How Many Times Does The Postmaster Try To Deliver A Registered Mailing

Setting up your own email server on Linux from scratch is a long and tedious procedure, a hurting in the butt if yous are not an advanced user. This tutorial will be showing you how to use iRedMail to chop-chop ready up a full-featured mail server on Ubuntu 20.04, saving y'all lots of time and headaches.

What is iRedMail?

iRedMail is a shell script that automatically installs and configures all necessary mail server components on your Linux/BSD server, thus eliminating manual installation and configuration. With iRedMail, you lot can easily create unlimited mailboxes and unlimited mail service domains in a web-based admin panel. Mailboxes tin can exist stored in MariaDB/MySQL, PostgreSQL database, or OpenLDAP. The following is a list of open-source software that will be automatically installed and configured past iRedMail.

• Postfix SMTP server
• Dovecot IMAP server
• Nginx spider web server to serve the admin panel and webmail
• OpenLDAP, MySQL/MariaDB, or PostgreSQL for storing user information
• Amavised-new for DKIM signing and verification
• SpamAssassin for anti-spam
• ClamAV for anti-virus
• Roundcube webmail
• SOGo groupware, providing webmail, calendar (CalDAV), contacts (CardDAV), tasks and ActiveSync services.
• Fail2ban for protecting SSH
• mlmmj mailing listing manager
• Netdata server monitoring
• iRedAPD Postfix policy server for greylisting

Step one: Choose the Right Hosting Provider and Buy a Domain Name

To set up up a total-featured email server with iRedMail, yous need a server with at least 3GB RAM, considering later the installation, your server will utilise more than 2GB of RAM.

It is highly recommended that yous install iRedMail on a clean install of Ubuntu twenty.04 server.

This tutorial is washed on a $9/month Kamatera VPS (virtual private server) with ane CPU and 3GB RAM. They offer a 30-mean solar day free trial.

Kamatera is a very skilful option to run a mail server considering

• They don't block port 25, so you lot tin can transport unlimited emails (transactional e-mail and newsletters) without spending money on SMTP relay service. Kamatera doesn't have any SMTP limits. Yous can send a million emails per day.
• The IP address isn't on any email blacklist. (At to the lowest degree this is true in my case. I chose the Dallas data center.) You definitely don't want to be listed on the dreaded Microsoft Outlook IP blacklist or the spamrats blacklist. Some blacklists block an entire IP range and you take no way to delist your IP accost from this kind of blacklist.
• You can edit PTR record to amend email deliverability.
• They allow you lot to send newsletters to your email subscribers with no hourly limits or daily limits, whatsoever.
• You lot can order multiple IP addresses for a unmarried server. This is very useful for folks who need to send a large volume of emails. Y'all can spread email traffic on multiple IP addresses to achieve better email deliverability.

Other VPS providers like DigitalOcean blocks port 25. DigitalOcean would not unblock port 25, then you will need to set SMTP relay to featherbed blocking, which can cost you boosted money. If you use Vultr VPS, then port 25 is blocked by default. They can unblock it if you open a support ticket, but they may block information technology again at whatsoever time if they decide your electronic mail sending activity is not allowed. Vultr actually may re-cake it if you utilise their servers to transport newsletters.

Go to Kamatera website to create an account, then create your server in your account dashboard.

I recommend following the tutorial linked below to properly set up your Linux VPS server on Kamatera.

• How to Create a Linux VPS Server on Kamatera

In one case yous created a server, Kamatera volition send you an e-mail with the server SSH login details. To log into your server, yous use an SSH client. If yous are using Linux or macOS on your computer, then simply open up a terminal window and run the following command to log into your server. Replace 12.34.56.78 with your server'due south IP address.

ssh [e-mail protected]

You will be asked to enter the password.

You also demand a domain name. I registered my domain name from NameCheap because the cost is low and they requite whois privacy protection free for life.

Step 2: Creating DNS MX Tape

The MX tape specifies which host or hosts handle emails for a detail domain name. For example, the host that handles emails for linuxbabe.com is mail.linuxbabe.com. If someone with a Gmail account sends an electronic mail to [email protected], and then Gmail server will query the MX tape of linuxbabe.com. When it finds out that mail.linuxbabe.com is responsible for accepting email, it then queries the A record of mail service.linuxbabe.com to get the IP accost, thus the email can exist delivered.

