Project

General

Profile

Support #776

Install a Mail Server With iRedMail 0.9.5 on FreeBSD

Added by Daniel Curtis almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Mail Server
Target version:
FreeBSD 10
Start date:
11/12/2014
Due date:
% Done:

100%

Estimated time:
3.00 h
Spent time:
5.00 h

Description

One of the core services of the Internet is email, and as such I needed to setup a mail server for one of my projects. Rather than setting up postfix, dovecot, spamassassin, etc. by hand, I found the useful open source project iRedMail. Unfortunately, this project currently is not in the port tree, however the install script uses the ports tree to install each of the necessary packages. This guide uses a FreeBSD 10.3 environment.

Update the system

  • Login as root:
    su -
  • Update the ports tree
    portsnap fetch extract
  • Install portmaster
    pkg install portmaster
pkg2ng
  • Upgrade the base system
    pkg update && pkg upgrade
  • Add or modify the /etc/rc.conf file:
    vi /etc/rc.conf
    • And make sure the hostname is set:
      hostname="mx.example.com"
  • Add or modify the /etc/hosts file:
    vi /etc/hosts
    • And make sure the hostname is set:
      127.0.0.1   mx.example.com mx localhost
  • Check the current hostname:
    hostname -f
    • The output should look similar to the following:
      mx.example.com
NOTE: I had some issues trying to set the FQDN on a DigitalOcean droplet, I needed to set the hostname in the rc.local file:
vi /etc/rc.local
  • And add the following to the end of the file:
    hostname mx.example.com &

Install iRedMail

  • Install bash and openssl
    pkg install bash openssl
  • Fetch and extract the iRedMail stable installer:
    cd
fetch https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.5-1.tar.bz2
tar xjf iRedMail-0.9.5-1.tar.bz2
cd iRedMail-0.9.5-1
  • Run the iRedMail Installer:
    bash iRedMail.sh

Configure iRedMail

The install process will pull in all the required packages during installation. Since each mail server is a little different, my setup uses the following parameters:
  • Default mail storage path: /var/vmail
  • Default web server: nginx
  • Preferred backend used to store mail accounts: MariaDB
  • First virtual domain name: example.com
  • Optional components:
    • DKIM signing/verification
    • iRedAdmin
    • Roundcubemail
    • phpMyAdmin
    • Awstats

When the installation finishes, all the login information and URLs will be placed in the iRedMail.tips file.

Securing iRedMail with SSL/TLS

NOTE: I've switched to LetsEncrypt for providing SSL certificates. To setup SSL with LetsEncrypt refer to Issue #843

The default location for the self-signed certificate is in /etc/ssl/certs/iRedMail.crt and the key is in /etc/ssl/private/iRedMail.key; I am going to change these to /usr/local/etc/ssl/mx.example.com.crt and /usr/local/etc/ssl/mx.example.com.key, respectively.

  • Start by create a dhparam file:
    openssl dhparam -out /usr/local/etc/ssl/dhparams.pem 4096
  • Next, generate a nice strong SSL key and CSR:
    openssl req -sha512 -out mx.example.com.csr -new -newkey rsa:4096 -nodes -keyout mx.example.com.key
  • When the SSL certificate is signed, copy it securely to /usr/local/etc/ssl/mx.example.com.crt
  • Edit the default nginx server block config:
    vi /usr/local/etc/nginx/conf.d/default.conf
    • And change the ssl_certificate_key, ssl_certificate, and ssl_dhparam paths:
      ssl_certificate_key /usr/local/etc/ssl/mx.example.com.key
ssl_certificate /usr/local/etc/ssl/mx.example.com.crt
ssl_dhparam /usr/local/etc/ssl/dhparams.pem;
  • Edit the main postfix config:
    vi /usr/local/etc/postfix/main.cf
    • And change the smtpd_tls_key_file, smtpd_tls_cert_file, smtpd_tls_CAfile, and smtpd_tls_dh1024_param_file paths:
      smtpd_tls_key_file = /usr/local/etc/ssl/mx.example.com.key
smtpd_tls_cert_file = /usr/local/etc/ssl/mx.example.com.crt
smtpd_tls_CAfile = /usr/local/etc/ssl/mx.example.com.crt
smtpd_tls_dh1024_param_file = /usr/local/etc/ssl/dhparams.pem
  • Edit the dovecot config:
    vi /usr/local/etc/dovecot/dovecot.conf
    • And change the paths:
      ssl_cert = </usr/local/etc/ssl/mx.example.com.crt
ssl_key = </usr/local/etc/ssl/mx.example.com.key

NOTE: To use an intermediate CA certificate nginx requires all SSL certificate be attached all in a single file. This can be done by running:

cat mx.example.com.crt ca.cert.bundle.pem > mx.example.com.bundle.crt

DNS

A Record

  • From your DNS record manager, create an A record using the following template:
    NAME                TTL     TYPE    DATA
www.example.com.    1800    A       10.0.0.3

PTR Record

  • From your DNS record manager, create a PTR record using the following template:
    NAME                    TTL     TYPE    DATA
3.0.0.10.in-addr.arpa.    1800    PTR    mail.example.com.

MX Record

  • From your DNS record manager, create a MX record using the following template:
    NAME            PRIORITY    TYPE    DATA
example.com.    10          mx      mail.example.com

SPF Record

  • From your DNS record manager, create a TXT record using the following template:
    NAME            PRIORITY    TYPE    DATA
example.com.    3600        TXT     v=spf1 mx mx:example.com -all

DKIM Record

  • Run command in terminal to show your DKIM keys:
    amavisd showkeys
    • Example output:
      dkim._domainkey.example.com.   3600 TXT (
  "v=DKIM1; p=" 
  "YUVfMB0GCSqFGTb3DQEBAWAAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaK" 
  "txFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBok" 
  "FcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5" 
  "EV711qww34omquskkwIDFMRI")
  • From your DNS record manager, create a TXT record using the following template:
    NAME                          PRIORITY    TYPE    DATA
dkim._domainkey.example.com  3600        TXT     v=DKIM1; p=YUVfMB0GCSqFGTb3DQEBAWAAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaKtxFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBokFcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5EV711qww34omquskkwIDFMRI

Resources

Files

iRedMail-0.8.7.tar.bz2 (110 KB) iRedMail-0.8.7.tar.bz2 iRedMail Installer Daniel Curtis, 11/12/2014 11:52 AM

Related issues

Copied from FreeBSD Administration - Support #537: Install a Mail Server With iRedMail 0.9.0 on FreeBSDClosedDaniel Curtis11/12/2014

Actions
#1

Updated by Daniel Curtis almost 9 years ago

  • Copied from Support #537: Install a Mail Server With iRedMail 0.9.0 on FreeBSD added
#2

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
  • Status changed from New to In Progress
  • % Done changed from 0 to 30
#3

Updated by Daniel Curtis over 8 years ago

  • Subject changed from Install a Mail Server With iRedMail 0.9.4 on FreeBSD to Install a Mail Server With iRedMail 0.9.5 on FreeBSD
  • Description updated (diff)
  • Target version changed from FreeBSD 9 to FreeBSD 10
  • % Done changed from 30 to 70
#4

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
  • Status changed from In Progress to Resolved
  • % Done changed from 70 to 100
#5

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#6

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#7

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#8

Updated by Daniel Curtis over 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF