How to Easily Set up a Full-Fledged Mail Server on Ubuntu 16.04 with iRedMail

Setting up your own mail server from scratch on Linux is complex and tedious, until you meet iRedMail. This tutorial is going to show you how you can easily and quickly set up a full-fledged mail server on Ubuntu 16.04 with iRedMail under 30 minutes.

What is iRedMail?

iRedMail is a shell script that automatically install and configure all necessary mail server components on your Linux/BSD server and thus eliminates manual installation and configuration. Supported OS are as follows:

  • RHEL/CentOS
  • Debian/Ubuntu
  • FreeBSD/OpenBSD

Open-source software used in iRedMail:

  • Postfix SMTP server
  • Dovecot IMAP server
  • Apache, Nginx
  • OpenLDAP, ldapd
  • MySQL/MariaDB, PostgreSQL
  • Amavised-new
  • SpamAssassin
  • ClamAV
  • Roundcube webmail
  • SOGo Groupware
  • Fail2ban
  • Awstats
  • iRedAPD Postfix policy server

iRedMail features:

  • All components are open-source.
  • TLS is enabled by default. SMTP/IMAP over TLS, HTTPS webmail
  • Create as many virtual mailboxes as you want in a web-based admin panel.
  • Stores mail accounts in OpenLDAP, MySQL/MariaDB, or PostgreSQL.

It is recommended that you follow the instructions below on a clean install of Ubuntu 16.04 system that has at least 2GB of RAM, as after the installation your server will use more than 1GB of RAM. Don’t run this iRedMail server alongside your website or blog on the same machine, unless you are confident that you can restore the virtual host file for your website or blog, because the installation process will break your existing virtual hosts. If you need to do this on a VPS, then I recommend Linode, from which you can get a 2GB VPS for only 10 USD per month. Without further ado, let’s get started.

Before the Installation

First, make sure your server IP isn’t listed in any email blacklist. You can go to and to check your server IP address. If it’s in a blacklist, you can delete your VPS instance in Linode and create a new one. As Linode uses an hourly billing model, you won’t be charged by month, but by how many hours you used, which makes it convenient to delete a VPS instance.

Once you have a server with good IP reputation, SSH into your Ubuntu 16.04 server and update all software.

sudo apt update;sudo apt upgrade

Then set a fully qualified domain name (FQDN) for your server with the following command.

sudo hostnamectl set-hostname

We also need to update /etc/hosts file.

sudo nano /etc/hosts

Edit it like below: localhost

Save and close the file. To see the changes, re-login and use the following command to see your hostname.

hostname -f

Don’t forget to set MX record and A record for your domain name. The MX record should point to your mail server’s FQDN,

Record Type    Name      Value

MX             @

The A record points to your mail server’s IP address.

Record Type    Name     Value

A              mail     IP-address-of-mail-server

If your server uses IPv6 address, be sure to add AAAA record.

Setting up a Mail Server on Ubuntu 16.04 with iRedMail

Next, download the iRedMail Bash installer with wget. At the time of writing, the latest version of iRedMail is 0.9.7, released on July 1, 2017. Please go to iRedMail download page (  to check out the latest version.


Extract the tarball.

tar xvf iRedMail-0.9.7.tar.bz2

Then cd into the newly created directory.

cd iRedMail-0.9.7/

Add executable permission to the script.

chmod +x

Next, run the Bash script with sudo privilege.

sudo bash

The ncurse-based setup wizard will appear. Select Yes.

iredmail ubuntu 16.04

The next screen will ask you to select the mail storage path. You can use the default one /var/vmail.

iredmail ubuntu

Next, choose your preferred web server: Apache or Nginx. You need to use up and down arrow and press the spacebar to select.

iredmail installation

Then select the storage backend. Choose one that you are familiar with. This tutorial chose MariaDB.

iredmail server

If you selected MariaDB or MySQL, then you will need to set the MySQL root password.

iredmail ubuntu setup

Please note that if you selected MariaDB, then you don’t need password to log into MariaDB shell. Instead of running the normal command:

mysql -u root -p

you can run the following command to login, with sudo and without providing MariaDB root password. This is because MariaDB uses unix_socket authentication plugin, which allows users to use OS credentials to connect to MariaDB. But you still need to set root password in iRedMail setup wizard.

sudo mysql -u root

Next, enter your first mail domain. You can add multiple mail domains later in the web-based admin panel. This tutorial assumes that you want an email account like [email protected], in that case, you need to enter here, without sub-domain.

email server software

Next, set a password for the mail domain administrator.

install iredmail ubuntu

Choose optional components.

install iredmail server

Now you can review your configurations. Type Y to begin the installation of all mail server components.

install iredmail on ubuntu 16.04

At the end of installation, choose y to use firewall rules provided by iRedMail and restart firewall.

install iredmail server on ubuntu 16.04

Now iRedMail installation is complete. You will be notified the URL of webmail, SOGo groupware and web admin panel and the login credentials. The file contains important information about your iRedMail server.

* URLs of installed web applications:
* - Roundcube webmail: httpS://
* - SOGo groupware: httpS://
* - Web admin panel (iRedAdmin): httpS://
* You can login to above links with below credential:
* - Username: [email protected]
* - Password: *********
* Congratulations, mail server setup completed successfully. Please
* read below file for more information:
*   - /home/gourd/iRedMail-0.9.5-1/
* And it's sent to your mail account [email protected]
********************* WARNING **************************************
* Please reboot your system to enable all mail services.

Reboot your Ubuntu 16.04 server.

sudo shutdown -r now

Once your server is back online, you can visit the web admin panel.