You need to go to your DNS hosting service (usually your domain registrar) to create DNS records. In your DNS manager, create a MX record for your domain name. Enter @ in the Proper name field to represent the main domain name, and so enter mail.your-domain.com in the Value field.

Annotation: The hostname for MX tape can not be an alias to another name. Also, It's highly recommended that yous apply hostnames, rather than bare IP addresses for MX record.

Your DNS director may require you to enter a preference value (aka priority value). It can be any number between 0 and 65,356. A small number has college priority than a big number. It's recommended that you set the value to 0, so this mail server will have the highest priority for receiving emails. After creating MX tape, yous also need to create an A record for postal service.your-domain.com , so that it can be resolved to an IP address. If your server uses IPv6 address, be sure to add AAAA record.

Hint: If you employ Cloudflare DNS service, you should non enable the CDN feature when creating A tape for mail.your-domain.com. Cloudflare does not support SMTP proxy.

Pace three: Configuring Hostname

Log into your server via SSH, then run the following command to update existing software packages.

sudo apt update  sudo apt upgrade -y

During the upgrade process, it may ask you the following question. If you want to go on using port 6543 for SSH, then select keep the local version currently installed. If yous want to use port 22 for SSH, then select install the package maintainer's version.

I strongly recommend creating a sudo user for managing your server rather than using the default root user. Run the following command to create a user. Replace username with your preferred username.

adduser          username        

Then add the user to the sudo group.

adduser          username          sudo

Switch to the new user.

su -          username        

Next, ready a fully qualified domain proper noun (FQDN) for your server with the following command.

sudo hostnamectl ready-hostname          mail service.your-domain.com        

We as well need to update /etc/hosts file with a control-line text editor similar Nano.

sudo nano /etc/hosts

Edit information technology similar beneath. (Utilize arrow keys to move the cursor in the file.)

127.0.0.1          post.your-domain.com          localhost

Save and shut the file. (To salve a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To close the file, press Ctrl+X.)

To see the changes, re-login and then run the following command to meet your hostname.

hostname -f

Step 4: Setting up Mail Server on Ubuntu xx.04 with iRedMail

Run the following commands to download the latest version of iRedMail script installer from its Github repository.

wget https://github.com/iredmail/iRedMail/archive/1.5.0.tar.gz

Extract the archived file.

tar xvf one.5.0.tar.gz

And so cd into the newly-created directory.

cd iRedMail-ane.5.0/

Add executable permission to the iRedMail.sh script.

chmod +x iRedMail.sh

Next, run the Bash script with sudo privilege.

sudo bash iRedMail.sh

The mail server setup sorcerer volition announced. Use the Tab fundamental to select Yes and press Enter.

The adjacent screen volition ask you lot to select the mail storage path. You can apply the default path: /var/vmail, and then only printing Enter.

Then choose whether you want to run a web server. Information technology's highly recommended that you cull to run a web server because y'all need the web-based admin console to add email accounts. Besides, information technology allows y'all to access the Roundcube webmail. By default, Nginx web server is selected, then you can simply press Enter. (An asterisk indicates the item is selected.)

And so select the storage backend for email accounts. Cull one that you are familiar with. This tutorial chose MariaDB. Press up and down arrow key and press the space bar to select.

If y'all selected MariaDB or MySQL, then y'all will need to set the MySQL root password.

Next, enter your first mail domain. You tin add additional postal service domains afterwards in the web-based admin panel. This tutorial assumes that you want an e-mail account similar [electronic mail protected]. In that case, you need to enter your-domain.com here, without sub-domain. Practice non printing the space bar subsequently your domain name. I think iRedMail will re-create the infinite character along with your domain name, which tin can result in installation failure.

Next, ready a password for the mail domain ambassador.

Choose optional components. Past default, 4 items are selected. If you lot like to utilise the SOGo groupware (webmail, calendar, address volume, ActiveSync), and then press the down arrow key and space bar to select. Press Enter to the next screen.

