How to Easily Set up a Full-Fledged Mail Server on Ubuntu 16.04 with iRedMail

Setting up your own mail server from scratch on Linux is complex and tedious, until you meet iRedMail. This tutorial is going to show you how you can easily and quickly set up a full-fledged mail server on Ubuntu 16.04 with iRedMail under 30 minutes.

Note: I’ve also written an iRedMail tutorial for Ubuntu 18.04: How to Easily Set Up a Full-Featured Mail Server on Ubuntu 18.04 with iRedMail

What is iRedMail?

iRedMail is a shell script that automatically install and configure all necessary mail server components on your Linux/BSD server and thus eliminates manual installation and configuration. Supported OS are as follows:

  • RHEL/CentOS
  • Debian/Ubuntu
  • FreeBSD/OpenBSD

Open-source software used in iRedMail:

  • Postfix SMTP server
  • Dovecot IMAP server
  • Apache, Nginx
  • OpenLDAP, ldapd
  • MySQL/MariaDB, PostgreSQL
  • Amavised-new
  • SpamAssassin
  • ClamAV
  • Roundcube webmail
  • SOGo Groupware
  • Fail2ban
  • Awstats
  • iRedAPD Postfix policy server

iRedMail features:

  • All components are open-source.
  • TLS is enabled by default. SMTP/IMAP over TLS, HTTPS webmail
  • Create as many virtual mailboxes as you want in a web-based admin panel.
  • Stores mail accounts in OpenLDAP, MySQL/MariaDB, or PostgreSQL.

It is recommended that you follow the instructions below on a clean install of Ubuntu 16.04 system that has at least 2GB of RAM, as after the installation your server will use more than 1GB of RAM. Don’t run this iRedMail server alongside your website or blog on the same machine, unless you are confident that you can restore the virtual host file for your website or blog, because the installation process will break your existing virtual hosts. If you need to do this on a VPS, then I recommend Linode, from which you can get a 2GB VPS for only 10 USD per month. Without further ado, let’s get started.

Before the Installation

First, make sure your server IP isn’t listed in any email blacklist. You can go to mxtoolbox.com and dnsbl.info to check your server IP address. If it’s in a blacklist, you can delete your VPS instance in Linode and create a new one. As Linode uses an hourly billing model, you won’t be charged by month, but by how many hours you used, which makes it convenient to delete a VPS instance.

Once you have a server with good IP reputation, SSH into your Ubuntu 16.04 server and update all software.

sudo apt update;sudo apt upgrade

Then set a fully qualified domain name (FQDN) for your server with the following command.

sudo hostnamectl set-hostname mail.your-domain.com

We also need to update /etc/hosts file.

sudo nano /etc/hosts

Edit it like below:

127.0.0.1       mail.your-domain.com localhost

Save and close the file. To see the changes, re-login and use the following command to see your hostname.

hostname -f

Don’t forget to set MX record and A record for your domain name. The MX record should point to your mail server’s FQDN,

Record Type    Name      Value

MX             @         mail.your-domain.com

The A record points to your mail server’s IP address.

Record Type    Name     Value

A              mail     IP-address-of-mail-server

If your server uses IPv6 address, be sure to add AAAA record.

Setting up a Mail Server on Ubuntu 16.04 with iRedMail

Next, download the iRedMail Bash installer with wget. At the time of writing, the latest version of iRedMail is 0.9.7, released on July 1, 2017. Please go to iRedMail download page (http://www.iredmail.org/download.html)  to check out the latest version.

wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.7.tar.bz2

Extract the tarball.

tar xvf iRedMail-0.9.7.tar.bz2

Then cd into the newly created directory.

cd iRedMail-0.9.7/

Add executable permission to the iRedMail.sh script.

chmod +x iRedMail.sh

Next, run the Bash script with sudo privilege.

sudo bash iRedMail.sh

The ncurse-based setup wizard will appear. Select Yes.

iredmail ubuntu 16.04

The next screen will ask you to select the mail storage path. You can use the default one /var/vmail.

iredmail ubuntu

Next, choose your preferred web server: Apache or Nginx. You need to use up and down arrow and press the spacebar to select.

iredmail installation

Then select the storage backend. Choose one that you are familiar with. This tutorial chose MariaDB.

iredmail server

If you selected MariaDB or MySQL, then you will need to set the MySQL root password.

iredmail ubuntu setup

Please note that if you selected MariaDB, then you don’t need password to log into MariaDB shell. Instead of running the normal command:

mysql -u root -p

you can run the following command to login, with sudo and without providing MariaDB root password. This is because MariaDB uses unix_socket authentication plugin, which allows users to use OS credentials to connect to MariaDB. But you still need to set root password in iRedMail setup wizard.

sudo mysql -u root

Next, enter your first mail domain. You can add multiple mail domains later in the web-based admin panel. This tutorial assumes that you want an email account like [email protected], in that case, you need to enter your-domain.com here, without sub-domain. Do not press the space bar after your domain name. I think iRedMail will copy the space character along with your domain name, which can result in installation failure.

email server software

Next, set a password for the mail domain administrator.

install iredmail ubuntu

Choose optional components.

install iredmail server

Now you can review your configurations. Type Y to begin the installation of all mail server components.

install iredmail on ubuntu 16.04

At the end of installation, choose y to use firewall rules provided by iRedMail and restart firewall.

install iredmail server on ubuntu 16.04

Now iRedMail installation is complete. You will be notified the URL of webmail, SOGo groupware and web admin panel and the login credentials. The iRedMail.tips file contains important information about your iRedMail server.

********************************************************************
* URLs of installed web applications:
*
* - Roundcube webmail: httpS://mail.your-domain.com/mail/
* - SOGo groupware: httpS://mail.your-domain.com/SOGo/
*
* - Web admin panel (iRedAdmin): httpS://mail.your-domain.com/iredadmin/
*
* You can login to above links with below credential:
*
* - Username: [email protected]
* - Password: *********
*
*
********************************************************************
* Congratulations, mail server setup completed successfully. Please
* read below file for more information:
*
*   - /home/gourd/iRedMail-0.9.5-1/iRedMail.tips
*
* And it's sent to your mail account [email protected]
*
********************* WARNING **************************************
*
* Please reboot your system to enable all mail services.
*
********************************************************************

Reboot your Ubuntu 16.04 server.

sudo shutdown -r now

Once your server is back online, you can visit the web admin panel.

https://mail.your-domain.com/iredadmin/

Because it’s using a self-signed TLS certificate, so you need to add security exception. Login with the postmaster mail account.

iredmail web admin panel

In the Add tab, you can add multiple domains or mail users.

iredmail add mailboxes

After you create a user, you can visit the Roundcube webmail address and login with the new mail user account.

https://mail.your-domain.com/mail/

iredmail roundcube

And test email sending and receiving. Please note that you may need to wait for a few minutes to receive emails because greylisting is enabled by default. You can change password and create filter in RoundCube.

Update: If your hosting provider or ISP blocks port 25, then you can’t send emails directly. You can set up SMTP relay to solve this problem.

The following message in /var/log/mail.log indicates port 25 is blocked.

Nov 3 10:43:43 mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[74.125.200.27]:25: Connection timed out
Nov 3 10:44:13 mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b]:25: Connection timed out

Installing Let’s Encrypt TLS Certificate

Since the mail server is using a self-signed TLS certificate, both desktop mail client users and webmail client users will see a warning. To fix this, we can obtain and install a free Let’s Encrypt TLS cert.

Obtaining the Certificate

First, install Let’s Encrypt (certbot) client on Ubuntu 16.04.

sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot

The Apache and Nginx configuration directories are heavily modified by iRedMail, so here I recommend using the webroot plugin, instead of using apache or nginx plugin, to obtain certificate. Run the following command. Replace red text with your actual data.

sudo certbot certonly --webroot --agree-tos --email your-email-address -d mail.your-domain.com -w /var/www/html/

You will see the following text indicating that you have successfully obtained a TLS certificate. Your certificate and chain have been saved at /etc/letsencrypt/live/mail.your-domain.com/ directory.

Let's encrypt free tls certificate

Installing the Certificate

After obtaining a TLS certificate, let’s configure web server to use it.

Apache

If you use Apache web server, then edit the default virtual host file.

sudo nano /etc/apache2/sites-available/000-default.conf

Add the following 3 lines above </VirtualHost>.

RewriteEngine on
RewriteCond %{SERVER_NAME} =mail.your-domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

The above 3 directives will redirect HTTP connection to HTTPS. The rewrite module needs to be enabled for them to work, which is achieved by executing the following command.

sudo a2enmod rewrite

Then edit the https version of the default virtual host.

sudo nano /etc/apache2/sites-available/default-ssl.conf

Find the following 2 lines.

SSLCertificateFile /etc/ssl/certs/iRedMail.crt
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key

We need to replace the self-signed certificate with Let’s Encrypt issued certificate. So the above two lines need to be changed to the following.

SSLCertificateFile /etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.your-domain.com/privkey.pem

Save and close the file. Then reload Apache web server.

sudo systemctl reload apache2

Now if you visit iRedMail admin panel or Roundcube webmail again, you shall see a green lock in the browser address bar.

