~2 min read • Updated Jan 27, 2026
1. What Is an Authentication Backend?
In iRedMail, the authentication backend is the system where:
- Email users are defined
- Passwords are stored
- Domains and aliases are managed
- Policies and restrictions are kept
Postfix and Dovecot store no user data — they only query the backend.
2. Backend in iRedMail Architecture
User Login (SMTP / IMAP)
↓
Postfix / Dovecot
↓ (Auth Query)
Authentication Backend (DB / LDAP)
If the backend goes down:
- SMTP AUTH fails
- IMAP login fails
- The entire mail system stops working
3. Types of Authentication Backends in iRedMail
1️⃣ Database‑based (recommended)
Usually:
- MariaDB / MySQL
- PostgreSQL
Best for:
- Most servers
- Simple management
- High performance
2️⃣ LDAP‑based (enterprise)
Usually:
- OpenLDAP
- Active Directory integration
Best for:
- Large organizations
- SSO environments
- Hierarchical user structures
4. Database vs LDAP Comparison
| Feature | Database | LDAP |
|---|---|---|
| Simplicity | ⭐⭐⭐⭐ | ⭐⭐ |
| Performance | ⭐⭐⭐⭐ | ⭐⭐⭐ |
| Scalability | ⭐⭐⭐ | ⭐⭐⭐⭐ |
| Maintenance | Easy | Complex |
| iRedMail Recommendation | ✅ | For enterprises only |
5. Database Backend (MariaDB / MySQL)
Important Databases
| Database | Purpose |
|---|---|
| vmail | Users and domains |
| iredadmin | Admin panel data |
| amavisd | Policies and spam data |
Critical Tables in vmail
| Table | Description |
|---|---|
| mailbox | Email accounts |
| domain | Domains |
| alias | Aliases |
| sender_bcc | Policies |
Authentication Flow (DB)
- Postfix → SQL maps
- Dovecot → SQL auth
Configuration paths:
/etc/postfix/mysql/*.cf /etc/dovecot/dovecot-sql.conf
6. LDAP Backend (OpenLDAP)
LDAP Structure Example
dc=example,dc=com ├── ou=Users ├── ou=Groups └── ou=Domains
Authentication Flow (LDAP)
- Bind user
- Search DN
- Verify password
Configuration paths:
/etc/postfix/ldap/*.cf /etc/dovecot/dovecot-ldap.conf
7. Password Security
Supported algorithms:
- SSHA512 (LDAP)
- BCRYPT / SHA512 (DB)
Passwords are never stored in plaintext.
8. Critical Backend Backups
Database Backup
mysqldump vmail > vmail.sql
LDAP Backup
slapcat > ldap.ldif
No backup = catastrophic risk.
9. Debugging & Troubleshooting
Test DB Auth
mysql vmail
Test LDAP
ldapsearch -x
Check logs
/var/log/maillog
10. Common Issues
❌ Authentication fails for all users
- Database down
- Wrong permissions
❌ Slow logins
- Bad queries
- Missing indexes
11. Professional Best Practices
- Use DB backend for 90% of deployments
- Enable replication for large DB setups
- Perform daily backups
- Monitor backend latency
Conclusion
The authentication backend is the backbone of iRedMail. Database backends are simple and fast, while LDAP is powerful but complex. Without a healthy backend, email cannot function. Proper configuration, monitoring, and backups ensure a stable and reliable mail system.
Written & researched by Dr. Shahin Siami