Now y'all can review your configurations. Type Y to brainstorm the installation of all mail server components.

At the end of installation, choose y to use firewall rules provided by iRedMail and restart firewall.

Now iRedMail installation is complete. You will be notified the URL of webmail, web admin panel and the login credentials. The iRedMail.tips file contains important information near your iRedMail server.

Reboot your Ubuntu twenty.04 server.

sudo shutdown -r now

Once your server is dorsum online, you can visit the spider web admin panel.

https://mail.your-domain.com/iredadmin/

Note that in the in a higher place URL, the sub-directory for accessing the admin console is /iredadmin/, not /iredmail/. And because it'due south using a self-signed TLS certificate, you lot need to add together security exception in your spider web browser.

Stride v: Installing Let's Encrypt TLS Certificate

Since the mail server is using a self-signed TLS certificate, both desktop mail client users and webmail customer users volition see a warning. To fix this, we can obtain and install a gratis Let's Encrypt TLS document.

Obtaining the Document

Start, log in to your server again via SSH and run the following command to install Allow'south Encrypt (certbot) customer on Ubuntu 20.04.

sudo apt install certbot

iRedMail has already configured TLS settings in the default Nginx virtual host, so here I recommend using the webroot plugin, instead of nginx plugin, to obtain a certificate. Run the following control. Supplant the red text with your actual data.

sudo certbot certonly --webroot --agree-tos --electronic mail          [electronic mail protected]          -d          post.your-domain.com          -w /var/www/html/

When it asks you if yous want to receive communications from EFF, you can choose No.

If everything went well, you will see the following text indicating that you accept successfully obtained a TLS document. Your document and chain have been saved at /etc/letsencrypt/alive/mail.your-domain.com/ directory.

Failure to Obtain TLS Certificate

If certbot failed to obtain TLS certificate, peradventure information technology'south considering your DNS records are not propagated to the Net. Depending on the domain registrar you lot use, your DNS record might exist propagated instantly, or it might take up to 24 hours to propagate. You can go to https://dnsmap.io, enter your mail server's hostname (mail.your-domain.com) to check DNS propagation.

If certbot failed to obtain a document and you saw the following message,

Failed authority procedure. postal service.linuxbabe.com (http-01): urn:ietf:params:height:fault:connection :: The server could not connect to the client to verify the domain :: Fetching https://mail.linuxbabe.com/.well-known/acme-challenge/IZ7hMmRE4ZlGW7cXYoq2Lc_VrFzVFyfW6E0pzNlhiOA: Timeout during connect (likely firewall problem)

It might exist that you have set AAAA record for post.your-domain.com, only Nginx web server doesn't mind on IPv6 accost. To fix this mistake, edit the /etc/nginx/sites-enabled/00-default.conf file

sudo nano /etc/nginx/sites-enabled/00-default.conf

Observe the following line.

#mind [::]:lxxx;

Remove the # character to enable IPv6 for this Nginx virtual host.

listen [::]:80;

Salve and close the file. Then edit the SSL virtual host /etc/nginx/sites-enabled/00-default-ssl.conf.

sudo nano /etc/nginx/sites-enabled/00-default-ssl.conf

Add together the post-obit line.

mind [::]:443 ssl http2;

Save and shut the file. Then test Nginx configuration.

sudo nginx -t

If the test is successful, reload Nginx for the alter to take effect.

sudo systemctl reload nginx

Run the following command once again to obtain TLS certificate. Replace red text with your bodily data.

sudo certbot certonly --webroot --concord-tos --email          [email protected]          -d          mail service.your-domain.com          -w /var/world wide web/html/

Now you should exist able to successfully obtain TLS document.

Installing the Certificate in Nginx

After obtaining a TLS certificate, let'southward configure Nginx spider web server to use it. Edit the SSL template file.

sudo nano /etc/nginx/templates/ssl.tmpl

Discover the post-obit 2 lines.

ssl_certificate /etc/ssl/certs/iRedMail.crt; ssl_certificate_key /etc/ssl/individual/iRedMail.key;

Supervene upon them with:

ssl_certificate /etc/letsencrypt/live/mail service.your-domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mail.your-domain.com/privkey.pem;

Save and close the file. Then test nginx configuration and reload.

sudo nginx -t  sudo systemctl reload nginx

Visit iRedMail admin panel once again, your web browser won't warn you lot any more because Nginx is now using a valid TLS certificate.

