iRedMail is a free, open-source mail server solution that bundles Postfix, Dovecot, SpamAssassin, ClamAV, Amavisd, Roundcube webmail, Fail2ban, and Nginx into a single automated installer. It gives you a full-featured, self-hosted email platform in minutes – no manual package-by-package configuration required.
This guide walks through installing iRedMail 1.7.4 on Rocky Linux 10 and AlmaLinux 10 with MariaDB as the database backend. We cover DNS record setup (MX, A, SPF, DKIM, DMARC), running the installer wizard, firewall configuration, and accessing the Roundcube webmail and iRedAdmin management panel.
Prerequisites
- A fresh Rocky Linux 10 or AlmaLinux 10 server with at least 4 GB RAM (2 GB minimum for testing, 4 GB recommended for production with spam/virus scanning)
- Root or sudo access to the server
- A registered domain name (e.g.,
example.com) with access to manage DNS records - A valid FQDN hostname set on the server (e.g.,
mail.example.com) - Port 25 (SMTP) must not be blocked by your hosting provider – check with them before starting
- A static public IP address assigned to the server
Step 1: Configure DNS Records for Your Mail Server
Before installing iRedMail on Rocky Linux 10, set up the required DNS records at your domain registrar or DNS provider. Replace 192.168.1.50 with your server’s public IP and example.com with your domain.
| Record Type | Host / Name | Value |
|---|---|---|
| A | mail.example.com | 192.168.1.50 |
| MX | example.com | mail.example.com (priority 10) |
The A record points your mail subdomain to the server IP, and the MX record tells other mail servers where to deliver email for your domain. SPF, DKIM, and DMARC records are configured after installation – iRedMail generates the DKIM key during setup.
Step 2: Set the Server Hostname (FQDN)
iRedMail requires a fully qualified domain name (FQDN) as the system hostname. Set it to your mail subdomain. If you need a deeper look at changing hostnames on RHEL-based systems, we have a dedicated guide for that.
sudo hostnamectl set-hostname mail.example.comVerify the hostname is set correctly:
hostname -fThe output should return the full FQDN:
mail.example.comAlso update /etc/hosts to map the hostname to the server IP:
sudo vi /etc/hostsAdd the following line (replace with your actual IP):
192.168.1.50 mail.example.com mailStep 3: Disable SELinux
iRedMail’s official documentation recommends disabling SELinux for the installation. The installer does not ship SELinux policies for all the services it configures.
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configVerify SELinux is now permissive or disabled:
getenforceThe output should show Permissive. After a reboot, it will show Disabled. If you prefer to keep SELinux enforcing, check our guide on troubleshooting SELinux on Rocky Linux 10 – but expect to create custom policies for Postfix, Dovecot, and other mail services.
Step 4: Download iRedMail Installer
Download the latest stable iRedMail release (1.7.4 at the time of writing) from the official download page. Switch to root first since the installer needs root privileges throughout.
sudo -iDownload and extract the installer tarball:
cd /root
wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.7.4.tar.gz
tar xzf 1.7.4.tar.gz
cd iRedMail-1.7.4Make the installer script executable:
chmod +x iRedMail.shStep 5: Run the iRedMail Installer
Start the interactive installation wizard:
bash iRedMail.shThe installer walks you through several configuration screens. Here is what to expect at each step:
Mail storage path
Accept the default /var/vmail directory. All user mailboxes are stored here. Make sure the filesystem has enough space – plan for at least 50 GB for a small deployment.
Web server
The installer asks you to choose a web server. Select Nginx – it is the recommended option and handles both the Roundcube webmail and iRedAdmin panel.
Database backend
Choose MariaDB as the backend for storing mail accounts, domains, and aliases. MariaDB is well-supported on Rocky Linux 10 and AlmaLinux 10 and is the most common choice for iRedMail deployments. PostgreSQL and OpenLDAP are also available if you have specific requirements.
The installer prompts you to set the MariaDB root password. Choose a strong password and save it – you will need it for database administration.
Mail domain
Enter your first mail domain name (e.g., example.com). This is the domain part of your email addresses – users will have addresses like [email protected].