Nginx

If you use Nginx, then edit the SSL template file.

sudo nano /etc/nginx/templates/ssl.tmpl

Find the following 2 lines.

ssl_certificate /etc/ssl/certs/iRedMail.crt;
ssl_certificate_key /etc/ssl/private/iRedMail.key;

Replace them with:

ssl_certificate /etc/letsencrypt/live/mail.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.your-domain.com/privkey.pem;

Save and close the file. Then test nginx configuration and reload.

sudo nginx -t

sudo systemctl reload nginx

Visit iRedMail admin panel or Roundcube webmail again, you shall see a green lock in the browser address bar.

Configuring Postfix and Dovecot

We also need to configure Postfix and Dovecot to use the Let’s Encrypt issued certificate so that desktop mail client won’t display security warning. Edit the main configuration file of Postfix.

sudo nano /etc/postfix/main.cf

Find the following 3 lines. (line 95, 96, 97).

smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt

Replace them with:

smtpd_tls_key_file = /etc/letsencrypt/live/mail.your-domain.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.your-domain.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.your-domain.com/chain.pem

Save and close the file. Then reload Postfix.

sudo postfix reload

Next, edit the main configuration file of Dovecot.

sudo nano /etc/dovecot/dovecot.conf

Fine the following 2 lines. (line 47, 48)

ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key

Replace them with:

ssl_cert = </etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem

Save and close the file. Then reload dovecot.

sudo dovecot reload

From now on, desktop mail users won’t see security warnings.

Auto Renew TLS Certificate

To auto renew certificate, simply open root user’s crontab file.

sudo crontab -e

Then add the following line at the bottom of the file.

@daily letsencrypt renew --quiet && systemctl reload postfix dovecot apache2

If you use Nginx web server, then replace apache2 with nginx. Reloading is necessary to make these programs pick up the new certificate and private key.

Using Mail Clients on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account.

  • In the incoming server section, select IMAP protocol, enter mail.your-domain.com as the server name, choose port 993 and SSL/TLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter mail.your-domain.com as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

iredmail-desktop-mail-client-configuration

Creating PTR, SPF, DKIM and DMARC Records

To prevent your emails from being flagged as spam, you should set PTR, SPF, DKIM and DMARC records.

PTR record

A pointer record, or PTR record, maps an IP address to a FQDN. It’s the counterpart to the A record and is used for reverse DNS lookup. Reverse resolution of A record with PTR record can help with blocking spammers. Many MTAs accept email only if the server is really responsible for a certain domain.

To check the PTR record for an IP address:

dig -x <IP> +short

or

host <IP>

Because you get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider and its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address.

SPF Record

SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain.

In your DNS management interface, create a new TXT record like below.

TXT  @   v=spf1 mx ~all

create spf record in DNS

Explanation:

  • TXT indicates this is a TXT record.
  • Enter @ in the name field.
  • v=spf1 indicates this is a SPF record and the SPF record version is SPF1.
  • mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
  • ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.

Note that some DNS managers require you to wrap the SPF record with quotes like below.

TXT  @   "v=spf1 mx ~all"

To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:

dig your-domain.com txt

The txt option tells dig that we only want to query TXT records.

DKIM Record

DKIM (DomainKeys Identified Mail) use a private key to add a signature to emails sent from your domain. Receiving SMTP servers verify the signature using the public key published in your DNS manager.

The iRedMail script automatically configured DKIM for your server. The only thing left to do is creating DKIM record in DNS manager. Open the iRedMail.tips file under iRedMail-0.9.7 directory.

sudo nano iRedMail.tips

Scroll down to DNS record for DKIM support section. The DKIM public key is in the parentheses.

iredmail DKIM

You can also show the public key with the following command.

sudo amavisd-new showkeys

Then in your DNS manager, create a TXT record, enter dkim._domainkey in the name field. Copy everything in the parentheses and paste into the value field. Delete all double quotes and white spaces.

iredmail dkim record

After saving your changes, run the following command to test if your DKIM record is correct.

sudo amavisd-new testkeys

If the DKIM record is correct, the test will pass. Note that your DNS record may need sometime to propagate to the Internet.

TESTING#1 linuxbabe.com: dkim._domainkey.linuxbabe.com => pass

DMARC Record

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC can help receiving email servers to identify legitimate emails and prevent your domain name from being used by email spoofing.

To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]

create dmarc record txt

The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.

Testing Email Score and Placement

After creating PTR, SPF, DKIM record, go to https://www.mail-tester.com. You will see a unique email address. Send an email from your domain to this address and then check your score.

DMARC test

Mail-tester.com can only show you a sender score. There’s another service called GlockApps that allow you to check if your email is placed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc.

spam test

Adding Multiple Mail Domains

I wrote this article to show you how to add multiple mail domains in iRedMail.

That’s it! I hope this tutorial helped you set up a mail server with iRedMail on Ubuntu 16.04. Subscribe to our free newsletter to get latest Linux tutorials. You can also follow us on Google+Twitter or like our Facebook page.

Rate this tutorial
[Total: 97 Average: 3.8]

195 Responses to “How to Easily Set up a Full-Fledged Mail Server on Ubuntu 16.04 with iRedMail

  • Chris Amow
    6 months ago

    Awesome post! Thanks Xiao Guoan!
    A setup like this has been long overdue – I’m planning to switch over.
    Would I be able to set this up before I switch the domain over? (So I can configure everything and make sure it is running smoothly by testing against the ip address and then finally doing the switch for minimal downtime.)

  • David Bucknell
    6 months ago

    Hello,
    Thank you very much Xiao Guoan!
    Ok. I found iRedMail.tips in the mail. Working on dkim now.
    Thank you!

  • Hello! this is a great post. I had the mail server setup within 30 mins. I used my own SSL certs from sslforfree website. I created a user apart from postmaster and Im able to send emails between the new user and postmaster but mails are not passing thro if I use the SMTP server locally. I tried using the smtp.mywebsite.com and also the ip address of the linux machine. This is a private mailserver which I use within my home network (subnet). Although I can access webmail from any server in that subnet. Are the messages blocked somewhere in the fail2ban? I have abt 17 ports open including ports 587, 25 etc

  • Xiao, thank you for this tutorial. I am new to Ubuntu and Linux but your guide makes it look easy. My question before I try this is, will this tutorial work the same on Ubuntu as a guest OS running in virtual box? Thank you

  • Hello and thanks for this great tutorial.
    Everything goes well but when i try to log in to iredadmin the server return error 404 not found.
    the roundcube works perfect.
    any suggestions ?
    thanks
    Ubuntu 16.04

    • Xiao Guo-An (Admin)
      6 months ago

      Please add more details to your situation, like what web server you use (Apache or Nginx). If possible, upload a screenshot and check your web server error log.

  • Will this overwrite existing mysql databases and settings? Is it possible to skip the mysql section if it is already installed and functional?

    • Xiao Guo-An (Admin)
      6 months ago

      I think it will create new database but not overwrite your existing database. You can backup your existing database before installing iRedMail to be on the safe side.

      • Ok – I’ll do good backups before installing. Thanks.

  • This broke my other ssl enabled sites. Don’t recommend using this on any webserver.

    • “my other ssl enabled sites” indicates you did this on a previously configured server. I think maybe you overlooked the bold here:

      “It is recommended that you follow the instructions below on a CLEAN INSTALL of Ubuntu 16.04 system that has at least 2GB of RAM”

      You should read prerequisites before trying to discredit someone’s work.

      • zacgarby1
        6 months ago

        You don’t need to be so defensive, he’s just trying to be helpful :/

  • Harshil Gupta
    6 months ago

    I am not using any hosting service. The mail server is created in the lab. My os is ubuntu 16.04.
    How to achieve PTR stuff.

    • phishing frenzy
      6 months ago

      Harshil, the PTR record should be done by your ISP. For example ISP gave u an IP 123.123.123.123 and you bought a domain name gupta.com, but your host name is mail.gupta.com, you pass mail.gupta.com to your isp technician they should be able to configure for you

  • Andrew Hansen
    6 months ago

    Hi Thanks for this, I set it up on my Ubuntu server and all seems to be running fine now. I did have a syntax error in sudo nano /etc/apache2/sites-available/000-default.conf when I added these 3 lines RewriteEngine on
    RewriteCond %{SERVER_NAME} =mail.your-domain.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

    When I restarted Apache it came up with this error: syntax error on line 29 of /etc/apache2/sites-enabled/000-default.conf: invalid command ‘rewriteengine’, perhaps misspelled or defined by a module no action ‘configtest’ failed.

    I remmed out those 3 lines and everything seems to be working fine, is there something I did wrong and is there something I need to do to fix this.

  • Hi Xiao, i followed the steps in this tutorial on a server already running apache, php and mysql with a let’s encrypt SSL certificate, everything went well during the installation but i can not access https://mail.your-domain.com/iredadmin/ it shows the error The requested URL /iredadmin/ was not found on this server. but ?mail shows the roundcube login page. what could i be doing wrong

  • Michel1504
    6 months ago

    Thanks for the guide i installed it perfectly. got 10/10 out of mailtester. Next step is connection with ldap / ms ad or samba4. I tried to follow https://docs.iredmail.org/active.directory.html but got stuck at dovecot. and finding config files for rouncube (ngnix other place ?) and missing guide for sogo. do you have any plans to make a guide for that ?

  • zacgarby1
    6 months ago

    Hi, I’m wondering why I have to set my hostname to `mail.my-domain.com` instead of `my-domain.com` as it was previously. I’m not an expert, but since this is the same server I host a HTTP server on, won’t setting the hostname to `mail.my-domain.com` make it so people have to access my website using `mail.my-domain.com`?