Installing TLS Certificate in Postfix and Dovecot

Nosotros also demand to configure Postfix SMTP server and Dovecot IMAP server to use the Let's Encrypt issued certificate so that desktop mail service customer won't display security alert. Edit the principal configuration file of Postfix.

sudo nano /etc/postfix/chief.cf

Find the following 3 lines. (line 95, 96, 97).

smtpd_tls_key_file = /etc/ssl/private/iRedMail.key smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt

Replace them with:

smtpd_tls_key_file = /etc/letsencrypt/live/mail.your-domain.com/privkey.pem smtpd_tls_cert_file = /etc/letsencrypt/live/mail.your-domain.com/cert.pem smtpd_tls_CAfile = /etc/letsencrypt/live/postal service.your-domain.com/chain.pem

Save and close the file. And so reload Postfix.

sudo systemctl reload postfix

Next, edit the chief configuration file of Dovecot.

sudo nano /etc/dovecot/dovecot.conf

Fine the post-obit 2 lines. (line 47, 48)

ssl_cert = </etc/ssl/certs/iRedMail.crt ssl_key = </etc/ssl/private/iRedMail.cardinal

Supercede them with:

ssl_cert = </etc/letsencrypt/live/postal service.your-domain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem

Save and close the file. Then reload dovecot.

sudo systemctl reload dovecot

From now on, desktop mail users won't run across security warnings.

Step 6: Sending Test Email

Log into iredadmin panel with the postmaster mail business relationship ([email protected]). In the Add tab, you can add additional domains or email addresses.

If y'all see "no domain under control" error, please refer to this article.

After yous create a user, you can visit the Roundcube webmail accost and login with the new postal service user account.

https://mail.your-domain.com/mail service/

At present you can test email sending and receiving. Delight note that you may need to wait a few minutes to receive emails considering iRedMail by default enables greylisting, which is a way to tell other sending SMTP servers to try again in a few minutes. The following line in mail service log file /var/log/mail.log indicates greylisting is enabled.

Recipient accost rejected: Intentional policy rejection, please try again later;

Adding Swap Space

ClamAV is used to scan viruses in electronic mail messages. ClamAV can utilise a fair amount of RAM. If there's not enough RAM on your server, ClamAV won't work properly, which will preclude your mail server from sending emails. You lot can add a swap file to your server to increase the total RAM on your server. (Notation that using swap space on the server volition degrade server performance. If you want meliorate functioning, y'all should upgrade the physical RAM instead of using swap space.)

To add swap space on the server, start, employ the fallocate command to create a file. For example, create a file named swapfile with 1G chapters in root file system:

sudo fallocate -fifty 1G /swapfile

So make certain only root tin can read and write to it.

sudo chmod 600 /swapfile

Format it to swap:

sudo mkswap /swapfile

Output:

Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes) no label, UUID=0aab5886-4dfb-40d4-920d-fb1115c67433

Enable the bandy file

sudo swapon /swapfile

To mount the bandy space at system boot time, edit the /etc/fstab file.

sudo nano /etc/fstab

Add the following line at the bottom of this file.

/swapfile    swap    bandy     defaults    0   0

Salvage and shut the file. So reload systemd and restart ClamAV.

sudo systemctl daemon-reload  sudo systemctl restart clamav-daemon

Step 7: Checking If Port 25 (outbound) is blocked

Your Internet service provider or hosting provider won't cake incoming connections to port 25 of your server, which ways you tin can receive emails from other mail servers. However, many ISP/hosting providers block outgoing connections to port 25 of other post servers, which means you tin't send emails.

If your email didn't go far at your other email address such every bit Gmail, then run the following command on your mail server to check if port 25 (outbound) is blocked.

telnet gmail-smtp-in.50.google.com 25

If it's not blocked, you would see letters like beneath, which indicates a connection is successfully established. (Hint: Blazon in quit and press Enter to close the connection.)