Because it’s using a self-signed TLS certificate, so you need to add security exception. Login with the postmaster mail account.

iredmail web admin panel

In the Add tab, you can add multiple domains or mail users.

iredmail add mailboxes

After you create a user, you can visit the Roundcube webmail address and login with the new mail user account.

iredmail roundcube

And test email sending and receiving. Please note that you may need to wait for a few minutes to receive emails because greylisting is enabled by default. You can change password and create filter in RoundCube.

Installing Let’s Encrypt TLS Certificate

Since the mail server is using a self-signed TLS certificate, both desktop mail client users and webmail client users will see a warning. To fix this, we can obtain and install a free Let’s Encrypt TLS cert.

Obtaining the Certificate

First, install Let’s Encrypt (certbot) client on Ubuntu 16.04.

sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot

The Apache and Nginx configuration directories are heavily modified by iRedMail, so here I recommend using the webroot plugin, instead of using apache or nginx plugin, to obtain certificate. Run the following command. Replace red text with your actual data.

sudo certbot certonly --webroot --agree-tos --email your-email-address -d -w /var/www/html/

You will see the following text indicating that you have successfully obtained a TLS certificate. Your certificate and chain have been saved at /etc/letsencrypt/live/ directory.

Let's encrypt free tls certificate

Installing the Certificate

After obtaining a TLS certificate, let’s configure web server to use it.


If you use Apache web server, then edit the default virtual host file.

sudo nano /etc/apache2/sites-available/000-default.conf

Add the following 3 lines above </VirtualHost>.

RewriteEngine on
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

The above 3 directives will redirect HTTP connection to HTTPS. The rewrite module needs to be enabled for them to work, which is achieved by executing the following command.

sudo a2enmod rewrite

Then edit the https version of the default virtual host.

sudo nano /etc/apache2/sites-available/default-ssl.conf

Find the following 2 lines.

SSLCertificateFile /etc/ssl/certs/iRedMail.crt
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key

We need to replace the self-signed certificate with Let’s Encrypt issued certificate. So the above two lines need to be changed to the following.

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

Save and close the file. Then reload Apache web server.

sudo systemctl reload apache2

Now if you visit iRedMail admin panel or Roundcube webmail again, you shall see a green lock in the browser address bar.


If you use Nginx, then edit the SSL template file.

sudo nano /etc/nginx/templates/ssl.tmpl

Find the following 2 lines.

ssl_certificate /etc/ssl/certs/iRedMail.crt;
ssl_certificate_key /etc/ssl/private/iRedMail.key;

Replace them with:

ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

Save and close the file. Then test nginx configuration and reload.

sudo nginx -t

sudo systemctl reload nginx

Visit iRedMail admin panel or Roundcube webmail again, you shall see a green lock in the browser address bar.

Configuring Postfix and Dovecot

We also need to configure Postfix and Dovecot to use the Let’s Encrypt issued certificate so that desktop mail client won’t display security warning. Edit the main configuration file of Postfix.

sudo nano /etc/postfix/

Find the following 3 lines. (line 95, 96, 97).

smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt

Replace them with:

smtpd_tls_key_file = /etc/letsencrypt/live/
smtpd_tls_cert_file = /etc/letsencrypt/live/
smtpd_tls_CAfile = /etc/letsencrypt/live/

Save and close the file. Then reload Postfix.

sudo postfix reload

Next, edit the main configuration file of Dovecot.

sudo nano /etc/dovecot/dovecot.conf

Fine the following 2 lines. (line 47, 48)

ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key

Replace them with:

ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/

Save and close the file. Then reload dovecot.

sudo dovecot reload

From now on, desktop mail users won’t see security warnings.

Auto Renew TLS Certificate

To auto renew certificate, simply open root user’s crontab file.

sudo crontab -e

Then add the following line at the bottom of the file.

@daily letsencrypt renew --quiet && /usr/sbin/postfix reload && /usr/sbin/dovecot reload && systemctl reload apache2

If you use Nginx, then replace systemctl reload apache2 with systemctl reload nginx. Reloading is necessary to make these programs pick up the new certificate and private key.

Creating PTR, SPF, DKIM Records

To prevent your emails from being flagged as spam, you should set PTR, SPF and DKIM records.

PTR record

A pointer record, or PTR record, maps an IP address to a FQDN. It’s the counterpart to the A record and is used for reverse DNS lookup. Reverse resolution of A record with PTR record can help with blocking spammers. Many MTAs accept email only if the server is really responsible for a certain domain.

To check the PTR record for an IP address:

dig -x <IP> +short


host <IP>

Because you get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider and its value should be your mail server’s hostname: If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address.

SPF Record

SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain.

In your DNS management interface, create a new TXT record like below.

TXT  @   v=spf1 mx ~all

create spf record in DNS


  • TXT indicates this is a TXT record.
  • Enter @ in the name field.
  • v=spf1 indicates this is a SPF record and the SPF record version is SPF1.
  • mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
  • ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.

Note that some DNS managers require you to wrap the SPF record with quotes like below.

TXT  @   "v=spf1 mx ~all"

To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:

dig txt

The txt option tells dig that we only want to query TXT records.

DKIM Record

DKIM (DomainKeys Identified Mail) use a private key to add a signature to emails sent from your domain. Receiving SMTP servers verify the signature using the pubic key published in your DNS manager.

