Why would someone setup an email server when there is Gmail?
The reasons are plenty: Gmail (or Google Apps) for Business is no longer free. Outlook support for custom domains is no longer free. And why store your most important data on someone else server?
As such, I set up an email server on the same $5 Digital Ocean instance I have been using.
I referred to the guide, with some corrections and enhancements, especially on the iRedMail host names and SSL.
To setup a mail server for my new domain name wahhh.com.
I have these subdomains and want to create these 3 emails: [email protected] , [email protected] , and also [email protected]
It is good practise to setup an email server on a seperate subdomain such as
Setup DNS Server
I am using Namecheap nameserver, and so I configure the records as such:
mail > 220.127.116.11
@ > mail.wahhh.com app1 > mail.wahhh.com app2 > mail.wahhh.com
An example of how the configuration will work:
An email to [email protected] will use the first MX Record (@ means nothing), which points to the host name
mail.wahhh.com, which the A Record points to my actual IP address. At the IP address is where the mail server will be installed.
iRedMail is a bundle of various technologies such as Postfix, Dovecot and Roundcube. A bundle makes the installation much much easier.
Find out the latest version (0.8.7 is latest in Jul 2014) and install accordingly:
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.7.tar.bz2 tar jxvf iRedMail-0.8.7.tar.bz2 && cd iRedMail-0.8.7 bash iRedMail.sh
Follow through the GUI installer.
Restart your droplet.
There are 2 TXT Records to add.
Firstly, add for DKIM, which is found in
/root/iRedMail-0.8.7/iRedMail.tips. You might need to concatenate the strings.
The TXT Record looks like the following (must have the quotes):
dkim_domainkey > "v=DKIM1; p=ABCDEFG...XYZ"
Add another one for SPF, which includes your IP address:
@ > "v=spf1 ip4:18.104.22.168 -all" app1 > "v=spf1 ip4:22.214.171.124 -all" app2 > "v=spf1 ip4:126.96.36.199 -all"
Adding Virtual Domains and Users
At this point, you can use the iRedAdmin website to add users to your virtual domain. eg. [email protected] , [email protected] , [email protected] , etc
You can also add more virtual domains. For example, if you have a new okloh.com, you can add the virtual domain. In addition, you have to configure the A/MX/TXT records similarly for okloh.com.
For email server, you really should have a SSL cert.
I use StartCom, as mentioned in ArsTechnica, which provides a FREE class 1 SSL. The steps are pretty lenthy from Ars, but they are not for iRedMail.
So, I followed Ars guide on creating the StartCom SSL key and cert, then Digital Ocean guide to setup Apache.
Register at StartCom
Enter real identity and wait for approval
Validation Wizard > Verify for your domain eg wahhh.com
Certificate Wizard > Web Server SSL > 4096 keysize, SHA2 (SHA1 if takes forever) > Continue and wait for a minute..
Save the private key as
Continue > Select your domain > Add “mail.wahhh.com” as the sub domain (only 1 sub domain for this free SSL). Wait for their approval, then retrieve the certificate.
SSH into your mail server.
nano mail-wahhh.keyand paste your private key
nano mail-wahhh.pemand paste your certificate
wget https://www.startssl.com/certs/sub.class1.server.ca.pemto download their intermediate CA Cert
cat mail-wahhh.pem sub.class1.server.ca.pem > mail-wahhh-chain.pemto concat and create a chain cert
openssl rsa -in mail-wahhh.key -out mail-wahhh-decrypted.key> enter your private key password
chown root:root mail-wahhh*and
chmod 400 mail-wahhh*to make sure this file is only accessible by root
nano /etc/apache2/sites-available/default-ssl.conf> Edit the key and cert path
SSLCertificateFile /etc/ssl/private/mail-wahhh-chain.pem SSLCertificateKeyFile /etc/ssl/private/mail-wahhh-decrypted.key
service apache2 restart
That’s it! You have now secured https://mail.wahhh.com (my fictional URL!).