    • Xiao Guo-An (Admin)
      6 months ago

      This hostname will be used by your mail server. It has nothing to do with website address. Please note that iRedMail will change the web server configuration directory. Your website may stop working. You can bring it up with a little work, but I recommend that you back up web server configurations.

      • zacgarby1
        6 months ago

        Ah okay, thanks. What I don’t get is: isn’t the hostname system-wide? It’s also a bit annoying when I ssh in and the prompt says [email protected] instead of [email protected] (my previous hostname was zacgarby.co.uk)

        • Xiao Guo-An (Admin)
          6 months ago

          Yes, it’s system-wide, but almost always your Apache virtual host or Nginx server block is configured to use a different value. The Bash shell by default only shows the leftmost part of your hostname.

        • zacgarby1
          6 months ago

          Right, that makes sense! Thank you

  • hey bro got to the part when you are about to install lets encrypt….. been trying to send test emails to and from and am not getting anything at all…. everything seems to be up and working fine

    • update… able to send from roundcube to gmail. but replying doesnt seem to be getting anywhere… ive tried reading through the original messages sent from gmail but cant get any errors to show…

  • Displace Ignorance with Facts
    6 months ago

    Hi, I’m curious. The guide was fantastic! But since you have a lot of experience doing this, how much would you charge to set it up? It would be a linode and have domain name already. Very curious but extremely serious and will pay.

    • Xiao Guo-An (Admin)
      6 months ago

      Hi, it will be a fixed price of 35 USD. If interested, contact me via email. My email address can be found on the “Contact Us” page.

  • Xiao, thank you so much for your process here. I had a couple hiccups but in the end got the mail server running. Wonderful write-up, plenty of great information.

  • Hi, I cant get past this please help.
    [ INFO ] Installing package(s): postfix postfix-pcre mariadb-client mariadb-server postfix-mysql libdbd-mysql-perl php-json php-gd php-mcrypt php-curl mcrypt php-intl php-xml php-mbstring php-mysql nginx-full php-fpm dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-sieve dovecot-mysql amavisd-new libcrypt-openssl-rsa-perl libmail-dkim-perl clamav-freshclam clamav-daemon spamassassin altermime arj zoo nomarch cpio lzop cabextract p7zip-full rpm ripole libmail-spf-perl unrar-free pax lrzip python-sqlalchemy python-dnspython python-mysqldb python-pymysql python-jinja2 python-netifaces python-webpy python-beautifulsoup python-lxml python-pycurl uwsgi uwsgi-plugin-python python-bcrypt awstats fail2ban bzip2 acl patch cron tofrodos logwatch unzip bsdutils liblz4-tool
    Reading package lists…
    Building dependency tree…
    Reading state information…
    Package zoo is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

    Package php-mcrypt is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

    E: Package ‘php-mcrypt’ has no installation candidate
    E: Package ‘zoo’ has no installation candidate
    <> Installation failed, please check the terminal output.
    <> If you’re not sure what the problem is, try to get help in iRedMail
    <> forum: http://www.iredmail.org/forum/

  • Paul Fisher
    6 months ago

    Can this be done on an 18.04 installation as well?

  • Inbound takes a long time to deliver

  • Shubhankit Mishra
    6 months ago

    Hello

    i followed these steps now i can send the emails but when i am sending mails from gmail to this server mails are not coming in inbox. i created a @ mx record pointing to mail.mydomain.tld . Please help.

  • Shubhankit Mishra
    6 months ago

    Is it possible to create mx record without creating a record?? Obviously i created a A record mail.domain.tld. And delay after 6 hours i have not received any mail. How long??

    • If you created MX and A record correctly, then Gmail can find your mail server. Greylisting will delay emails no more than 15 minutes. Can you paste your mail log in the comments? Also can you tell me your domain just to make sure I can verify your MX and A records?

  • Shubhankit Mishra
    6 months ago

    You can find the log here:-
    https://pastebin.com/7318Bb7v

    • Shubhankit Mishra
      6 months ago

      and my domain is mail.devopshit.xyz
      thanks!

    • Hi, looks like you are using AWS. Please go to AWS web-based console and set firewall to allow incoming traffic to the following ports:

      TCP port 25 (smtp),
      TCP port 587 (submission)
      TCP port 993 (imaps)
      TCP port 995 (pop3s).

  • Shubhankit Mishra
    6 months ago

    oh shit!
    i forgotten to take care of these.. now working thanks.. your tutorial was awesome…

  • Hello, how can I take off redirect to /mail when browsing my-domain.com?

    I want it to redirect to my website.

    Thanks.

    • Hi, looks like you didn’t follow this tutorial exactly as I told. You need to find your virtual host configuration file for your-domain.com and replace it with the original one.

  • I am using nginx, I did every step.

    • Following this tutorial, you should be able to access your webmail from mail.your-domain.com. If you installed iRedmail alongside your website on the same machine, which broke your website, you should create a virtual host file for your website in /etc/nginx/sites-enabled directory, then reload Nginx. That will restore your website.

  • hi,

    I have the same problem as Zard with zoo and mcrypt. Insatlling on Ubuntu 18.04 LTS. Any pointers are greatly appreciated.

    thanks!

  • Jason Ramos
    5 months ago

    I followed this tutorial on out DigitalOcean Ubuntu 16.04 LTS server using the Nginx web server and OpenLDAP account storage. Everything seems to be working fine except for the sending of email, even from one internal email to another on our own system. My spam result tests show that our DigitalOcean droplet has a blacklisted IP in two cases. That would easily explain why our email isn’t hitting external inboxes. I tried sending to my personal gmail and AOL accounts and both received nothing.
    https://imgur.com/LPjGqA7
    This is the error I receive from the Mailer Daemon trying to send to my AOL address. Sending to either the internal email or my personal gmail yields nothing.
    Its clear that the server is sending something out when I try to email my AOL address but it is still being refused, and I cannot send anything internally either. I’m not sure what I’m missing and any help is appreciated.

  • Hi! Great tutorial, everything looks great, except for one thing: I cannot send mails. Receiving is fine, I’ve done many tests, but I can’t send anything. On the mail.log file, the problem appears to be “connection timed out” and after a little digging, I found that some ISP are blocking SMTP port 25 for outbound traffic. I tried tweaking the postfix configuration files, but no luck. Any suggestions?

  • What is the best method to encrypt emails at rest on your server. Has anybody tried this, for example?

    https://wiki2.dovecot.org/Plugins/MailCrypt

  • Thanks for a great guide!

    The guide worked perfectly to me, until the section: Using Separate Domain for RoundCube. It seems to my like some changes have been made from iRedMail-0.9.7 to iRedMail-0.9.8 in the Nginx configuration. At least the /etc/nginx/sites-conf.d/default/ are not to be found on my setup.

    Any ideas for getting the new certificate right for a second (and third) domain? – Thanks!

  • thanks for this but i have 1 problem. everytime i email rather send it always direct to spam not in inbox. ill test in mail tester its 10/10 so whats the problem

  • Low Chan saechao
    3 months ago

    Thank you very much for this tutorial! I have successfully setup my self-hosted mail server using your instructions. They were clear and the screen shots were very helpful.

    Thank you for the Spam Tester website, it helped me troubleshoot that i needed another TXT entry for DKIM.

    I am behind Comcast internet, last thing i need to do is call Comcast up to update their Reverse DNS to my domain.

    Again thank you!

  • F PADRON
    3 months ago

    Simply fantastic. THANKS.
    I have mail.server.xx with three domains. They receive very well any email from any sender inclusive between themselves. When I send to hotmail (sample) emails go to SPAM but is because AMAZON don’t respond me petition yet. I can use command line too to send. But, please, how about settings for email sending through RAILS app?, example in AWS SES:

      registration:
        from: '[email protected]'
        to:   '[email protected]'
        smtp:
          host: 'email.us-east-3.amazonaws.com'
          port: 587
          authentication: 'plain'
          login: 'AKIAIT7A'
          password: 'ZD4UqEIoFPphB'
          domain: 'myserver.com'
    

    But, here, how must be the params? THANKS in advance

  • Hello,

    I tried to install iRedMail 0.9.8 on Amazon EC2 with OpsWorks Stack on Ubuntu 16.04.

    During the installation it shows the message that the user “iredadmin” isn’t available.
    After restarting server iRedAdmin page shows a 502 Bad Gateway

    Checking locks an running services shows that uwsgi service isn’t running.
    Starting this service shows following error:

    ● uwsgi.service - LSB: Start/stop uWSGI server instance(s)
       Loaded: loaded (/etc/init.d/uwsgi; bad; vendor preset: enabled)
       Active: failed (Result: exit-code) since Fri 2018-09-14 11:32:16 UTC; 3s ago
         Docs: man:systemd-sysv-generator(8)
      Process: 4194 ExecStart=/etc/init.d/uwsgi start (code=exited, status=1/FAILURE)
    

    I tried to add the default ubuntu source.list but it does not solve this problem.
    Did anyone have an idea?

    Thanks a lot.

    Chris

    • here the detail message during installation message:

      ********************************************************************
      * Start iRedMail Configurations
      ********************************************************************
      [ INFO ] Create self-signed SSL certification files (2048 bits).
      [ INFO ] Generate Diffie Hellman Group with openssl, please wait.
      [ INFO ] Create required system account: vmail, iredadmin, iredapd.
      [ INFO ] Configure Apache web server.
      [ INFO ] Configure PHP.
      [ INFO ] Configure MySQL database server.
      [ INFO ] Setup daily cron job to backup SQL databases with /var/vmail/backup/backup_mysql.sh
      [ INFO ] Configure Postfix (MTA).
      [ INFO ] Configure Dovecot (POP3/IMAP/Managesieve/LMTP/LDA).
      [ INFO ] Configure ClamAV (anti-virus toolkit).
      [ INFO ] Configure Amavisd-new (interface between MTA and content checkers).
      [ INFO ] Configure SpamAssassin (content-based spam filter).
      [ INFO ] Configure iRedAPD (postfix policy daemon).
      [ INFO ] Configure iRedAdmin (official web-based admin panel).
      chown: invalid user: 'iredadmin:iredadmin'
      chown: invalid user: 'iredadmin:iredadmin'
      [ INFO ] Configure Fail2ban (authentication failure monitor).
      [ INFO ] Configure Roundcube webmail.
      [ INFO ] Configure Awstats (logfile analyzer for mail and web server).
      
      *************************************************************************
      * iRedMail-0.9.7 installation and configuration complete.
      *************************************************************************
      
    • Check /etc/passwd file to see if iredadmin is there.

      cat /etc/passwd | grep iredadmin

      If the iredadmin user and group wasn’t created. You can manually create it with:

      sudo adduser --system --group iredadmin
    • sometimes it is so easy…

      thanks a lot, I added the user before installation.
      After that it works.

  • FERNANDO PADRON TORRES
    3 months ago

    As I told you before, simply fantastic. I have a little trouble with outgoing messages from AWS. AWS told me “congratulations already you don’t have any limitation to send emails”, however, after 10 days, when I send emails still going to SPAM. In your experience, what can be the solution?

    This is data of an email sent to [email protected] from our new email server ([email protected]):

    Received: from BN3NAM04HT223.eop-NAM04.prod.protection.outlook.com
     (2603:10b6:903:32::30) by CY4PR16MB1640.namprd16.prod.outlook.com with HTTPS
     via CY4PR13CA0020.NAMPRD13.PROD.OUTLOOK.COM; Tue, 18 Sep 2018 05:57:02 +0000
    Received: from BN3NAM04FT007.eop-NAM04.prod.protection.outlook.com
     (10.152.92.55) by BN3NAM04HT223.eop-NAM04.prod.protection.outlook.com
     (10.152.93.168) with Microsoft SMTP Server (version=TLS1_2,
     cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.1164.13; Tue, 18
     Sep 2018 05:57:02 +0000
    Authentication-Results: spf=none (sender IP is 54.149.73.66)
     smtp.mailfrom=aquiderecho.com; hotmail.com; dkim=fail (no key for signature)
     header.d=ferpadron.com;hotmail.com; dmarc=none action=none
     header.from=aquiderecho.com;
    Received-SPF: None (protection.outlook.com: aquiderecho.com does not designate
     permitted sender hosts)
    Received: from mail.ferpadron.com (54.149.73.66) by
     BN3NAM04FT007.mail.protection.outlook.com (10.152.92.91) with Microsoft SMTP
     Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
     15.20.1164.13 via Frontend Transport; Tue, 18 Sep 2018 05:57:02 +0000
    X-IncomingTopHeaderMarker: OriginalChecksum:525C20036D31AB2DC9A90D376982D7369723C7121FBBC90AA3953A7797B6726C;UpperCasedChecksum:8360550425E74F06D402823FB27A4238C2EEEFC123C24361C5923563F8CFEEA2;SizeAsReceived:1720;Count:16
    Received: from mail.ferpadron.com (mail.ferpadron.com [127.0.0.1])
    	by mail.ferpadron.com (Postfix) with ESMTP id 579CC11F05
    	for ; Tue, 18 Sep 2018 05:57:01 +0000 (UTC)
    Authentication-Results-Original: mail.ferpadron.com (amavisd-new); dkim=pass
    	reason="pass (just generated, assumed good)" header.d=ferpadron.com
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ferpadron.com; h=
    	user-agent:message-id:subject:subject:to:from:from:date:date
    	:content-transfer-encoding:content-type:content-type
    	:mime-version; s=dkim; t=1537250217; x=1539842218; bh=YI4lHgh/xk
    	0oZwgyYN/6mTeHedX2ELHLLX3ZTqmdPxI=; b=cho/UPMBwOm64oGmucf/XjjSnG
    	DVwbrJUmeiuw9SNDzInRUmzjy9wTqA/4AgmDYz5Pp0knI6UfW7OyfEZyQK1MVyzx
    	sj3fYOiF53sz8rhc5N1LbmuoM0AdNTSSHPhuanxEmS8OYO/ijEZFF5TRJcB9nHxV
    	fO9Kf6k7/g6M+ZB3c=
    X-Virus-Scanned: Debian amavisd-new at mail.ferpadron.com
    Received: from mail.ferpadron.com ([127.0.0.1])
    	by mail.ferpadron.com (mail.ferpadron.com [127.0.0.1]) (amavisd-new, port 10026)
    	with ESMTP id SLRqLRo4RCa7 for ;
    	Tue, 18 Sep 2018 05:56:57 +0000 (UTC)
    Received: from mail.aquiderecho.com (mail.ferpadron.com [127.0.0.1])
    	by mail.ferpadron.com (Postfix) with ESMTPSA id 6E3B511EC3
    	for ; Tue, 18 Sep 2018 05:56:55 +0000 (UTC)
    Content-Type: text/plain; charset=US-ASCII;
     format=flowed
    Content-Transfer-Encoding: 7bit
    Date: Tue, 18 Sep 2018 00:56:55 -0500
    From: [email protected]
    To: FER PADRON 
    Subject: ddd
    Message-ID: 
    X-Sender: [email protected]
    User-Agent: Roundcube Webmail
    X-IncomingHeaderCount: 16
    Return-Path: [email protected]
    

    *THANKS in advance*
    Fer

  • Ashutosh
    3 months ago

    It is not sending emails to godaddy mails also not receiving.

  • Check you IP/domain on https://mxtoolbox.com/blacklists.aspx

  • Ashutosh
    3 months ago

    i am getting

    relay=mailstore1.europe.secureserver.net[188.121.52.57]:25, delay=190284, delays=190283/0.05/1.5/0, dsn=4.0.0, status=deferred (host mailstore1.europe.secureserver.net[188.121.52.57] refused to talk to me: 421 n1plibsmtp01-02.prod.ams1.secureserver.net bizsmtp Temporarily rejected. Reverse DNS for 45.64.11.2 failed. IB108  )
  • I don’t understand why it needs to install a web server? I just want email.

    Is this for configuration purposes? Why can’t I just do that via SSH and text configuration files?

    • The web server is needed to set up a webmail client, so you can access email in your web browser. If you don’t need that, you can disable the web server from running on your machine.

      This article did not say you can’t use SSH to install iRedMail on another machine.

    • I was looking at the screenshot of the install questions. It gave you a choice of which web server you want (nginx or Apache) but did not appear to offer the option of skipping the webserver all together.

    • iRedMail also comes with a web-based control panel that allows you to easily add email accounts, that also requires a web server. You may need this if you are not familiar with adding email accounts from the command line.

      You can disable or remove the web server after your email server is up and running, if you really don’t like having a web server on your machine.

  • I notice there is a step where you set a static IP address of the mail server.

    This is problematic. I was planning on running my server with a dynamic DNS service and not using IP addresses at all. Is this not possible?

    • With a dynamic IP address, you can’t set the PTR record, in which case you emails are more likely to land in spam folder or be rejected outright.

      If you plan to set up an email server in your home, ask your ISP if they can give you a static IP and if PTR record can be configured for your IP address.

      I think there’s another way around this: using a smart host (aka SMTP relay) to send email, but I haven’t tried that yet.

  • I can recieve emails but no sending, log shows:

    Sep 21 19:01:29 mail postfix/smtp[7562]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c0f::1b]:25: Connection timed out
    Sep 21 19:01:59 mail postfix/smtp[7562]: connect to gmail-smtp-in.l.google.com[172.217.197.26]:25: Connection timed out
    Sep 21 19:02:29 mail postfix/smtp[7562]: connect to alt1.gmail-smtp-in.l.google.com[2800:3f0:4003:c00::1b]:25: Connection timed out
    Sep 21 19:02:59 mail postfix/smtp[7562]: connect to alt1.gmail-smtp-in.l.google.com[64.233.186.27]:25: Connection timed out 
  • Thanks

  • Ashutosh
    3 months ago

    Hi,
    Can i change the smtp port from 25 to some other?
    currently i am getting

    Sep 22 16:42:49 mail postfix/qmgr[2195]: 507E241FA6: from=, size=1672, nrcpt=1 (queue active)                                                      
    Sep 22 16:42:50 mail postfix/smtp[3923]: connect to gmail-smtp-in.l.google.com[2404:6800:4003:c03::1a]:25: Network is unreachable          
    Sep 22 16:43:20 mail postfix/smtp[3923]: connect to gmail-smtp-in.l.google.com[74.125.24.26]:25: Connection timed out                                                   
    Sep 22 16:43:50 mail postfix/smtp[3923]: connect to alt1.gmail-smtp-in.l.google.com[74.125.195.27]:25: Connection timed out                                             Sep 22 16:43:50 mail postfix/smtp[3923]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400e:c09::1b]:25: Network is unreachable 
    Sep 22 16:44:20 mail postfix/smtp[3923]: connect to alt2.gmail-smtp-in.l.google.com[64.233.179.27]:25: Connection timed out                                             Sep 22 16:44:20 mail postfix/smtp[3923]: 507E241FA6: to=, relay=none, delay=22948, delays=22857/0.03/91/0, dsn=4.4.1, status=deferred

    And is it possible to send mail through php code using SMTP

  • pushpendra
    3 months ago
    Sep 25 04:01:25 mail postfix/smtp[10881]: 350484338D: to=, relay=none, delay=1505, delays=1354/0.13/150/0, dsn=4.4.1, status=deferred (connect to mailstore1.secureserver.net[68.178.213.244]:25: Connection timed out) 
    
    Sep 25 04:01:25 mail postfix/smtp[10879]: AEDBD43398: to=, relay=none, delay=1504, delays=1354/0.14/150/0, dsn=4.4.1, status=deferred (connect to mailstore1.secureserver.net[68.178.213.243]:25: Connection timed out) 

    some time send mails to godaddy some time not.

