Skip to content

Latest commit

 

History

History
279 lines (247 loc) · 15 KB

README.md

File metadata and controls

279 lines (247 loc) · 15 KB

Free Perfect Email Server - Detailed Tutorial

This tutorial covers all the detailed steps for creating your own custom free email server using a Virtual Private Server running Ubuntu 12.10 x64 with iRedMail 0.8.4, iRedAdmin, PostgreSQL, Roundcubemail, Awstats, Apache and SSL Certificates.


I used Digital Ocean SSD VPS for this tutorial. (Included in this tutorial is a coupon for 2 months of free service.)

If you already have a perfectly configured server, you can skip to: 'Install iRedMail'.


README.md on GitHub ###Create a Droplet (aka VPS) ####I highly recommend using Digital Ocean SSD VPS for this setup. If you are creating a new account, use the coupon SSDPOWER for 2 months of free service. After creating a new account, click Create Droplet
* Screen Shot of Creating a Droplet via Digial Ocean

  1. Assign hostname (for this tutorial I will be using mail.yourdomain.com) From my tests 2GB/2CPUS/40GBSSD configuration works the best, but for trial and error we will use the smallest configuration. Screen Shot of Assigning Hostname

  2. Select Region - This is based on your location, or potenial users location. I chose San Francisco

  3. Change your server's password

    • Login to your server using a SSH Client (PuTTY/Terminal/Digital Ocean's Console Access) with the details given from the email. In your SSH Client type the following command:
      • ssh root@yourip
        
    • You will be prompted about a RSA key fingerprint. Type 'yes' as the prompt.
  • Enter the random password generated during droplet creation. You should now be logged into your server and see something similar to this: + Screenshot of Successful Server Login
    • It is very important to now change the password to something secure of your choice. At the command prompt type the following command:
  1. Reboot your server by typing the following command:

Now your in! Let's start configuring!


###Setup 2GB of Swap Memory This helps with server stability and is optional but highly recommended.

  1. Login back into your server and type the following command:
    • dd if=/dev/zero of=/swap bs=1024 count=2097152
      mkswap /swap && chown root. /swap && chmod 0600 /swap && swapon /swap
      echo /swap swap swap defaults 0 0 >> /etc/fstab
      echo vm.swappiness = 0 >> /etc/sysctl.conf && sysctl -p
      
  2. Check to make sure your swap file is active by typing the following command:

Swap (virtual ram) is setup!


###Set your domain's DNS via Digital Ocean's Control Panel Please ensure that your domain's dns are forwarding to your server if you are not using Digital Ocean

  1. Add a domain to your account by visiting Digital Ocean's Domain Control Panel | Screen Shot of DCP
    1. Click the [Add Domain] button
    2. Input your domain, droplet's ip address, and select your droplet.
    3. Click the [Create Domain] button. You should see 'Domain was successfully created'.
    4. Click the [Add Record] button
      • Select MX as the Record Type
      • In Hostname input:
        • mail.yourdomain.com. Ensure the trailing . after your domain.
      • In Priority
      • You also want to add a CNAME record for 'mail', '@'. This may seem a little redundant, but it ensures SSL Certification ease later.
        • 10
      • Click the [CREATE] button

DNS is set!


###Ensure VPS is Updated Again, if this is a pre-configured VPS and you now everything is good to go, you may skip this step, but is still recommended

  1. From your SSH Client use the following command:
    • apt-get update
    • apt-get upgrade
      • Depending on how many items need to be updated, you will see something similar to the following screenshot and be prompted to continue. Type Y, and your server will begin updating.
      • Screen Shot of Update Process

Your up to date!


###Set your Fully Qualified Domain Name (FQDN) If its already set, it would be a good idea to confirm it

  1. Edit the hosts file by typing the following command:
  2. Change the default line to:
    • 127.0.0.1 mail.yourdomain.com mail localhost
    • You can verify this by rebooting, and typing:
      • hostname -f

Your FDQN is now set!


###Install iRedMail This is the magic software and step for all users

  1. From the command prompt type the following command:
    •   wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.4.tar.bz2
        tar jxvf iRedMail-0.8.4.tar.bz2
        rm iRedMail-0.8.4.tar.bz2
        mv iRedMail-0.8.4 iRedMail
        cd iRedMail
        bash iRedMail.sh```
      
    • Your server will begin installing requirements.
  2. Once you see the screen 'Welcome and thank you for your use':
  3. iRedMail will prompt for firewall rules:
    • Select 'N'
    • iRedMail is now installed, take note of the url's given
    • Open iRedMail.tips for configuration specifics by typing the following command:
      • nano /tmp/iRedMail/iRedMail.tips (Save this information incase you don't receive the email)
    • Now reboot and log back in!