Trying 74.125.68.26... Connected to gmail-smtp-in.l.google.com. Escape grapheme is '^]'. 220 mx.google.com ESMTP y22si1641751pll.208 - gsmtp

If port 25 (outbound) is blocked, you would see something like:

Trying 2607:f8b0:400e:c06::1a... Trying 74.125.195.27... telnet: Unable to connect to remote host: Connexion timed out

In this example, your Postfix can't send emails to other SMTP servers. Enquire your Internet access provider/hosting provider to open information technology for you. If they refuse your asking, y'all need to set up SMTP relay to bypass port 25 blocking.

Still Can't Send Email?

If port 25 (outbound) is non blocked, simply you nonetheless can't send emails from your own post server to your other electronic mail address like Gmail, so you should check the mail log (/var/log/mail.log).

sudo nano /var/log/mail.log

For example, some folks might run into the post-obit lines in the file.

host gmail-smtp-in.50.google.com[2404:6800:4003:c03::1b] said: 550-five.7.ane [2a0d:7c40:3000:b8b::2]          Our organisation has detected that 550-v.vii.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.seven.1 records and hallmark. Please review 550-5.seven.1 https://support.google.com/mail/?p=IPv6AuthError for more information

This ways your mail server is using IPv6 to ship the e-mail, merely you didn't fix IPv6 records. You lot should go to your DNS manager, set up AAAA record for mail.your-domain.com, then you should set up PTR record for your IPv6 address, which is discussed in stride nine.

Step 8: Using Mail Clients on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add together a mail account.

• In the incoming server section, select IMAP protocol, enter post.your-domain.com every bit the server name, cull port 143 and STARTTLS. Choose normal password equally the hallmark method.
• In the outgoing section, select SMTP protocol, enter mail.your-domain.com as the server proper noun, cull port 587 and STARTTLS. Choose normal password as the hallmark method.

Fail2ban Blocking Your Own IP Address

If y'all fabricated a mistake and failed to log in to mail server multiple times, and so the Fail2ban service on the mail server might block your IP accost. Y'all tin can add your IP address to whitelist by editing the jail.local file.

sudo nano /etc/fail2ban/jail.local

Add your own IP address to the ignore list like below. Replace 12.34.56.78 with your existent IP address.

ignoreip =          12.34.56.78          127.0.0.1 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Relieve and close the file. And then restart Fail2ban.

sudo systemctl restart fail2ban

Step ix: Improving Electronic mail Deliverablity

To preclude your emails from being flagged as spam, you should set PTR, SPF, DKIM and DMARC records.

PTR record

A pointer tape, or PTR tape, maps an IP address to a FQDN (fully qualified domain name). It's the analogue to the A tape and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR tape is constitute for the sending server.

To bank check the PTR record for an IP accost, run this command:

dig -x IP-address +brusk

or

host IP-address

PTR record isn't managed by your domain registrar. Information technology's managed by the organization that gives you an IP address. Considering y'all become IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider, or enquire your Isp. Its value should exist your post server's hostname: mail service.your-domain.com. If your server uses IPv6 accost, be sure to add a PTR record for your IPv6 address as well.

To edit the reverse DNS tape for your Kamatera VPS, log into the Kamatera customer area, so open up a support ticket and tell them to add PTR record for your server IP addresss to point the IP accost to postal service.your-domain.com. It's non convenient, you might think, but this is to keep spammers away from the platform, and then legitimate email senders like us will accept a smashing IP reputation.

SPF Tape

SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should let only your own email server or your Isp's server to send emails for your domain. In your DNS management interface, create a new TXT record similar below.

Explanation:

• TXT indicates this is a TXT record.
• Enter @ in the name field to represent the master domain name.
• v=spf1 indicates this is a SPF record and the version is SPF1.
• mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
• ~all indicates that emails from your domain should but come up from hosts specified in the SPF record. Emails that are from other hosts volition be flagged as forged.

To cheque if your SPF tape is propagated to the public Internet, y'all can use the dig utility on your Linux machine like below:

dig your-domain.com txt

The txt pick tells dig that we only want to query TXT records.