  • niranjan
    3 months ago
    Sep 25 12:22:22 mail postfix/postscreen[4450]: CONNECT from [68.178.252.103]:32841 to [172.31.31.99]:25
    Sep 25 12:22:23 mail postfix/postscreen[4450]: PASS OLD [68.178.252.103]:32841
    Sep 25 12:22:23 mail postfix/smtpd[4464]: connect from p3plsmtpa11-02.prod.phx3.secureserver.net[68.178.252.103]
    Sep 25 12:22:24 mail postfix/smtpd[4464]: Anonymous TLS connection established from p3plsmtpa11-02.prod.phx3.secureserver.net[68.178.252.103]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    Sep 25 12:22:25 mail postfix/smtpd[4464]: NOQUEUE: reject: RCPT from p3plsmtpa11-02.prod.phx3.secureserver.net[68.178.252.103]: 451 4.7.1 : Recipient address rejected: Intentional policy rejection, please try again later; from= to= proto=ESMTP helo=
    li>Sep 25 12:23:26 mail postfix/smtpd[4464]: disconnect from p3plsmtpa11-02.prod.phx3.secureserver.net[68.178.252.103] ehlo=2 starttls=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=6/7  
    
    •   Recipient address rejected: Intentional policy rejection, please try again later. 

      This indicates that your server has enabled greylisting. The sending server will try again in a few minutes and it will be accepted.

  • niranjan
    3 months ago

    Ho to remove graylisting?

    • Graylisting is managed by iRedAPD. To disable graylisting, edit the configuration file.

      sudo nano /opt/iredapd/settings.py

      Find the following line.

      plugins = ["reject_null_sender", "wblist_rdns", "reject_sender_login_mismatch", "greylisting", "throttle", "amavisd_wblist", "sql_alias_access_policy"]

      Remove "greylisting" from the list. Save and close the file. Then restart iredapd.

      sudo systemctl restart iredapd

      You may need to add write permission before editing the file.

      sudo chmod 600 /opt/iredapd/settings.py
  • HI, I’ve done everything with success but I can’t instatll certbot. I’m using debian 9.
    I follow the steps from certbot page but it wants to certificate my domain, I only have access to mail server. How can I do that?

    • Make sure you have set A record for the hostname of your mail server (mail.your-domain.com), follow the certbot instructions and you would fine.

  • pushpendra
    3 months ago

    Ho to use separate domain for SOGo mail client in apache2?

  • Xiao thanks for the answer.
    I have another question.
    For dkim, I generate the public and private key and configure my dns server. Where I should copy my private key. I must install something in my email server? My dns server is another server.
    Best Regards.
    Carina

    • You need to copy the public key to your DNS, not the private key. You can find the public key in the iRedmail.tips file

      Under DNS record for DKIM support
      Basically it looks like this:

        "v=DKIM1; p="
        "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgT90Ia+Zf7tkf0YyFlm2IdMZY"
        "NUHUoOoogQCBv+QrZJVBeKhjHBjtgMnsYnetJbZNmpMuM+MvyqjLVwUPrjGoJ1vI"
        "3vgjUDhfjLf4QjBtbhtSPb5LlveLxokEYnKDAbOZFILtW40IqxOYBGk9cnXzFoBZ"
        "78IssEGV/V8Idr1IbwIDAQAB"

      iRedmail already installed necessary software for you, so no need to install other software.

  • Hi Xiao,

    From your configuration, is there a way to change outgoing email port from 25 to 587 ? Actually i have installed the iredmail on the digital ocean droplet. My email server can accept inbound email but deferred all outgoing emails because DO is blocked port 25. I have asked them to open, but they cannot do it due to their policy. So, i’m searching if there is a solution for this problem and how to apply it to the iredmail configuration.

    Thanks
    Aris

  • Richard Whitney
    1 month ago

    Hi Xiao!
    I have what I think to be a running server, with port 25 and 143 open. However, while testing my new email address (brand-new domain) I get Cannot connect to server or no response from server. I have port 25 and 143 open at the router and the internet. Do I need something besides postfix and dovecot running? Right now my PTR record points at another domain which I own – but that should not prevent me from connecting, right?
    Thanks for any advice you can offer!

  • Dave Kimble
    1 month ago

    The danger of following a tutorial like this that you are installing a whole bunch of packages (do you understand what they all do?) which need to be configured accurately and kept up to date for ever. It is true that it is supposed to be done on a clean install, and it will PROBABLY work, but if it doesn’t you will have to do another clean install. There is no “uninstall/unconfigure”.

    It worked OK for me on my first go, but in setting up a standby server, it failed and couldn’t be unscrambled. Beware.

    • Richard Whitney
      1 month ago
      ...in setting up a standby server, it failed and couldn’t be unscrambled.

      Is a fresh OS install on the standby server out of the question? Why not just try it again?

    • Could you let me know the error when setting up a standby server?

  • Richard Whitney
    1 month ago

    Thanks Xiao! I got those ports open (had a certificate path wrong).
    I cannot send/receive email from this server. Would you mind looking at this from syslog:

    Nov 6 16:00:27 mail postfix/postscreen[99405]: CONNECT from [184.181.20.67]:50185 to [192.168.0.87]:25
    Nov 6 16:00:27 mail systemd-resolved[66449]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
    Nov 6 16:00:27 mail systemd-resolved[66449]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
    Nov 6 16:00:28 mail postfix/postscreen[99405]: HANGUP after 1.9 from [184.181.20.67]:50185 in tests before SMTP handshake
    Nov 6 16:00:28 mail postfix/postscreen[99405]: DISCONNECT [184.181.20.67]:50185
    Nov 6 16:01:01 mail CRON[99448]: (root) CMD (python /opt/www/iredadmin/tools/cleanup_db.py >/dev/null 2>&1)
    Nov 6 16:01:01 mail CRON[99449]: (root) CMD (python /opt/iredapd/tools/cleanup_db.py >/dev/null)
    Nov 6 16:01:01 mail CRON[99450]: (root) CMD (python /opt/www/iredadmin/tools/delete_mailboxes.py)
    Nov 6 16:01:01 mail CRON[99451]: (root) CMD (python /opt/iredapd/tools/cleanup_db.py >/dev/null)
    Nov 6 16:01:01 mail CRON[99453]: (root) CMD (python /opt/www/iredadmin/tools/cleanup_db.py >/dev/null 2>&1)
    Nov 6 16:01:01 mail CRON[99458]: (root) CMD (python /opt/www/iredadmin/tools/delete_mailboxes.py)
    Nov 6 16:01:45 mail kernel: [100284.043405] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=64762 PROTO=2
    Nov 6 16:01:45 mail kernel: [100284.928461] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:a:82:08:00 SRC=192.168.0.21 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=31570 PROTO=2
    Nov 6 16:02:01 mail CRON[99510]: (root) CMD (python /opt/iredapd/tools/spf_to_greylist_whitelists.py >/dev/null)
    Nov 6 16:02:01 mail CRON[99511]: (root) CMD (python /opt/iredapd/tools/spf_to_greylist_whitelists.py >/dev/null)

    and maybe tell me what I might look at that could be the problem?
    I can send other logs too if needed.

    Thanks again!

    • Richard Whitney
      1 month ago

      When connecting from my phone I get security error has occurred.
      When connecting from Thunderbird, I get the server has gone down or a network error has occurred

    • Please check the mail log (/var/log/mail.log).