Admin password
Set the password for the [email protected] admin account. This account is used to log in to both iRedAdmin and Roundcube webmail. Use a strong password with at least 12 characters.
Optional components
The installer offers optional components. On Rocky Linux 10 and AlmaLinux 10, select Roundcube for webmail. Note that SOGo groupware is not available on RHEL 10 family systems because the SOGo team does not build binary packages for this platform yet.
Review the configuration summary and type y to begin the installation. The installer downloads and configures all packages automatically – this takes 5 to 15 minutes depending on your server’s internet speed.
When the installation finishes, the installer displays a summary with all credentials, URLs, and configuration details. Save this information – it is written to /root/iRedMail-1.7.4/iRedMail.tips for reference.
Reboot the server to apply all changes:
rebootStep 6: Configure Firewall Rules
After reboot, open the required ports in firewalld. iRedMail needs these ports for mail delivery, client access, and web interfaces. For a complete overview of firewalld management, see our guide on configuring firewalld on Rocky Linux 10.
| Port | Protocol | Service |
|---|---|---|
| 25 | TCP | SMTP (mail delivery between servers) |
| 587 | TCP | SMTP Submission (client sends mail) |
| 993 | TCP | IMAPS (client reads mail, encrypted) |
| 995 | TCP | POP3S (client reads mail, encrypted) |
| 80 | TCP | HTTP (Let’s Encrypt, redirect to HTTPS) |
| 443 | TCP | HTTPS (webmail and admin panel) |
Open all required ports:
sudo firewall-cmd --permanent --add-service={smtp,smtps,smtp-submission}
sudo firewall-cmd --permanent --add-service={imap,imaps,pop3,pop3s}
sudo firewall-cmd --permanent --add-service={http,https}
sudo firewall-cmd --reloadVerify the firewall rules are active:
sudo firewall-cmd --list-allThe output should list all the services you just added under the services line:
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client http https imap imaps pop3 pop3s smtp smtp-submission smtps ssh
ports:
protocols:Step 7: Verify Mail Services Are Running
After reboot, confirm that all critical mail services started correctly:
systemctl status postfix dovecot nginx mariadb amavis clamd@amavisdAll services should show active (running). If any service failed, check its logs:
journalctl -u postfix --no-pager -n 50You can also confirm the mail server is listening on the correct ports:
ss -tlnp | grep -E ':(25|587|993|995|80|443)\s'You should see Postfix on ports 25 and 587, Dovecot on 993 and 995, and Nginx on 80 and 443:
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=1234,fd=13))
LISTEN 0 100 0.0.0.0:587 0.0.0.0:* users:(("master",pid=1234,fd=17))
LISTEN 0 100 0.0.0.0:993 0.0.0.0:* users:(("dovecot",pid=1280,fd=40))
LISTEN 0 100 0.0.0.0:995 0.0.0.0:* users:(("dovecot",pid=1280,fd=42))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=1350,fd=6))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=1350,fd=8))Step 8: Access Roundcube Webmail and iRedAdmin
iRedMail sets up two web interfaces accessible through your browser:
- Roundcube Webmail –
https://mail.example.com/mail/– for users to read and send email - iRedAdmin Panel –
https://mail.example.com/iredadmin/– for managing domains, mailboxes, and aliases
Log in to both with the postmaster account ([email protected]) and the admin password you set during installation. The initial SSL certificate is self-signed, so your browser will show a security warning – you can replace it with a Let’s Encrypt certificate after verifying everything works. Check our guide on securing iRedMail with Let’s Encrypt SSL for that.
From iRedAdmin, you can create additional mailboxes under your domain and manage mail aliases. See our guide on adding domains and user accounts to iRedMail for detailed steps.
Step 9: Test Sending and Receiving Email
Send a test email from the Roundcube webmail to an external address (Gmail, Outlook, etc.) and verify it arrives. Then reply from the external address back to your [email protected] and confirm it appears in Roundcube.