DKIM Record

DKIM (DomainKeys Identified Post) uses a private key to digitally sign emails sent from your domain. Receiving SMTP servers verify the signature by using the public key, which is published in the DNS DKIM record.

The iRedMail script automatically configured DKIM for your server. The merely affair left to do is creating DKIM record in DNS director. Run the following command to evidence the DKIM public key.

sudo amavisd-new showkeys

The DKIM public fundamental is in the parentheses.

And so in your DNS manager, create a TXT record, enter dkim._domainkey in the name field. Copy everything in the parentheses and paste into the value field. Delete all double quotes and line breaks.

After saving your changes, run the following control to test if your DKIM tape is correct.

sudo amavisd-new testkeys

If the DKIM record is correct, the examination volition laissez passer.

TESTING#ane linuxbabe.com: dkim._domainkey.linuxbabe.com => laissez passer

Note that your DKIM record may need sometime to propagate to the Internet. Depending on the domain registrar you lot use, your DNS record might be propagated instantly, or it might take upward to 24 hours to propagate. You can go to https://www.dmarcanalyzer.com/dkim/dkim-check/, enter dkim every bit the selector and enter your domain name to cheque DKIM record propagation.

DMARC Tape

DMARC stands for Domain-based Message Hallmark, Reporting and Conformance. DMARC can aid receiving email servers to identify legitimate emails and preclude your domain name from being used past email spoofing.

To create a DMARC record, become to your DNS manager and add together a TXT record. In the name field, enter _dmarc. In the value field, enter the following. (You should create the [electronic mail protected] email accost.)

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]        

The in a higher place DMARC record is a safety starting signal. If yous want to read the full explanation of DMARC, delight check the following article. Notation that this is optional.

• Creating DMARC Record to Protect Your Domain Name From Email Spoofing

Step 10: Testing E-mail Score and Placement

Subsequently creating PTR, SPF, DKIM tape, go to https://www.mail-tester.com. You volition see a unique e-mail accost. Transport an email from your domain to this accost so check your score. As you tin run across, I got a perfect score. In the test result, you should check if your PTR record, SPF and DKIM record is valid.

Mail service-tester.com tin can only show you a sender score. There'south some other service called GlockApps that permit you to check if your email is landed in the recipient's inbox or spam folder, or rejected outright. It supports many popular e-mail providers similar Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc.

Email is Rejected past Microsoft Mailbox?

Microsoft uses an internal blacklist that blocks many legitimate IP addresses. If your emails are rejected by Outlook or Hotmail, you need to follow the tutorial linked beneath to bypass Microsoft Outlook blacklist.

• How to Bypass the Microsoft Outlook Blacklist & Other Blacklists

What if Your Emails Are Still Existence Marked as Spam?

I have more tips for y'all in this article: How to cease your emails being marked as spam. Although information technology will take some time and endeavour, your emails will eventually be placed in inbox after applying these tips.

Adding Multiple Mail Domains

I wrote this article to show yous how to add multiple mail domains in iRedMail.

How to Disable Greylisting

By default, iRedMail has enabled greylisting, which tells other sending SMTP servers to attempt again in a few minutes. This is mainly useful to cake spam, but it as well degrades user experience. If y'all adopt to disable greylisting, follow the instructions below.

Add write permission to the /opt/iredapd/settings.py file.

sudo chmod 600 /opt/iredapd/settings.py

And so edit the configuration file.

sudo nano /opt/iredapd/settings.py

Find the following line.

plugins = ["reject_null_sender", "wblist_rdns", "reject_sender_login_mismatch", "greylisting", "throttle", "amavisd_wblist", "sql_alias_access_policy"]

Remove "greylisting" from the listing. Salvage and shut the file. And then restart iredapd.

sudo systemctl restart iredapd

Alter the configuration file back to read but mode.

sudo chmod 400 /opt/iredapd/settings.py

Enabling SMTPS Port 465

If you are going to apply Microsoft Outlook client, and then you demand to enable SMTPS port 465 in Postfix SMTP server.