    • Richard Whitney
      1 month ago
      Nov  7 07:49:48 mail postfix/pipe[147969]: 238512E0E75: to=, orig_to=, relay=dovecot, delay=68173, delays=68173/0.34/0/0.06, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 07:49:48 mail postfix/pipe[147967]: C853F2E0E8F: to=, orig_to=, relay=dovecot, delay=68173, delays=68172/0.34/0/0.06, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 07:54:47 mail postfix/qmgr[93108]: D50762E0EA2: from=, size=1105, nrcpt=1 (queue active)
      Nov  7 07:54:47 mail postfix/pipe[148230]: D50762E0EA2: to=, relay=dovecot, delay=65914, delays=65914/0.02/0/0.03, dsn=4.3.0, status=deferred (temporary failure)
      
      
    • Richard Whitney
      1 month ago

      looks like email addresses surrounded by <> are parsed html

    • Emails are not delivered to the dovecot IMAP server. Run the following command to check the status of dovecot.

      sudo systemctl status dovecot

      If it’s not running, start it with

      sudo systemctl start dovecot
    • Richard Whitney
      1 month ago
      ● dovecot.service - Dovecot IMAP/POP3 email server
         Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
         Active: active (running) since Tue 2018-11-06 13:55:05 MST; 18h ago
           Docs: man:dovecot(1)
                 http://wiki2.dovecot.org/
       Main PID: 93141 (dovecot)
          Tasks: 10 (limit: 9440)
         CGroup: /system.slice/dovecot.service
                 ├─ 93141 /usr/sbin/dovecot -F
                 ├─ 93143 dovecot/lmtp -L
                 ├─ 93144 dovecot/anvil
                 ├─ 93145 dovecot/log
                 ├─ 93147 dovecot/lmtp -L
                 ├─ 93148 dovecot/lmtp -L
                 ├─ 93149 dovecot/lmtp -L
                 ├─ 93150 dovecot/lmtp -L
                 ├─ 93151 dovecot/config
                 └─130972 dovecot/ssl-params
      
      Nov 06 21:17:42 mail.mydomain.com dovecot[93145]: imap-login: Disconnected: Inactivity (no auth attempts in 181 secs): user=, rip=72.223.118.74, lip=192.168.0.87, session=<+yk8Zgt6j8F
      Nov 06 21:17:42 mail.mydomain.com dovecot[93145]: pop3-login: Disconnected: Inactivity (no auth attempts in 181 secs): user=, rip=72.223.118.74, lip=192.168.0.87, session=<8IY8Zgt6dYJ
      Nov 06 21:17:42 mail.mydomain.com dovecot[93145]: imap-login: Disconnected: Inactivity (no auth attempts in 181 secs): user=, rip=72.223.118.74, lip=192.168.0.87, TLS handshaking, ses
      Nov 06 21:18:06 mail.mydomain.com dovecot[93145]: imap-login: Disconnected (tried to use disallowed plaintext auth): user=, rip=72.223.118.74, lip=192.168.0.87, session=<VaK3Z
      Nov 06 21:18:48 mail.mydomain.com dovecot[93145]: imap-login: Disconnected (tried to use disallowed plaintext auth): user=, rip=72.223.118.74, lip=192.168.0.87, se
      Nov 06 21:19:32 mail.mydomain.com dovecot[93145]: imap-login: Disconnected (tried to use disallowed plaintext auth): user=, rip=72.223.118.74, lip=192.168.0.87, se
      
      
    • You should use the IMAPS port 993, instead of 143. Plain text IMAP is disallowed.

    • Richard Whitney
      1 month ago

      Do I need to set this on the server, or just use port 993 at the client?
      If the server, how do I set it?
      Thank you for all of your responses – much appreciated!

    • In the mail client, choose port 993 and SSL/TLS encryption (if it’s available.)

    • Richard Whitney
      1 month ago

      SSL/TLS is surely available on the client (Thunderbird) and I have it checked and using port 993
      I have got it into a state of hanging now, like it’s trying to connect, but can’t
      I wonder if I have got something in the infrastructure causing problems.

    • Richard Whitney
      1 month ago

      Hi Xiao!
      Do you think I have a setting wrong based on where these admin emails are addressed (mail.mydomain.com insteaf of just mydomain.com?)

      Nov  7 09:39:47 mail postfix/pipe[153685]: A69AF2E0E79: to=, orig_to=, relay=dovecot, delay=285947, delays=285947/0.04/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 09:39:47 mail postfix/pipe[153691]: 34B5C2E0E6A: to=, orig_to=, relay=dovecot, delay=327948, delays=327948/0.06/0/0.09, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 09:39:47 mail postfix/pipe[153682]: 314B62E0E71: to=, orig_to=, relay=dovecot, delay=327948, delays=327948/0.1/0/0.06, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 09:39:47 mail postfix/pipe[153688]: 3AAE12E0184: to=, orig_to=, relay=dovecot, delay=327948, delays=327948/0.12/0/0.06, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 09:39:47 mail postfix/pipe[153683]: 361132E0E72: to=, orig_to=, relay=dovecot, delay=327948, delays=327948/0.12/0/0.05, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 09:39:47 mail postfix/pipe[153693]: 26CC02E0E78: to=, orig_to=, relay=dovecot, delay=290147, delays=290147/0.13/0/0.04, dsn=4.3.0, status=deferred (temporary failure)
      Nov  7 09:39:47 mail postfix/pipe[153701]: 539432E0E76: to=, orig_to=, relay=dovecot, delay=323748, delays=323748/0.14/0/0.04, dsn=4.3.0, status=deferred (temporary failure)
      
      
      
    • Richard Whitney
      1 month ago

      oops! forgot that html tags are not shown – In this case the email address! these addresses were [email protected] and [email protected]

    • Configure port forwarding in your router for port 993.

      Following this tutorial, you will have an email address like [email protected], not [email protected]

      mail.your-domain.com is the hostname of your mail server.

    • Richard Whitney
      1 month ago

      This is from outside the network:

      25/tcp    open     smtp
      53/tcp    open     domain
      80/tcp    filtered http
      110/tcp   open     pop3
      443/tcp   filtered https
      993/tcp   open     imaps
      995/tcp   open     pop3s
      

      This is from inside the network:

      25/tcp  open   smtp
      53/tcp  closed domain
      80/tcp  open   http
      110/tcp open   pop3
      143/tcp closed imap
      443/tcp open   https
      587/tcp open   submission
      993/tcp open   imaps
      995/tcp open   pop3s
      
    • You also need to configure port forwarding for the submission port (587).

    • Richard Whitney
      1 month ago

      This will have to wait a few days – stupid router will not register forwarding any more. DOH!

    • Richard Whitney
      1 month ago

      Hey Xiao,
      I am able to send mail from this server, just not receive.
      I had to make it so TB saved messages in Local Folder.
      Do you think I have a permissions problem on the server?
      Thanks!

    • Richard Whitney
      1 month ago

      It doesn’t look like my mail boxes ae being created on the server?

      [email protected]:/var/vmail/vmail1# cd mydomain.com/
      [email protected]:/var/vmail/vmail1/mydomain.com# ls
      p
      [email protected]:/var/vmail/vmail1/mydomain.com# cd p/
      [email protected]:/var/vmail/vmail1/mydomain.com/p# ls
      o
      [email protected]:/var/vmail/vmail1/mydomain.com/p# cd o
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o# ls
      s
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o# cd s
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s# ls -al
      total 12
      drwxrw-rw- 3 vmail vmail 4096 Oct 29 13:44 .
      drwxrw-rw- 3 vmail vmail 4096 Oct 29 13:44 ..
      drwxrw-rw- 3 vmail vmail 4096 Oct 29 13:44 postmaster
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s# cd postmaster/
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s/postmaster# ls
      Maildir
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s/postmaster# cd Maildir/
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s/postmaster/Maildir# ls
      new
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s/postmaster/Maildir# cd new/
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s/postmaster/Maildir/new# ls
      details.eml  links.eml  mua.eml
      [email protected]:/var/vmail/vmail1/mydomain.com/p/o/s/postmaster/Maildir/new# 
    • Richard Whitney
      1 month ago

      I found this:

      [email protected]:/var/mail/vmail# ls -al
      total 56
      drwxr-xr-x 8 vmail vmail 4096 Oct 29 13:04 .
      drwxrwsr-x 3 root  mail  4096 Oct 24 11:54 ..
      -rw-r--r-- 1 vmail vmail  220 Apr  4  2018 .bash_logout
      -rw-r--r-- 1 vmail vmail 3771 Apr  4  2018 .bashrc
      -rw-r--r-- 1 vmail vmail 8980 Apr 16  2018 examples.desktop
      drwxr-xr-x 3 root  root  4096 Oct 29 13:03 mydomain.com
      -rw-r--r-- 1 vmail vmail  807 Apr  4  2018 .profile
      drwxr-xr-x 2 root  root  4096 Oct 29 13:04 rwhitney
      drwxr-xr-x 2 vmail vmail 4096 Oct 24 14:33 sieve-after
      drwxr-xr-x 2 vmail vmail 4096 Oct 24 14:44 sieve-before
      

      Are mailboxes supposed to be created here?
      If so, I should probably have one that reads like:

      drwxr-xr-x 2 root  root  4096 Oct 29 13:04 richard

      Again, Thanks for any help you can provide!

    • Richard Whitney
      1 month ago

      Getting some errors in /var/log/mail.log:

       NOQUEUE: reject: RCPT from unknown[204.62.14.134]: 451 4.7.1 : Recipient address rejected: Intentional policy rejection, please try again later; from= to= proto=ESMTP helo=
      

      Is this of any help?

    • Mailboxes are created at /var/vmail/vmail1/mydomain.com.

      From your previous mail.log, I saw Dovecot didn’t deliver the email. Please check /var/log/dovecot/dovecot.log and /var/log/dovecot/lda.log.

    • Richard Whitney
      1 month ago

      from the below, I can see that I have set the g/uid wrong?

      Any advice on this?

      Nov  9 07:46:19 mail dovecot: lda([email protected]): Fatal: setgid(2000 from mail_gid setting) failed with euid=5000(vmail), gid=5000(vmail), egid=5000(vmail): Operation not permitted (This binary should probably be called with process group set to 2000 instead of 5000(vmail))
    • Richard Whitney
      1 month ago

      How, what steps do I take to (re)set the guid? and on what files?
      Thanks!