The iRedMail script automatically configured DKIM for your server. The only thing left to do is creating DKIM record in DNS manager. Open the file under iRedMail-0.9.7 directory.

sudo nano

Scroll down to DNS record for DKIM support section.

iredmail DKIM

Then in your DNS manager, create a TXT record, enter dkim._domainkey in the name field. Copy everything in the parentheses and paste into the value field. Delete all double quotes and white spaces.

iredmail dkim record

After creating PTR, SPF, DKIM record, go to You will see a unique email address. Send an email from your domain to this address and then check your score.

DMARC test can only show you a sender score. There’s a better service called GlockApps that allow you to check if your email is landed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc.

spam test

Adding Multiple Mail Domains

If you want to add another mail domain, then you need to

  • add a new mail domain and user in iRedMail admin panel.
  • create MX, A and SPF record for the new mail domain.
  • tell amavisd to sign email messages for the new domain.

Add MX record like below.

Record Type    Name      Value

MX             @

The A record points to your mail server’s IP address.

Record Type    Name     Value

A              mail     IP-address-of-mail-server

If your servers uses IPv6 address, be sure to add AAAA record.

Then create SPF record to allow the MX host to send email for the new mail domain.

Record Type    Name      Value

TXT            @         v=spf1 mx ~all

Next, you need to tell amavisd to sign every email message for the new mail domain. You can use the existing private key to sign the new domain. Edit /etc/amavis/conf.d/50-user file.

sudo nano /etc/amavis/conf.d/50-user

Find the following lines in the file.

@dkim_signature_options_bysender_maps = ( {
    ""  => { d => "", a => 'rsa-sha256', ttl => 10*24*3600 },

Add the following line to tell amavisd to sign with the same private key. Note that is your second mail domain. is the first mail domain.

"" => { d => "", a => 'rsa-sha256', ttl => 10*24*3600 },

So the configurations will be changed to the following.

@dkim_signature_options_bysender_maps = ( {
    ""  => { d => "", a => 'rsa-sha256', ttl => 10*24*3600 },
    "" => { d => "", a => 'rsa-sha256', ttl => 10*24*3600 },

Save and close the file. Then restart amavisd.

sudo systemctl restart amavis

Since we are using the the same private key for signing, there’s no need to add DKIM record for the new domain. Reverse DNS check is used to check if the sender’s IP address match the HELO hostname (the hostname you set at the beginning of this tutorial), so you don’t need to add another PTR record when adding a new mail domain. Now you can use the new domain to send and receive emails. Don’t forget to test your score at

Using Separate Domain for RoundCube

It makes sense to let users of the first domain use and users of the second domain use when using RoundCube webmail. All you need to do is create another virtual host in Apache or another server block in Nginx. However, as I said before, the Apache/Nginx directory structure is heavily modified by iRedmail, which makes the process a little complicated.

Don’t worry, just follow the instructions below if you use Nginx. (I currently don’t use Apache on my mail server, so I can’t show the exact step for Apache users, but the idea applies to Apache. You just need to change a few things to make it work.)

Change working directory to /etc/nginx/.

cd /etc/nginx/

Create a blank server block file for the second domain in /etc/nginx/sites-enabled/ directory.

sudo touch sites-enabled/

Copy the default HTTP site configurations to the file.

cat sites-conf.d/default/* | sudo tee -a sites-enabled/

Copy the default SSL site configurations to the file.

cat sites-conf.d/default-ssl/* | sudo tee -a sites-enabled/

Edit the file.

sudo nano sites-enabled/

Make the following changes.

  • Wrap all configurations with server {...} block.
  • Change the vaule of server_name to
  • Comment out include /etc/nginx/templates/redirect_to_https.tmpl;.
  • Comment out include /etc/nginx/templates/ssl.tmpl; .
  • Comment out duplicate lines.

Now the file looks like below.

iredmail multiple domains ssl

Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx.

sudo systemctl reload nginx

Install Certbot Nginx plugin.

sudo apt install python-certbot-nginx

Obtain and install a free Let’s Encrypt certificate by using the Nginx plugin.

sudo certbot --nginx --agree-tos --redirect --staple-ocsp -d --email your-email-address

Now you should be able to use separate domains to access RoundCube webmail.

That’s it! I hope this tutorial helped you set up a mail server with iRedMail on Ubuntu 16.04. Subscribe to our free newsletter to get latest Linux tutorials. You can also follow us on Google+Twitter or like our Facebook page.

Rate this tutorial
[Total: 84 Average: 3.8]

96 Responses to “How to Easily Set up a Full-Fledged Mail Server on Ubuntu 16.04 with iRedMail

  • Michael B.
    4 months ago

    ### EDIT ####
    never mind! got SSL interception enabled – installed certificate and works right now 🙂

    I have tried to install iRedMail-0.9.6:
    during installation I get following error:

    Err:7 xenial/xenial amd64 Packages
      server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
    Ign:8 xenial/xenial i386 Packages
    Ign:9 xenial/xenial all Packages
    Ign:10 xenial/xenial Translation-en
    Ign:11 xenial/xenial Translation-en_GB
    Reading package lists... Done
    W: The repository ' xenial Release' does not have a Release file.
    N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
    N: See apt-secure(8) manpage for repository creation and user configuration details.
    E: Failed to fetch  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

    any one else with that?
    only happens when SGO(webmail, calendar,..) is selected from setup.

    Ubuntu 16.04.2 LTS
    clean install

    ### EDIT ####
    never mind! got SSL interception enabled – installed certificate and works right now 🙂

  • Chris Amow
    4 months ago

    Awesome post! Thanks Xiao Guoan!
    A setup like this has been long overdue – I’m planning to switch over.
    Would I be able to set this up before I switch the domain over? (So I can configure everything and make sure it is running smoothly by testing against the ip address and then finally doing the switch for minimal downtime.)