Troubleshooting

Outset, please use a VPS with at to the lowest degree 4GB RAM. Running iRedMail on a 1GB RAM VPS will crusade the database, SpamAssassin, or ClamAV to exist killed because of out-of-retention trouble. If you lot really want to apply a 1GB RAM VPS, you lot are going to lose incoming emails and accept other undesirable outcomes.

If the iRedMail web interface isn't accessible, similar a 502 gateway error, yous should bank check the Nginx logs in /var/log/nginx/ directory to detect clues. You may as well want to check the mail service log /var/log/mail.log.

Cheque if the diverse services are running.

systemctl status postfix  systemctl status dovecot  systemctl status nginx  systemctl status mariadb  systemctl condition clamav-daemon  systemctl status amavis

If yous enabled the firewall, you should open up the post-obit ports in the firewall.

HTTP port:  eighty HTTPS port: 443 SMTP port:  25 Submission port: 587 (and 465 if yous are going to apply Microsoft Outlook post customer) IMAP port:  143 and 993

If you lot would like to use the UFW firewall, check my guide hither: Getting started with UFW firewall on Debian and Ubuntu.

How to Renew TLS Certificate

Let's Encrypt issued TLS document is valid for 90 days only and it'due south important that you lot set up a Cron job to automatically renew the certificate. Yous can run the following control to renew document.

sudo certbot renew -due west /var/world wide web/html/

Y'all tin can apply the --dry-run pick to test the renewal process, instead of doing a existent renewal.

sudo certbot renew -w /var/world wide web/html/ --dry-run

If you lot see the following mistake when renewing TLS certificate.

The client lacks sufficient dominance :: Invalid response

And so you need to create the subconscious directory.

sudo mkdir -p /var/www/html/.well-known/acme-challenge

And set world wide web-data as the owner of the webroot.

sudo chown world wide web-data:www-data /var/www/html/ -R

As well, edit the SSL virtual host /etc/nginx/sites-enabled/00-default-ssl.conf. Add the post-obit lines.

location ~ /.well-known/acme-challenge {      root /var/www/html/;      allow all; }

Salvage and close the file. Test Nginx configuration and reload.

sudo nginx -t sudo systemctl reload nginx

Create Cron Chore

If now the dry run is successful, y'all can create Cron job to automatically renew document. Merely open root user'south crontab file.

sudo crontab -e

Then add the following line at the bottom of the file.

@daily certbot renew -w /var/www/html/ --placidity && systemctl reload postfix dovecot nginx

Reloading Postfix, Dovecot and Nginx is necessary to make these programs pick upwards the new certificate and private fundamental.

Setting Upward Backup Postal service Server

Your primary mail server could be down sometimes. If you host your mail server in a information eye, then the downtime is very minimal, so yous shouldn't be worried near losing inbound emails. If yous host your mail server at home, the downtime tin't be predicted so it'due south a good practice for you to run a backup postal service server in a data heart to prevent losing inbound emails. The backup mail server needs just 512MB RAM to run. Delight check the full particular in the following article.

• How to Set a Fill-in Email Server with Postfix on Ubuntu (Complete Guide)

For Advanced Users

iRedMail doesn't include a DMARC verification service, you can check out the following tutorial to fix OpenDMARC to block email spoofing.

• Set Up OpenDMARC with Postfix on Ubuntu to Block Email Spoofing/Spam

You may desire to customize the SpamAssassin content filter to ameliorate detect spam.

• Block Email Spam By Checking Header and Body in Postfix/SpamAssassin

If your website and mail server are running on 2 dissimilar VPS (virtual private server), you can set up SMTP relay between your website and mail server, so that your website can ship emails through your mail server. See the post-obit article.

• How to gear up up SMTP relay betwixt ii Postfix SMTP servers on Ubuntu

Wrapping Up

That'south it! I hope this tutorial helped you lot set up a mail server on Ubuntu 20.04 with iRedMail. Every bit always, if you found this post useful, then subscribe to our costless newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial

[Total: 104 Average: 4.3]

How Many Times Does The Postmaster Try To Deliver A Registered Mailing,

Source: https://www.linuxbabe.com/mail-server/ubuntu-20-04-iredmail-server-installation

Posted by: rielthrou1999.blogspot.com

Share this post