    • Check which user has ID 2000 and ID 5000.

       grep 2000 /etc/passwd

      and

       grep 5000 /etc/passwd
    • Richard Whitney
      1 month ago
      [email protected]:/var/vmail/vmail1# grep 2000 /etc/passwd
      [email protected]:/var/vmail/vmail1# grep 5000 /etc/passwd
      vmail:x:5000:5000::/var/mail/vmail:/bin/sh
      [email protected]:/var/vmail/vmail1# 
      
    • Richard Whitney
      1 month ago

      so should I edit /etc/passwd?
      so that this:

      vmail:x:5000:5000::/var/mail/vmail:/bin/sh

      says this:

      vmail:x:2000:2000::/var/mail/vmail:/bin/sh
    • Please check /etc/dovecot/dovecot.conf file and find the following 4 parameters.

      mail_uid = 
      mail_gid = 
      first_valid_uid = 
      last_valid_uid = 
      

      If the values are set to 2000, then change them to 5000. After that, restart Dovecot.

      sudo systemctl restart dovecot
    • Richard Whitney
      1 month ago

      Xiao!
      We have lift off!
      The settings surely were off – reset all to 5000 and success!
      Thank you so much for your assistance.
      Can I reward you in any way?
      Feel free to send me an email.

  • Dave Kimble
    1 month ago

    Richard, no, re-installing the OS is not out of the question, but its a whole heap more work if its doesn’t install and configure properly first time.

    Xiao, I don’t remember the error exactly – some server was unreachable at the time, I think.
    My point was, it’s great when it works, and a lot of extra work when it doesn’t.
    Testing with mail-tester.com is essential to get all the things right.

    Citadel-suite has a mail server, chat server and other features and is generally easier.

    Your mail server WILL be attacked on the first day and every day.

  • Hello Dear , thanks for this great tutorial.
    can I use it for local communication purpose only, (local mail) without connecting to the internet and without having dns??
    Thanks!

  • BandidoPabs
    4 weeks ago

    Hi Xiao,

    Really apprecite you taking time to set this tutorial up. I’m getting this error when I’m trying to set up the certbort any idea on what I can do?

    IMPORTANT NOTES:
    – The following errors were reported by the server:

    Domain: mail.boltcorp.com
    Type: unauthorized
    Detail: Invalid response from
    http://mail.boltcorp.com/.well-known/acme-challenge/iZYPFWRimn9ocHXyFTI0hCbw1 VpSu-naxjRYhG6pmlM:
    “<html lang=\"en\"
    data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvj FUCsdFlb6TdQhxb9RXWX"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

    I've set up the MX and A record to point to the correct FQDN and IP address.

    Thanks.

  • BandidoPabs
    4 weeks ago

    Xiao,

    One more thing what email address do I put here?

    sudo certbot certonly –webroot –agree-tos –email your-email-address -d mail.your-domain.com -w /var/www/html/

    the postmaster one?

  • Xiao – This guide is excellent. I followed your steps and everything is working perfectly.

    Is there a simple way to backup the config for all the apps or even a snapshot of the entire OS? I’d like to be able to restore the settings in case i make a mistake and break this smooth running config. Thank you

    • Before editing a file, copy it to a new file. If you make a mistake, then restore the original file.

      If you are using a server hosting service, they should provide a snapshot function. If you are using your own hardware at home, you can use clonezilla to take an image of your entire disk.

  • Артем Артем
    3 weeks ago

    One of the best intructions I have ever seen. Thank you so much for you time and patience.
    Some additions for better spam-filtering rating:
    1) You better’d better to specify for SPF:
    @ TXT v=spf1 mx ip4: ~all
    2) After you have a valid-passed SPF and DKIM, you’d better to add:
    _dmarc TXT v=DMARC1; p=none

  • Hello,
    When i try to type the command to install the TLS certificate i reviecve this message:

     [email protected]:~# sudo certbot certonly --webroot --agree-tos [email protected] -d box.yogavoga.com -w /var/www/html/
    usage:
      certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
    
    Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
    it will attempt to use a webserver both for obtaining and installing the
    certificate.
    certbot: error: unrecognized arguments: [email protected]
    [email protected]:~# ^C
    [email protected]:~#

    What am i doing wrong

  • Lidor Amrani
    2 weeks ago

    Hey i have another little problem – when i try to open the

     sudo nano iRedMail.tips
    

    file it just opening an empty file…

    How can i fix it?

  • Richard Whitney
    2 weeks ago

    Lidor,
    are you in the installation directory for iRedMail?

  • Richard Whitney
    2 weeks ago

    Xiao,
    I am having an issue with RoundCube.
    I get Connection to storage server failed. and when I run:

    [email protected]:~$ dovecot -F
    doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 48: ssl_cert: Can’t open file /etc/ssl/private/mail.ems.com.pem: Permission denied
    [email protected]:~$ sudo dovecot -F
    [sudo] password for admin:
    Fatal: Dovecot is already running with PID 67898 (read from /var/run/dovecot/master.pid)
    [email protected]:~$

    I posted this on the iredmail page as well but I thought I would hit you up on it too.
    Any thoughts?

  • Richard Whitney
    2 weeks ago

    BTW, I have never been able to login to RC with this installation 🙁
    Thanks!

  • Richard Whitney
    2 weeks ago

    maybe the following will be helpful?

    Nov 29 15:09:10 mail roundcube:  IMAP Error: Login failed for [email protected] from 192.168.0.23. Could not connect to 127.0.0.1:143: Connection refused in /opt/www/roundcubemail-1.3.6/program/lib/Roundcube/rcube_imap.php on line 196 (POST /mail/?_task=login&_action=login)
    
    
  • Richard Whitney
    2 weeks ago

    I know dovecot is running. Thanks for this other command – I will check in the morning (U.S.) Thank you!

  • Richard Whitney
    2 weeks ago

    Forgot to format output:
    sudo netstat -lnpt | grep 143

    I got no output from that command. I assume dovecot is not listening on 143?
    I’m going to try the same command with port 993…

    sudo netstat -lnpt | grep 993

         tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      40041/dovecot       
         tcp6       0      0 :::993                  :::*                    LISTEN      40041/dovecot
    

    any ideas on where to change 143 to 993? Or what I need to do?
    Thanks!

  • Richard Whitney
    2 weeks ago

    You know what Xiao?
    Is there a major difference between Xenial and Beaver in setting up iRedMail?
    I only noticed your tutorial for Beaver after I started with this one. and I am running Bionic Beaver (Ubuntu 18.04)

    • No major differences. Just wanted to write a separate article for 18.04 and to hopefully find some bugs in the process.

      • Richard Whitney
        1 week ago

        Perhaps a bug is one that port is set to 0 instead of 143 in /etc/dovecot/dovecot.conf? This is kind of in reply to the below question, too.
        Cheers!

  • Richard Whitney
    2 weeks ago

    I got it Xiao!
    the following was in dovecot.conf:

    service imap-login {
      inet_listener imap {
        port = 0
      }
      inet_listener imaps {
        port = 993
        ssl = yes
      }
      process_limit = 500
      service_count = 1
    }
    
    

    I changed it to:

    service imap-login {
      inet_listener imap {
        port = 143
      }
      inet_listener imaps {
        port = 993
        ssl = yes
      }
      process_limit = 500
      service_count = 1
    }
    
    

    et voila!
    Thanks for your help.

    • Great, but I’m curious why your port was set to 0. The default should have been 143 after iRedMail installation.

    • Perhaps. I found that if I press the space bar after the domain name entered in the set up wizard, the space character is copied along with the domain name and it will make the installation fail. That’s a bug I found when setting it up on Ubuntu 18.04.

  • Lidor Amrani
    1 week ago

    Hey i have no idea why but when i check for my DKIM i cannot see it anywhere on mxtoolbox.com and mail-tester.com, like it is not found.

    I have typed in as a TXT record like this:

    dkim._domainkey.yogavoga.com 3600 TTL

    My domain key:

    v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BJx5OOUtXG/2rDmXj34tV+hFC7uT1I8URCv95/doYZozrdRFM00SPTgZ0sBlb8G5ivbc51XTlBGiZLFrLN/Sl+QY1C/RdppbQsx6wydp7BMu9UCiEHU0C9td3j/OpkSNByWb+3tlFDwe+3YOSTUCKRDS+lt3KDwOnhBSEHhzfQIDAQAB

    Any idea what’s wrong?

  • Richard Whitney
    1 week ago

    type yogavoga.com:dkim into mx super tool
    it finds:

    v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BJx5OOUtXG/2rDmXj34tV+hFC7uT1I8URCv95/doYZozrdRFM00SPTgZ0sBlb8G5ivbc51XTlBGiZLFrLN/Sl+QY1C/RdppbQsx6wydp7BMu9UCiEHU0C9td3j/OpkSNByWb+3tlFDwe+3YOSTUCKRDS+lt3KDwOnhBSEHhzfQIDAQAB
    
  • Do you think i have typed it right in my DNS record?

    dkim._domainkey.yogavoga.com

    It won’t appear on mxtoolbox etc.

  • Richard Whitney
    6 days ago

    Xiao,
    New issue: after

     apt update

    I get Internal server error from iredadmin pages.
    I am running:

    Ubuntu Bionic Beaver
    NGINX
    MySQL
    iRM 0.9.8
    

    I had to comment out the entry for SOGo repo to update
    What do you think?

    • I don’t think apt update caused the iredadmin error. You should check the Nginx logs in /var/log/nginx/ to find out the source of error.