  • David Bucknell
    4 months ago

    Thank you very much Xiao Guoan!
    Ok. I found in the mail. Working on dkim now.
    Thank you!

  • how do you access the pop3 or imap?

  • Hello! this is a great post. I had the mail server setup within 30 mins. I used my own SSL certs from sslforfree website. I created a user apart from postmaster and Im able to send emails between the new user and postmaster but mails are not passing thro if I use the SMTP server locally. I tried using the and also the ip address of the linux machine. This is a private mailserver which I use within my home network (subnet). Although I can access webmail from any server in that subnet. Are the messages blocked somewhere in the fail2ban? I have abt 17 ports open including ports 587, 25 etc

  • Xiao, thank you for this tutorial. I am new to Ubuntu and Linux but your guide makes it look easy. My question before I try this is, will this tutorial work the same on Ubuntu as a guest OS running in virtual box? Thank you

  • Hello and thanks for this great tutorial.
    Everything goes well but when i try to log in to iredadmin the server return error 404 not found.
    the roundcube works perfect.
    any suggestions ?
    Ubuntu 16.04

    • Xiao Guo-An (Admin)
      4 months ago

      Please add more details to your situation, like what web server you use (Apache or Nginx). If possible, upload a screenshot and check your web server error log.

  • Lucas M4C
    4 months ago

    Hello, excuse me for my lousy English …

    I set up iredmail with multiple domains, and until now everything worked! But I wanted to know how to add a custom url for each domain, each with its own SSL certificate.

    Can someone help me?

  • This is an excellent guide, except for one fatal flaw in iRedmail which I discovered to my chagrin. I already run a server with letsencrypt, so I thought I could just add to the letsencrypt-auto –apache script. Although this gave me SSL access for the subdomain, it replaced the previously working iRedmail and Roundcube with the 404 page and my homepage respectively.

    What can I do to get roundcube and iRedmail back?

  • masked pro
    4 months ago

    Dear Friends,

    is there anyone here who can assist set up my mail server? I have purchased a linux VPS from qhoster and i have 2 extra IP. I have also bought a domain from google.

    I want to be able to send unlimited emails.

  • Will this overwrite existing mysql databases and settings? Is it possible to skip the mysql section if it is already installed and functional?

    • Xiao Guo-An (Admin)
      4 months ago

      I think it will create new database but not overwrite your existing database. You can backup your existing database before installing iRedMail to be on the safe side.

    • JonHain
      4 months ago

      Ok – I’ll do good backups before installing. Thanks.

  • This broke my other ssl enabled sites. Don’t recommend using this on any webserver.

    • “my other ssl enabled sites” indicates you did this on a previously configured server. I think maybe you overlooked the bold here:

      “It is recommended that you follow the instructions below on a CLEAN INSTALL of Ubuntu 16.04 system that has at least 2GB of RAM”

      You should read prerequisites before trying to discredit someone’s work.

    • zacgarby1
      4 months ago

      You don’t need to be so defensive, he’s just trying to be helpful :/

  • Harshil Gupta
    4 months ago

    I am not using any hosting service. The mail server is created in the lab. My os is ubuntu 16.04.
    How to achieve PTR stuff.

    • phishing frenzy
      4 months ago

      Harshil, the PTR record should be done by your ISP. For example ISP gave u an IP and you bought a domain name, but your host name is, you pass to your isp technician they should be able to configure for you

    • Harshil Gupta
      4 months ago

      I got the point.
      Thank you 🙂

  • Andrew Hansen
    4 months ago

    Hi Thanks for this, I set it up on my Ubuntu server and all seems to be running fine now. I did have a syntax error in sudo nano /etc/apache2/sites-available/000-default.conf when I added these 3 lines RewriteEngine on
    RewriteCond %{SERVER_NAME}
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

    When I restarted Apache it came up with this error: syntax error on line 29 of /etc/apache2/sites-enabled/000-default.conf: invalid command ‘rewriteengine’, perhaps misspelled or defined by a module no action ‘configtest’ failed.

    I remmed out those 3 lines and everything seems to be working fine, is there something I did wrong and is there something I need to do to fix this.

  • Hi Xiao, i followed the steps in this tutorial on a server already running apache, php and mysql with a let’s encrypt SSL certificate, everything went well during the installation but i can not access it shows the error The requested URL /iredadmin/ was not found on this server. but ?mail shows the roundcube login page. what could i be doing wrong

  • Michel1504
    4 months ago

    Thanks for the guide i installed it perfectly. got 10/10 out of mailtester. Next step is connection with ldap / ms ad or samba4. I tried to follow but got stuck at dovecot. and finding config files for rouncube (ngnix other place ?) and missing guide for sogo. do you have any plans to make a guide for that ?

  • Daniel Papa
    4 months ago

    Hello Xiao, this tutorial helped me very well in setting up an email server. I’m a newbie in linux and I had to do it because the boss does not want any MS licences purchased. I have two concerns though: 1) it seems that my ISP is blocking port 25, I am planning to use 2525, but can you tell me where should I configure this? I really need this to work; 2) I have three domains, I successfully created three mail domains based on your tutorial, however users from domain B and C can login to and vice versa, how do I prevent this? Thank you so much!

  • benisameme
    4 months ago

    I set this thing up and I can recive email but if I send anything it gets lost into the dark abyss of cyber space plz help.
    – Ben

  • zacgarby1
    4 months ago

    Hi, I’m wondering why I have to set my hostname to `` instead of `` as it was previously. I’m not an expert, but since this is the same server I host a HTTP server on, won’t setting the hostname to `` make it so people have to access my website using ``?