You can also test from the command line using the mail command:
echo "Test email from iRedMail on Rocky Linux 10" | mail -s "iRedMail Test" [email protected]Check the mail log for delivery status:
tail -f /var/log/maillogLook for status=sent in the log output, which confirms the message was delivered to the remote server. If you see status=deferred or status=bounced, the log entry includes the reason – common issues are port 25 being blocked or missing DNS records.
Step 10: Configure SPF, DKIM, and DMARC DNS Records
These DNS records improve email deliverability and prevent your messages from landing in spam folders. Without them, major providers like Gmail and Outlook will likely reject or flag your emails.
SPF record
Add a TXT record for your domain that authorizes your mail server to send email:
| Type | Host | Value |
|---|---|---|
| TXT | example.com | v=spf1 mx -all |
This tells receiving servers that only your MX server is allowed to send mail for your domain. The -all flag means hard-fail any other source.
DKIM record
iRedMail generates a DKIM signing key during installation. Retrieve the public key from the Amavisd configuration:
amavisd -c /etc/amavisd/amavisd.conf showkeysThe output displays the DKIM public key in DNS TXT record format. It looks similar to this:
dkim._domainkey.example.com. 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArSr2SO5VNa7..."
"...QIDAQAB")Create a TXT record in your DNS with the hostname dkim._domainkey.example.com and paste the public key value. After adding the DNS record, verify it:
amavisd -c /etc/amavisd/amavisd.conf testkeysA successful test shows pass for your domain:
TESTING#1 example.com: dkim._domainkey.example.com => passDMARC record
Add a DMARC policy that tells receiving servers what to do with emails that fail SPF or DKIM checks:
| Type | Host | Value |
|---|---|---|
| TXT | _dmarc.example.com | v=DMARC1; p=quarantine; rua=mailto:[email protected] |
Start with p=quarantine (sends failing messages to spam) rather than p=reject until you have confirmed all legitimate mail passes SPF and DKIM. The rua address receives aggregate DMARC reports so you can monitor authentication results.
Step 11: Set Up Reverse DNS (PTR Record)
A reverse DNS (PTR) record maps your server’s IP address back to mail.example.com. Most email providers check PTR records and will reject or spam-flag mail from servers without one.
PTR records are set by your hosting provider, not your domain registrar. Log in to your hosting control panel (Hetzner, DigitalOcean, AWS, etc.) and set the reverse DNS for your server’s IP to mail.example.com.
Verify the PTR record:
dig -x 192.168.1.50 +shortThe output should return your mail hostname:
mail.example.com.Step 12: Secure iRedMail for Production
A few post-installation hardening steps to run on your production mail server:
Enable Fail2ban to block brute-force login attempts. iRedMail installs and configures Fail2ban automatically, but verify it is running. For advanced configuration, see our guide on installing Fail2ban on Rocky Linux 10.
systemctl status fail2banThe service should show active with iRedMail’s jail configuration loaded.
Replace the self-signed certificate with a Let’s Encrypt certificate for trusted HTTPS and STARTTLS. The certbot tool handles this – install it and request a certificate for your mail hostname:
dnf install -y certbot
certbot certonly --webroot -w /var/www/html -d mail.example.comAfter obtaining the certificate, update Nginx, Postfix, and Dovecot to use the new certificate files at /etc/letsencrypt/live/mail.example.com/.
Set up regular backups. Back up the mail storage directory (/var/vmail/), MariaDB databases, and the iRedMail configuration files in /etc/postfix/, /etc/dovecot/, and /etc/amavisd/.
Conclusion
You now have a fully functional iRedMail server running on Rocky Linux 10 or AlmaLinux 10 with MariaDB, Postfix, Dovecot, Nginx, Roundcube webmail, and full spam/virus filtering through Amavisd, SpamAssassin, and ClamAV. Your DNS records (SPF, DKIM, DMARC, PTR) are configured for proper email authentication and deliverability.
For a production deployment, monitor mail queues with mailq, keep the system updated with dnf update, and review /var/log/maillog regularly for delivery issues. If you are building a more complex mail setup with Postfix and Dovecot directly, see our guide on setting up a mail server on Rocky Linux 10.