  • Richard Whitney
    5 days ago

    very little logs. Here is a sample (one Roundcube and one iredadmin):

    192.168.0.23 - - [07/Dec/2018:07:58:23 -0700] "GET /mail/skins/larry/images/watermark.jpg HTTP/1.1" 304 0 "https://mail.email.com/mail/?_task=login&_err=session" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
    192.168.0.23 - - [07/Dec/2018:08:00:06 -0700] "GET /iredadmin HTTP/1.1" 500 32 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
    
  • Richard Whitney
    5 days ago

    If I reinstall iRedMail, will it overwrite the mysql installation?

  • Richard Whitney
    5 days ago

    I noticed im /opt/www/iredadmin:

    dr-xr-xr-x 10 iredadmin iredadmin  4096 Nov  5 11:19 .
    drwxr-xr-x  4 root      root       4096 Nov  8 14:11 ..
    -r-xr-xr-x  1 iredadmin iredadmin    49 May 12  2018 AUTHORS
    -r-xr-xr-x  1 iredadmin iredadmin 10912 May 12  2018 ChangeLog
    dr-xr-xr-x  6 iredadmin iredadmin  4096 Oct 29 14:07 controllers
    dr-xr-xr-x  2 iredadmin iredadmin  4096 Oct 29 14:07 docs
    dr-xr-xr-x 19 iredadmin iredadmin  4096 Oct 29 14:07 i18n
    lrwxrwxrwx  1 iredadmin iredadmin    24 Oct 29 14:07 iRedAdmin-0.9.1 -> /opt/www/iRedAdmin-0.9.1
    -r-xr-xr-x  1 iredadmin iredadmin   402 May 12  2018 iredadmin.py
    dr-xr-xr-x  6 iredadmin iredadmin  4096 Nov  8 17:01 libs
    -r-xr-xr-x  1 iredadmin iredadmin 18092 May 12  2018 LICENSE
    -r-xr-xr-x  1 iredadmin iredadmin   264 May 12  2018 README
    -r--------  1 iredadmin iredadmin  3768 Oct 29 14:07 settings.py
    -r--------  1 root      root       1588 Oct 29 15:01 settings.pyc
    -r-xr-xr-x  1 iredadmin iredadmin  4080 May 12  2018 settings.py.ldap.sample
    -r-xr-xr-x  1 iredadmin iredadmin  3567 May 12  2018 settings.py.mysql.sample
    -r-xr-xr-x  1 iredadmin iredadmin  3549 May 12  2018 settings.py.pgsql.sample
    dr-xr-xr-x  2 iredadmin iredadmin  4096 Oct 29 14:07 SQL
    dr-xr-xr-x  4 iredadmin iredadmin  4096 Oct 29 14:07 static
    dr-xr-xr-x  3 iredadmin iredadmin  4096 May 12  2018 templates
    dr-xr-xr-x  2 iredadmin iredadmin  4096 Oct 29 14:07 tools
    

    In a backup (slave) server with iredmail installed, that this:

    lrwxrwxrwx  1 iredadmin iredadmin    24 Oct 29 14:07 iRedAdmin-0.9.1 -> /opt/www/iRedAdmin-0.9.1
    

    is not there. Could this be causing the ISE 500 error?

  • Richard Whitney
    5 days ago

    I forgot to mention: iredadmin works on the slave

  • Richard Whitney
    5 days ago

    just logged in to roundcube as root. Getting cron messages from python:

    Traceback (most recent call last):
      File "/opt/www/iredadmin/tools/delete_mailboxes.py", line 48, in 
        from tools import ira_tool_lib
      File "/opt/www/iredadmin/tools/../tools/ira_tool_lib.py", line 21, in 
        from libs import iredutils
      File "/opt/www/iredadmin/tools/../libs/iredutils.py", line 266, in 
        min_passwd_length=settings.min_passwd_length,
    AttributeError: 'module' object has no attribute 'min_passwd_length'
  • Richard Whitney
    5 days ago

    I went ahead and set min_passwd_length = 8 and
    max_passwd_length = 32
    The cron emails stopped but I still have 500 error for iredadmin

  • Richard Whitney
    2 days ago

    Thanks Xiao!
    I just found a way to reinstall iRedAdmin alone – and this worked for me.
    Thank you for all your help!

  • Any good guide to install reverse DNS?

  • Lidor Amrani
    16 hours ago

    Another question:

    When i check my reverse DNS settings, it seems that my i.p is associated with box.yogavoga.com ,

    but for some reason my message is sent from ns1.yogavoga.com

    Any idea how to change it so the reverse DNS will match?

    • You can send an email to me, so that I can examine your situation. My email address can be found on the contact page.

      • Lidor Amrani
        4 hours ago

        I’ve tried to send but it seems my problem is different – when i test my DKIM key on Putty of example, it shows success, but when i try to test it on a tool like mxtoolbox it shows it says:

        No DKIM found with the selector mail.

        How can i change that? I mean, my selector is dkim._domainkey

        Am i missing somehing?

        Thank you

    • Your DKIM subdomain is dkim._domainkey.yogavoga.com. The selector is dkim, the first 4 letters. Your DKIM record is correct.

    • Send an email to me with whatever text in the email body. Then I can see why your message is from ns1.yogavoga.com.

      • ‪Lidor Amrani‬‏
        2 hours ago

        Hey, yes it is dkim. _domainkey but when I test it on mail-tester.com or m toolbox it says it cannot verify it for some reason and most of my emails are really going into the spam folder…

    • Can you show the mail-tester.com result so I can see what’s wrong?

      • ‪Lidor Amrani‬‏
        2 hours ago

        I’ve already successfully changed the hostname, but still receive this message on mail-tester.com:

        “DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
        The DKIM signature of your message is:

        v=1;
        a=rsa-sha256;
        q=dns/txt;
        c=relaxed/relaxed;
        d=yogavoga.com;
        s=mail;
        h=Message-ID:Subject:To:From:Date:Content-Transfer-Encoding:Content-Type:MIME-Version;
        bh=S343RAVSivuAU+e00nP9SeuELAULIXVvv7eaDVQIz6Y=;
        b=gvWd1Zc7cHtWL5yCG/QAqo44z+HK/otHIIHOvQ3Jukoqw2GMt2aQSGolsHOmUHUsQGUndMSlHPeT49B4bABto/yr4V+C+gVH2vSJYhph5eEGvDK55fex8cuPaYmZCN3KiRZGvR8UKHdoqw+EOib//niaTVIgoI+xf91UbhM/brzWWo3yekLDmzRoU5vsvm+481bo/XBKi+8UJF2M38+ZVKculJR2Dze8XcwreD90AIc5t0edJFUVY5SaCASA6jFMyxy1byPBHqG9XTICPkXV35BJZ9TuIJZ01OHPnG7RK2CI3XY4M2adBTpLDs+8GWUHDvEtnN9E/YS0t8Br9BQb5g==;

        We were not able to retrieve your public key.
        Please ensure that you inserted your DKIM TXT DNS record on your domain yogavoga.com using the selector mail.
        If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours, it may take some time for the DNS to be propagated “

        • Please run the following command on your email server to see what selector is being used for your domain.

          sudo amavisd-new showkeys

          Paste the output here.

    • I saw in my mail log that you are using the ns1.yogavoga.com as hostname. Considering that the reverse DNS is set to box.yogavoga.com, you should use box.yogavoga.com as the hostname.

      To change the Postfix hostname parameter, edit /etc/postfix/main.cf file.

      sudo nano /etc/postfix/main.cf

      Find the following parameter

      myhostname

      Change it’s value to box.yogavoga.com. Save and close the file. Then restart Postfix.

      sudo systemctl restart postfix
      • Lidor Amrani
        1 hour ago

        Output:

         [email protected]:~# sudo amavisd-new showkeys
        ; key#1 1024 bits, i=dkim, d=yogavoga.com, /var/lib/dkim/yogavoga.com.pem
        dkim._domainkey.yogavoga.com.   3600 TXT (
          "v=DKIM1; p="
          "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BJx5OOUtXG/2rDmXj34tV+hF"
          "C7uT1I8URCv95/doYZozrdRFM00SPTgZ0sBlb8G5ivbc51XTlBGiZLFrLN/Sl+QY"
          "1C/RdppbQsx6wydp7BMu9UCiEHU0C9td3j/OpkSNByWb+3tlFDwe+3YOSTUCKRDS"
          "+lt3KDwOnhBSEHhzfQIDAQAB") 
        • The default DKIM selector is dkim, and your DKIM record is correct, but for some reason your email server is using mail as selector. Open the Amavis configuration file.

          sudo nano /etc/amavis/conf.d/50-user

          Find the following line.

          dkim_key('your-domain.com', 'dkim', '/var/lib/dkim/your-domain.com.pem');

          The second parameter in the parentheses is the selector used by Amavis. If it’s set to mail in your file, change it to dkim.
          Save and close the file. Then restart Amavis.

          sudo systemctl restart amavis
    • The hostname is now set up correctly, but your domain is blacklisted by spamhaus.org. https://www.spamhaus.org/query/domain/yogavoga.com

      You need to send a remove request to spamhaus.

  • Lidor Amrani
    18 mins ago

    Hey I’ve just opened up the

     sudo nano /etc/amavis/conf.d/50-user 

    file and it looks good as dkim appears where it should be, but i still get the same result when i test it on mail-tester.com

    Is there is any other solution?

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • If my answer helped you, please consider supporting this site. Thanks :)