~2 min read • Updated Jan 27, 2026
1. Prerequisites
- A Linux server (Ubuntu 20.04 or Debian 11 recommended).
- Root or sudo access.
- A valid domain with DNS records (A and MX).
- Open ports: 25, 465, 587 for SMTP; 143, 993 for IMAP.
2. Update the System
First, update and upgrade packages:
sudo apt update && sudo apt upgrade -y
3. Download iRedMail
Switch to the root directory and download the package:
cd /root wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.7.4.tar.gz
4. Extract Files
Unpack the tarball:
tar xvf 1.7.4.tar.gz cd iRedMail-1.7.4
5. Run the Installer
Execute the installation script:
bash iRedMail.sh
During installation, you will be prompted for:
- Mail storage path (default: /var/vmail).
- Webmail choice (Roundcube or SOGo).
- Database choice (MariaDB or PostgreSQL).
- Main mail domain (e.g., mail.example.com).
6. Configure DNS
Set up DNS records for proper mail delivery:
- A Record: mail.example.com → server IP
- MX Record: example.com → mail.example.com
- SPF: "v=spf1 mx ~all"
- DKIM: Public key generated by iRedMail
- DMARC: "v=DMARC1; p=none; rua=mailto:[email protected]"
7. Access Panels
- Webmail:
https://mail.example.com/mail/ - Admin Panel (iRedAdmin):
https://mail.example.com/iredadmin/
8. Security Tips
- Use strong passwords.
- Enable firewall (ufw or iptables).
- Install Fail2Ban to prevent brute-force attacks.
- Configure SSL certificates (e.g., Let’s Encrypt).
9. Testing
After installation:
- Send test emails to Gmail/Yahoo to verify delivery.
- Check logs in
/var/log/mail.log. - Validate DNS records using
digor online tools like MXToolbox.
Conclusion
iRedMail provides a fast and complete solution for deploying a mail server. Following these steps, you will have a system with SMTP, IMAP, webmail, anti-spam, and antivirus features. The most critical post-installation tasks are DNS configuration and securing the server to ensure reliable mail delivery.
Written & researched by Dr. Shahin Siami
SubArticles
Comprehensive Guide to Roundcube in iRedMail
Roundcube is the default webmail client bundled with iRedMail. In recent versions, it is installed under /opt/www/roundcubemail/ as a symbolic link to the actual version directory (e.g., roundcubemail-1.6.x). Configuration is managed through config.inc.php, while defaults are stored in defaults.inc.php. Administrators should only override settings in config.inc.php or custom files under /opt/iredmail/custom/roundcube/. Roundcube offers over 200 configuration options covering IMAP/SMTP connectivity, database settings, security, plugins, user interface, and
Comprehensive Guide to Postfix and Its Role in iRedMail
Postfix is a powerful, fast, and secure Mail Transfer Agent (MTA) responsible for sending, receiving, and routing email via SMTP. It is the modern replacement for Sendmail and is known for its strong security model, high performance, and simple configuration. In iRedMail, Postfix acts as the core SMTP engine, working alongside Dovecot, Amavis, SpamAssassin, ClamAV, and other components to form a complete mail server stack. This article explains Postfix architecture, configuration files, ports, security, queue management, testing, and troubleshooting within an iRedMail environment.
Comprehensive Guide to Dovecot in iRedMail
Dovecot is a powerful and secure Mail Delivery Agent (MDA) and Mail Access Server responsible for IMAP/POP3 access, user authentication, and final message delivery to mailboxes. In iRedMail, Dovecot plays a critical role: it not only handles mailbox access but also serves as the authentication backend for Postfix. This article provides a complete overview of Dovecot’s architecture, configuration, security, logging, and troubleshooting within an iRedMail environment.
Comprehensive Guide to Amavis in iRedMail
Amavis (Amavisd-new) is a powerful mail content filter that sits between the MTA (Postfix) and security engines such as SpamAssassin and ClamAV. It does not send or receive email itself; instead, it inspects messages, classifies them, and decides whether to pass, tag, or reject them. In iRedMail, Amavis is the central decision-making engine for spam and virus filtering, and it plays a critical role in both inbound and outbound email security.
Comprehensive Guide to SpamAssassin in iRedMail
SpamAssassin is a powerful rule‑based and score‑based spam detection engine. It analyzes each email using hundreds of rules, assigns scores, and determines whether a message is spam or clean. In iRedMail, SpamAssassin does not make the final decision; instead, it provides scoring, and Amavis decides whether to tag, accept, or reject the message. This article explains SpamAssassin’s architecture, scoring system, configuration, Bayes learning, DNS checks, testing, and troubleshooting within an iRedMail environment.
Comprehensive Guide to ClamAV in iRedMail
ClamAV is an open‑source, lightweight, and highly reliable antivirus engine widely used in mail servers. Its primary purpose is scanning email attachments and detecting viruses, trojans, malware, and phishing attempts. In iRedMail, ClamAV works directly behind Amavis and forms a critical layer of email security. Without ClamAV, the mail system becomes vulnerable to malicious attachments and infected messages.
Comprehensive Guide to iRedAPD in iRedMail
iRedAPD (iRedMail Access Policy Daemon) is a lightweight but powerful policy server that integrates directly with Postfix to enforce security rules before an email is accepted or sent. It does not scan content, detect spam, or analyze attachments. Instead, it makes real‑time decisions about whether an SMTP action should be allowed or rejected. iRedAPD is a critical first‑line defense in iRedMail, preventing abuse, spoofing, and outbound spam bursts.
Comprehensive Guide to Fail2Ban in iRedMail
Fail2Ban is an Intrusion Prevention System that monitors service logs, detects suspicious patterns, and blocks offending IP addresses temporarily or permanently. It does not scan emails or detect spam; instead, it protects critical services such as Postfix, Dovecot, and Roundcube from brute‑force attacks and unauthorized access attempts. In iRedMail, Fail2Ban is a key security layer that helps maintain server stability, reputation, and protection against compromise.
Comprehensive Guide to Authentication Backend in iRedMail
In iRedMail, the Authentication Backend is the system where email accounts, passwords, domains, aliases, and policies are stored. Postfix and Dovecot do not store any user data themselves; instead, they query the backend whenever a user attempts to log in via SMTP or IMAP. A healthy backend is essential — if it goes down, authentication fails and the entire mail system becomes unusable.
Why OpenDKIM and OpenDMARC Are Essential in iRedMail
Why OpenDKIM and OpenDMARC Are Essential in iRedMail
Comprehensive Guide to SPF in iRedMail
SPF (Sender Policy Framework) is a DNS-based email authentication mechanism that tells receiving mail servers which IPs and hosts are allowed to send email on behalf of your domain. It doesn’t sign messages or inspect content; instead, it helps prevent spoofing and improves deliverability by allowing receivers to verify whether an email claiming to be from your domain is actually sent from an authorized source.