    • Xiao Guo-An (Admin)
      4 months ago

      This hostname will be used by your mail server. It has nothing to do with website address. Please note that iRedMail will change the web server configuration directory. Your website may stop working. You can bring it up with a little work, but I recommend that you back up web server configurations.

    • zacgarby1
      4 months ago

      Ah okay, thanks. What I don’t get is: isn’t the hostname system-wide? It’s also a bit annoying when I ssh in and the prompt says [email protected] instead of [email protected] (my previous hostname was

    • Xiao Guo-An (Admin)
      4 months ago

      Yes, it’s system-wide, but almost always your Apache virtual host or Nginx server block is configured to use a different value. The Bash shell by default only shows the leftmost part of your hostname.

    • zacgarby1
      4 months ago

      Right, that makes sense! Thank you

  • hey bro got to the part when you are about to install lets encrypt….. been trying to send test emails to and from and am not getting anything at all…. everything seems to be up and working fine

    • casedup
      4 months ago

      update… able to send from roundcube to gmail. but replying doesnt seem to be getting anywhere… ive tried reading through the original messages sent from gmail but cant get any errors to show…

  • Displace Ignorance with Facts
    4 months ago

    Hi, I’m curious. The guide was fantastic! But since you have a lot of experience doing this, how much would you charge to set it up? It would be a linode and have domain name already. Very curious but extremely serious and will pay.

    • Xiao Guo-An (Admin)
      4 months ago

      Hi, it will be a fixed price of 35 USD. If interested, contact me via email. My email address can be found on the “Contact Us” page.

  • Xiao, thank you so much for your process here. I had a couple hiccups but in the end got the mail server running. Wonderful write-up, plenty of great information.

  • Hi, I cant get past this please help.
    [ INFO ] Installing package(s): postfix postfix-pcre mariadb-client mariadb-server postfix-mysql libdbd-mysql-perl php-json php-gd php-mcrypt php-curl mcrypt php-intl php-xml php-mbstring php-mysql nginx-full php-fpm dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-sieve dovecot-mysql amavisd-new libcrypt-openssl-rsa-perl libmail-dkim-perl clamav-freshclam clamav-daemon spamassassin altermime arj zoo nomarch cpio lzop cabextract p7zip-full rpm ripole libmail-spf-perl unrar-free pax lrzip python-sqlalchemy python-dnspython python-mysqldb python-pymysql python-jinja2 python-netifaces python-webpy python-beautifulsoup python-lxml python-pycurl uwsgi uwsgi-plugin-python python-bcrypt awstats fail2ban bzip2 acl patch cron tofrodos logwatch unzip bsdutils liblz4-tool
    Reading package lists…
    Building dependency tree…
    Reading state information…
    Package zoo is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

    Package php-mcrypt is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

    E: Package ‘php-mcrypt’ has no installation candidate
    E: Package ‘zoo’ has no installation candidate
    <> Installation failed, please check the terminal output.
    <> If you’re not sure what the problem is, try to get help in iRedMail
    <> forum:

  • Paul Fisher
    3 months ago

    Can this be done on an 18.04 installation as well?

  • Inbound takes a long time to deliver

  • Shubhankit Mishra
    3 months ago


    i followed these steps now i can send the emails but when i am sending mails from gmail to this server mails are not coming in inbox. i created a @ mx record pointing to mail.mydomain.tld . Please help.

    • Hi, greylisting will delay incoming email for a few minutes. You can check your mail log with sudo nano /var/log/mail.log. If you see a mail address is greylisted, the emails will be delayed.

    • Also make sure you create an A record for mail.yourdomain.tld.

  • Shubhankit Mishra
    3 months ago

    Is it possible to create mx record without creating a record?? Obviously i created a A record mail.domain.tld. And delay after 6 hours i have not received any mail. How long??

    • If you created MX and A record correctly, then Gmail can find your mail server. Greylisting will delay emails no more than 15 minutes. Can you paste your mail log in the comments? Also can you tell me your domain just to make sure I can verify your MX and A records?

  • Shubhankit Mishra
    3 months ago

    You can find the log here:-

    • Shubhankit Mishra
      3 months ago

      and my domain is

    • Hi, looks like you are using AWS. Please go to AWS web-based console and set firewall to allow incoming traffic to the following ports:

      TCP port 25 (smtp),
      TCP port 587 (submission)
      TCP port 993 (imaps)
      TCP port 995 (pop3s).

  • Shubhankit Mishra
    3 months ago

    oh shit!
    i forgotten to take care of these.. now working thanks.. your tutorial was awesome…

  • Hello, how can I take off redirect to /mail when browsing

    I want it to redirect to my website.


    • Hi, looks like you didn’t follow this tutorial exactly as I told. You need to find your virtual host configuration file for and replace it with the original one.

  • I am using nginx, I did every step.

    • Following this tutorial, you should be able to access your webmail from If you installed iRedmail alongside your website on the same machine, which broke your website, you should create a virtual host file for your website in /etc/nginx/sites-enabled directory, then reload Nginx. That will restore your website.

  • hi,

    I have the same problem as Zard with zoo and mcrypt. Insatlling on Ubuntu 18.04 LTS. Any pointers are greatly appreciated.


  • Jason Ramos
    3 months ago

    I followed this tutorial on out DigitalOcean Ubuntu 16.04 LTS server using the Nginx web server and OpenLDAP account storage. Everything seems to be working fine except for the sending of email, even from one internal email to another on our own system. My spam result tests show that our DigitalOcean droplet has a blacklisted IP in two cases. That would easily explain why our email isn’t hitting external inboxes. I tried sending to my personal gmail and AOL accounts and both received nothing.
    This is the error I receive from the Mailer Daemon trying to send to my AOL address. Sending to either the internal email or my personal gmail yields nothing.
    Its clear that the server is sending something out when I try to email my AOL address but it is still being refused, and I cannot send anything internally either. I’m not sure what I’m missing and any help is appreciated.