You've just installed iRedMail! Feel accomplished yet?


###Create a Secure SSL Certificate For tutorial purposes we will use InstantSLL for a free certificate

  1. Create a Certificate Signing Request by typing the following command:

    •  cd /etc/ssl
       openssl req -out mail.yourdomain.com.csr -new -newkey rsa:2048 -nodes -keyout mail.yourdomain.com.key
      
    • You will be prompted for information about your certificate, fill them out as requested. The 'extra' attributes are not required (Do not give a challenge password)
  2. Open your Certificate Signing Request by typing the following command:

    • nano mail.yourdomain.com.csr
  3. Copy all of the information located here, into the CSR Box from InstantSSL.

    • Select Apache-ModSSL from the server software drop-down, uncheck Opt in? Then click 'Next >'
    • Screen Shot of CSR Box @ InstantSSL
    • After InstantSLL validates your request (more steps) you will receive a .zip containing two files. [ mail_yourdomain_com.ca-bundle and mail_yourdomain_com.crt] (Screen Shot of the files) To rush the validation, you can log into the comodo account you created and download the .zip of certificate files from your account panel.
  4. Place both of these files in /etc/ssl on your server

    • After unzipping the document, open each file with your favorite text editor.
    • Copy and paste the information in each file into the same file name on your server.
  5. Modify Apache's default-ssl to reflect these SSL Certificates

    • Type the following command nano /etc/apache2/sites-available/default-ssl

    • Replace the default information so that the following is set

            SSLCertificateFile /etc/ssl/mail_yourdomain_com.crt
            SSLCertificateKeyFile /etc/ssl/mail.yourdomain.com.key
            SSLCACertificateFile /etc/ssl/mail_yourdomain_com.ca-bundle
      
    • Please ensure to remove the # before SSLCACertificateFile and do not place the >> in the file, as these are indicators for your benefit

  6. Modify Postfix and Dovecot's configuration files

    • Postfix: nano /etc/postfix/main.cf

      • Screen Shot of Postfix main.cf

      • Under #TLS Parameters change:

          smtpd_tls_cert_file = /etc/ssl/mail_yourdomain_com.crt 
          and 
          smtpd_tls_key_file = /etc/ssl/mail.yourdomain.com.key  
        
    • Dovecot: nano /etc/postfix/main.cf

      • Screen Shot of Dovecot main.cf

      • Under # SSL: Global settings change:

          ssl = required 
          verbose_ssl = yes 
          (this is optional, but added for debug help) and, 
          ssl_cert = </etc/ssl/mail_yourdomain_com.crt 
          ssl_key = </etc/ssl/mail.yourdomain.com.key  
        
      • Use Ctrl+X and Y + Enter to save the adjustments

  7. Reboot by issuing the command reboot

  8. Verify your SSL is working by visiting https://mail.yourdomain.com Depending on which browser/OS you are using, you will see a lock icon next to your URL similar to the screenshot Screen Shot of SSL Secured Page

You have your very own SSL Secured Address!


###Configure iRedAdmin Accounts

  1. Login to iRedAdmin and configure accounts
  2. Change your password!
    • Click Preferences in the top right, then select Password to the right of General
  3. Disable Greylisting! This is my personal preference, it's only given me problems in the past
  4. Create a new email address.
    • Return to https://mail.yourdomain.com and login

    • Select [+Add...] > >User

        Mail Address* [anythingyouwish]@[yourdomain.com]
        New password* [********]
        Confirm new password [********]
        Display Name [not required but suggested]
        Mailbox Quota [0-99999] 
      

You just created your first email account on your new server!


###Using your new email! After all of that, you finally get to use your email server for personal email, or professional!

  1. Webmail Access

    • https://mail.yourdomain.com This is the url for you to be able to access your e-mail from any web-enabled device!
      • Enter the Username and Password you just created
      • You should now be welcomed by a beautiful roundcube webmail user interface.
      • From this point I typically like to test the send/receive functions.
        • Select Compose +, to create a new message to whomever you like.
          • Before sending, open your SSH client with the following command: tail -f mail.log mail.err for debugging!
          • I would also suggest doing the same by sending an email to your new account from another email address.
  2. Mail Client

    • Coming Soon

githalytics.com alpha