa-sha256', ttl =>  7*24*3600 },

    # explicit 'd' forces a third-party signature on foreign (hosted) domains
    "readycat.net"  => { d => "readycat.net", a => 'rsa-sha256', ttl => 10*24*3600 },
	"stereoscenic.com"  => { d => "readycat.net", a => 'rsa-sha256', ttl => 10*24*3600 },
    # ---- End domain: readycat.net ----

    # catchall defaults
    '.' => { a => 'rsa-sha256', c => 'relaxed/simple', ttl => 30*24*3600 },
} );

service amavis restart

# Send test email, grab raw headers, check them at https://toolbox.googleapps.com/apps/messageheader/analyzeheader
# Should see SPF: Pass and DKIM: Pass



# catchall
mysql -u root -p vmail
INSERT INTO alias (address, goto, domain) VALUES ('stereoscenic.com', 'andrew@stereoscenic.com', 'stereoscenic.com');
quit

# Copy / Forward
# create address first in iRedMail admin
# include original address in goto to still send a copy to original
mysql -u root -p vmail
UPDATE alias SET goto='original@domain.com,forward_1@example.com' WHERE address='original@domain.com';

Leave a Comment