    • Jason Ramos
      3 months ago


    • Jason Ramos
      3 months ago

      Seems the issue was on DigitalOcean’s side, nevermind 🙂 Great tutorial.

  • Hi! Great tutorial, everything looks great, except for one thing: I cannot send mails. Receiving is fine, I’ve done many tests, but I can’t send anything. On the mail.log file, the problem appears to be “connection timed out” and after a little digging, I found that some ISP are blocking SMTP port 25 for outbound traffic. I tried tweaking the postfix configuration files, but no luck. Any suggestions?

  • What is the best method to encrypt emails at rest on your server. Has anybody tried this, for example?

  • Thanks for a great guide!

    The guide worked perfectly to me, until the section: Using Separate Domain for RoundCube. It seems to my like some changes have been made from iRedMail-0.9.7 to iRedMail-0.9.8 in the Nginx configuration. At least the /etc/nginx/sites-conf.d/default/ are not to be found on my setup.

    Any ideas for getting the new certificate right for a second (and third) domain? – Thanks!

  • thanks for this but i have 1 problem. everytime i email rather send it always direct to spam not in inbox. ill test in mail tester its 10/10 so whats the problem

  • Low Chan saechao
    3 weeks ago

    Thank you very much for this tutorial! I have successfully setup my self-hosted mail server using your instructions. They were clear and the screen shots were very helpful.

    Thank you for the Spam Tester website, it helped me troubleshoot that i needed another TXT entry for DKIM.

    I am behind Comcast internet, last thing i need to do is call Comcast up to update their Reverse DNS to my domain.

    Again thank you!

    2 weeks ago

    Simply fantastic. THANKS.
    I have mail.server.xx with three domains. They receive very well any email from any sender inclusive between themselves. When I send to hotmail (sample) emails go to SPAM but is because AMAZON don’t respond me petition yet. I can use command line too to send. But, please, how about settings for email sending through RAILS app?, example in AWS SES:

        from: '[email protected]'
        to:   '[email protected]'
          host: ''
          port: 587
          authentication: 'plain'
          login: 'AKIAIT7A'
          password: 'ZD4UqEIoFPphB'
          domain: ''

    But, here, how must be the params? THANKS in advance

  • Hello,

    I tried to install iRedMail 0.9.8 on Amazon EC2 with OpsWorks Stack on Ubuntu 16.04.

    During the installation it shows the message that the user “iredadmin” isn’t available.
    After restarting server iRedAdmin page shows a 502 Bad Gateway

    Checking locks an running services shows that uwsgi service isn’t running.
    Starting this service shows following error:

    ● uwsgi.service - LSB: Start/stop uWSGI server instance(s)
       Loaded: loaded (/etc/init.d/uwsgi; bad; vendor preset: enabled)
       Active: failed (Result: exit-code) since Fri 2018-09-14 11:32:16 UTC; 3s ago
         Docs: man:systemd-sysv-generator(8)
      Process: 4194 ExecStart=/etc/init.d/uwsgi start (code=exited, status=1/FAILURE)

    I tried to add the default ubuntu source.list but it does not solve this problem.
    Did anyone have an idea?

    Thanks a lot.


    • Chris
      2 weeks ago

      here the detail message during installation message:

      * Start iRedMail Configurations
      [ INFO ] Create self-signed SSL certification files (2048 bits).
      [ INFO ] Generate Diffie Hellman Group with openssl, please wait.
      [ INFO ] Create required system account: vmail, iredadmin, iredapd.
      [ INFO ] Configure Apache web server.
      [ INFO ] Configure PHP.
      [ INFO ] Configure MySQL database server.
      [ INFO ] Setup daily cron job to backup SQL databases with /var/vmail/backup/
      [ INFO ] Configure Postfix (MTA).
      [ INFO ] Configure Dovecot (POP3/IMAP/Managesieve/LMTP/LDA).
      [ INFO ] Configure ClamAV (anti-virus toolkit).
      [ INFO ] Configure Amavisd-new (interface between MTA and content checkers).
      [ INFO ] Configure SpamAssassin (content-based spam filter).
      [ INFO ] Configure iRedAPD (postfix policy daemon).
      [ INFO ] Configure iRedAdmin (official web-based admin panel).
      chown: invalid user: 'iredadmin:iredadmin'
      chown: invalid user: 'iredadmin:iredadmin'
      [ INFO ] Configure Fail2ban (authentication failure monitor).
      [ INFO ] Configure Roundcube webmail.
      [ INFO ] Configure Awstats (logfile analyzer for mail and web server).
      * iRedMail-0.9.7 installation and configuration complete.
    • Check /etc/passwd file to see if iredadmin is there.

      cat /etc/passwd | grep iredadmin

      If the iredadmin user and group wasn’t created. You can manually create it with:

      sudo adduser --system --group iredadmin
    • Chris
      2 weeks ago

      sometimes it is so easy…

      thanks a lot, I added the user before installation.
      After that it works.

    1 week ago

    As I told you before, simply fantastic. I have a little trouble with outgoing messages from AWS. AWS told me “congratulations already you don’t have any limitation to send emails”, however, after 10 days, when I send emails still going to SPAM. In your experience, what can be the solution?

    This is data of an email sent to [email protected] from our new email server ([email protected]):

    Received: from
     (2603:10b6:903:32::30) by with HTTPS
     via CY4PR13CA0020.NAMPRD13.PROD.OUTLOOK.COM; Tue, 18 Sep 2018 05:57:02 +0000
    Received: from
     ( by
     ( with Microsoft SMTP Server (version=TLS1_2,
     cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.1164.13; Tue, 18
     Sep 2018 05:57:02 +0000
    Authentication-Results: spf=none (sender IP is;; dkim=fail (no key for signature);; dmarc=none action=none;
    Received-SPF: None ( does not designate
     permitted sender hosts)
    Received: from ( by ( with Microsoft SMTP
     Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
     15.20.1164.13 via Frontend Transport; Tue, 18 Sep 2018 05:57:02 +0000
    X-IncomingTopHeaderMarker: OriginalChecksum:525C20036D31AB2DC9A90D376982D7369723C7121FBBC90AA3953A7797B6726C;UpperCasedChecksum:8360550425E74F06D402823FB27A4238C2EEEFC123C24361C5923563F8CFEEA2;SizeAsReceived:1720;Count:16
    Received: from ( [])
    	by (Postfix) with ESMTP id 579CC11F05
    	for ; Tue, 18 Sep 2018 05:57:01 +0000 (UTC)
    Authentication-Results-Original: (amavisd-new); dkim=pass
    	reason="pass (just generated, assumed good)"
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; h=
    	:mime-version; s=dkim; t=1537250217; x=1539842218; bh=YI4lHgh/xk
    	0oZwgyYN/6mTeHedX2ELHLLX3ZTqmdPxI=; b=cho/UPMBwOm64oGmucf/XjjSnG
    X-Virus-Scanned: Debian amavisd-new at
    Received: from ([])
    	by ( []) (amavisd-new, port 10026)
    	with ESMTP id SLRqLRo4RCa7 for ;
    	Tue, 18 Sep 2018 05:56:57 +0000 (UTC)
    Received: from ( [])
    	by (Postfix) with ESMTPSA id 6E3B511EC3
    	for ; Tue, 18 Sep 2018 05:56:55 +0000 (UTC)
    Content-Type: text/plain; charset=US-ASCII;
    Content-Transfer-Encoding: 7bit
    Date: Tue, 18 Sep 2018 00:56:55 -0500
    From: [email protected]
    Subject: ddd
    X-Sender: [email protected]
    User-Agent: Roundcube Webmail
    X-IncomingHeaderCount: 16
    Return-Path: [email protected]
    X-MS-Exchange-Organization-ExpirationStartTime: 18 Sep 2018 05:57:02.4628
    X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit
    X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
    X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit
    X-MS-Exchange-Organization-Network-Message-Id: cdd4aa71-c8e0-4129-eac8-08d61d2b8e1d
    X-EOPAttributedMessage: 0
    X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
    X-MS-Exchange-Organization-MessageDirectionality: Incoming
    X-Microsoft-Exchange-Diagnostics: 1;BN3NAM04FT007;1:lAa8yzCf+dHSvsrNgQ+zbleq2uRlDB2PeHOJq5NrQrpVk8VZ1LPSKaM5YNmpdUVUvuDq1Czr5uJQ32f///dmXxxPgICDIHDqsXKKCnZbm6CVSfgQ2IQaX9lgPNLqQ/O4
    X-Forefront-Antispam-Report: EFV:NLI;
    X-MS-Exchange-Organization-AuthAs: Anonymous
    X-MS-PublicTrafficType: Email
    X-MS-Office365-Filtering-Correlation-Id: cdd4aa71-c8e0-4129-eac8-08d61d2b8e1d
    X-MS-TrafficTypeDiagnostic: BN3NAM04HT223:
    X-MS-Exchange-EOPDirect: true
    X-SID-PRA: [email protected]
    X-SID-Result: NONE
    X-MS-Exchange-Organization-PCL: 2
    X-Exchange-Antispam-Report-Test: UriScan:;
    X-MS-Exchange-ATPSafeLinks-Stat: 0
    X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Sep 2018 05:57:02.3222
    X-MS-Exchange-CrossTenant-Network-Message-Id: cdd4aa71-c8e0-4129-eac8-08d61d2b8e1d
    X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
    X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT223
    X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5201989
    X-MS-Exchange-Processed-By-BccFoldering: 15.20.1143.017
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
    MIME-Version: 1.0

    *THANKS in advance*

    • From the email headers, I can see there’s no SPF set for your domain and DKIM failed. There’s no DKIM public key of your domain.

  • Ashutosh
    7 days ago

    It is not sending emails to godaddy mails also not receiving.

  • Bogdan
    7 days ago

    Check you IP/domain on

  • Ashutosh
    6 days ago

    i am getting[]:25, delay=190284, delays=190283/0.05/1.5/0, dsn=4.0.0, status=deferred (host[] refused to talk to me: 421 bizsmtp Temporarily rejected. Reverse DNS for failed. IB108  )
    • Godaddy’s mail server ( can’t find the PTR record of your IP address. Create A PTR record for

  • I don’t understand why it needs to install a web server? I just want email.

    Is this for configuration purposes? Why can’t I just do that via SSH and text configuration files?

    • The web server is needed to set up a webmail client, so you can access email in your web browser. If you don’t need that, you can disable the web server from running on your machine.

      This article did not say you can’t use SSH to install iRedMail on another machine.

    • Matt
      5 days ago

      I was looking at the screenshot of the install questions. It gave you a choice of which web server you want (nginx or Apache) but did not appear to offer the option of skipping the webserver all together.

    • iRedMail also comes with a web-based control panel that allows you to easily add email accounts, that also requires a web server. You may need this if you are not familiar with adding email accounts from the command line.

      You can disable or remove the web server after your email server is up and running, if you really don’t like having a web server on your machine.

  • I notice there is a step where you set a static IP address of the mail server.

    This is problematic. I was planning on running my server with a dynamic DNS service and not using IP addresses at all. Is this not possible?

    • With a dynamic IP address, you can’t set the PTR record, in which case you emails are more likely to land in spam folder or be rejected outright.

      If you plan to set up an email server in your home, ask your ISP if they can give you a static IP and if PTR record can be configured for your IP address.

      I think there’s another way around this: using a smart host (aka SMTP relay) to send email, but I haven’t tried that yet.

  • Raphael
    5 days ago

    I can recieve emails but no sending, log shows:

    Sep 21 19:01:29 mail postfix/smtp[7562]: connect to[2607:f8b0:400d:c0f::1b]:25: Connection timed out
    Sep 21 19:01:59 mail postfix/smtp[7562]: connect to[]:25: Connection timed out
    Sep 21 19:02:29 mail postfix/smtp[7562]: connect to[2800:3f0:4003:c00::1b]:25: Connection timed out
    Sep 21 19:02:59 mail postfix/smtp[7562]: connect to[]:25: Connection timed out 
  • Raphael
    4 days ago


  • Ashutosh
    4 days ago

    Can i change the smtp port from 25 to some other?
    currently i am getting

    Sep 22 16:42:49 mail postfix/qmgr[2195]: 507E241FA6: from=, size=1672, nrcpt=1 (queue active)                                                      
    Sep 22 16:42:50 mail postfix/smtp[3923]: connect to[2404:6800:4003:c03::1a]:25: Network is unreachable          
    Sep 22 16:43:20 mail postfix/smtp[3923]: connect to[]:25: Connection timed out                                                   
    Sep 22 16:43:50 mail postfix/smtp[3923]: connect to[]:25: Connection timed out                                             Sep 22 16:43:50 mail postfix/smtp[3923]: connect to[2607:f8b0:400e:c09::1b]:25: Network is unreachable 
    Sep 22 16:44:20 mail postfix/smtp[3923]: connect to[]:25: Connection timed out                                             Sep 22 16:44:20 mail postfix/smtp[3923]: 507E241FA6: to=, relay=none, delay=22948, delays=22857/0.03/91/0, dsn=4.4.1, status=deferred

    And is it possible to send mail through php code using SMTP

    • I’m afraid you can’t change what port Postfix uses to send outgoing email. Port 25 is required by the SMTP protocol.

      Yes, you can write PHP code to send email through your email server, although I’m not familiar with PHP programming.

    • Ashutosh
      3 days ago

      Actually I am using Azure VM, and azure doesn’t allow for port 25. they are recommending some other port like port 587 or 443. So if it is possible to change port for postfix smtp, please guide.

  • pushpendra
    1 day ago
    Sep 25 04:01:25 mail postfix/smtp[10881]: 350484338D: to=, relay=none, delay=1505, delays=1354/0.13/150/0, dsn=4.4.1, status=deferred (connect to[]:25: Connection timed out) 
    Sep 25 04:01:25 mail postfix/smtp[10879]: AEDBD43398: to=, relay=none, delay=1504, delays=1354/0.14/150/0, dsn=4.4.1, status=deferred (connect to[]:25: Connection timed out) 

    some time send mails to godaddy some time not.

  • niranjan
    1 day ago
    Sep 25 12:22:22 mail postfix/postscreen[4450]: CONNECT from []:32841 to []:25
    Sep 25 12:22:23 mail postfix/postscreen[4450]: PASS OLD []:32841
    Sep 25 12:22:23 mail postfix/smtpd[4464]: connect from[]
    Sep 25 12:22:24 mail postfix/smtpd[4464]: Anonymous TLS connection established from[]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    Sep 25 12:22:25 mail postfix/smtpd[4464]: NOQUEUE: reject: RCPT from[]: 451 4.7.1 : Recipient address rejected: Intentional policy rejection, please try again later; from= to= proto=ESMTP helo=
    li>Sep 25 12:23:26 mail postfix/smtpd[4464]: disconnect from[] ehlo=2 starttls=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=6/7  
    •   Recipient address rejected: Intentional policy rejection, please try again later. 

      This indicates that your server has enabled greylisting. The sending server will try again in a few minutes and it will be accepted.

  • niranjan
    1 day ago

    Ho to remove graylisting?

    • Graylisting is managed by iRedAPD. To disable graylisting, edit the configuration file.

      sudo nano /opt/iredapd/

      Find the following line.

      plugins = ["reject_null_sender", "wblist_rdns", "reject_sender_login_mismatch", "greylisting", "throttle", "amavisd_wblist", "sql_alias_access_policy"]

      Remove "greylisting" from the list. Save and close the file. Then restart iredapd.

      sudo systemctl restart iredapd

      You may need to add write permission before editing the file.

      sudo chmod 600 /opt/iredapd/
  • HI, I’ve done everything with success but I can’t instatll certbot. I’m using debian 9.
    I follow the steps from certbot page but it wants to certificate my domain, I only have access to mail server. How can I do that?

    • Make sure you have set A record for the hostname of your mail server (, follow the certbot instructions and you would fine.

  • pushpendra
    4 hours ago

    Ho to use separate domain for SOGo mail client in apache2?

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • * Some of my previous answers are lost after I uninstalled Disqus comment system from my website. I try to recover those answers whenever I can.