This article covers a version of CentOS that is no longer supported. If you are currently operating a server running CentOS 6, we highly recommend upgrading or migrating to a supported version of CentOS.
Reason: CentOS 6 reached end of life (EOL) on November 30th, 2020 and no longer receives security patches or updates. For this reason, this guide is no longer maintained.
See Instead:
This guide might still be useful as a reference, but may not work on other CentOS releases. If available, we strongly recommend using a guide written for the version of CentOS you are using.
If you would like to create your own online e-mail system, you can use iRedMail. In this article, we will explain how you can do it.
We use a 2 CPU Core / 2GB RAM droplet with CentOS 6.5 x64 image.
If you have a domain name you want to use, name your droplet as that domain name, which will become its hostname and reverse DNS record.
We should also add 2GB of SWAP memory to this droplet for stability:
dd if=/dev/zero of=/swap bs=1024 count=2097152 mkswap /swap && chown root. /swap && chmod 0600 /swap && swapon /swap echo /swap swap swap defaults 0 0 >> /etc/fstab echo vm.swappiness = 0 >> /etc/sysctl.conf && sysctl -p
For our Cloud Mail purposes, we will register a free domain, cloudmail.tk from dot.tk
Once you have your domain name registered, point it to DigitalOcean's name servers:
ns1.digitalocean.com (69.55.55.74)
ns2.digitalocean.com (141.0.175.217)
ns3.digitalocean.com (69.55.62.20)
Now open your Control Panel on DigitalOcean and click DNS, located under Labs section.
Click Add Domain and create a new record by pointing your new domain to your droplet's IP address:
Create a new MX record, make sure to have a trailing dot at the end of your domain name:
Add SPF records to make sure others cant spoof emails by pretending to send them from your domain.
Make sure to have "-all" in your SPF record, and point it to your droplet's IP.
The record's format would be "v=spf1 ip4:IP_ADDRESS -all"
There will be one more record to add after you have finished installing iRedMail - DKIM key.
Make sure to set the hostname of your domain name, if you haven't done this during droplet creation:
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.6.tar.bz2 tar jxvf iRedMail-0.8.6.tar.bz2 && cd iRedMail-0.8.6 hostname cloudmail.tk bash iRedMail.sh
You are greeted with a Graphical User Interface Installer by iRedMail:
If you have several droplets, you can even use GlusterFS for distributed, replicated e-mail storage, providing further redundancy:
For backend, we chose MySQL. You can also use OpenLDAP and PostgreSQL:
Since we have registered a domain in Step 2, we will place it here:
From package selection, you can omit phpMyAdmin and Fail2Ban:
When asked whether you would like to use firewall rules provided with iRedMail, select 'No'.
Firewall rules should be custom made for each server, and adopting a DROP ruleset from iRedMail's package is not recommended.We would also not recommend using Fail2Ban from their package, as it banned our own IP when we refreshed a page.
Reboot your droplet after completion.
All of the installation notes and logs can be found in iRedMail.tips file ( /root/iRedMail-0.8.6/iRedMail.tips ).
Here you will have information on passwords, SSL certificate locations, and DKIM records.
Add the DKIM record to DigitalOcean's DNS control panel for your domain:
Although this step is optional if you just want to use self-generated certificate, we would still recommend getting a trusted SSL certificate.
By default, iRedMail will create a self-signed certificate and store it in /etc/pki/tls/certs/iRedMail_CA.pem and /etc/pki/tls/private/iRedMail.key
We can get a free SSL certificate from InstantSSL
You would need to create a CSR and private KEY first:
cd /etc/pki/tls/certs openssl req -out cloudmail.tk.csr -new -newkey rsa:2048 -nodes -keyout cloudmail.tk.key
This will generate 2 files: cloudmail.tk.csr (your Certificate Signing Request file), and cloudmail.tl.key (your private SSL key which should not be shared with anyone).
You would provide the CSR file (cloudmail.tk.csr) to InstantSSL during SSL request.
After they have validated your request, you will receive the certificate file (in zip format) that contains two files:
cloudmail_tk.ca-bundle (your SSL certificate bundle)
cloudmail_tk.crt (your SSL certificate)
Place both files to /etc/pki/tls/certs and modify /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/cloudmail.tk.crt SSLCertificateKeyFile /etc/pki/tls/certs/cloudmail.tk.key SSLCACertificateFile /etc/pki/tls/certs/cloudmail.tk.ca-bundle.crt
Restart Apache
service httpd restart
Now you should have SSL enabled, and you can proceed to logging in to iRedAdmin (https://cloudmail.tk/iredadmin/ ) with username postmaster@cloudmail.tk and password you provided during installation in Step 3.
From iRedAdmin, you can add new users, new admins, and new domains into your system:
Once you have created an e-mail account, you can access it at https://cloudmail.tk/mail/
And you are all done!
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I have question. I have tried to set this out. Everything able to login at /iredadmin and /mail .
However, It seem that i can’t get this through by sent email to people. Internally was fine, but to gmail or other working email, didn’t work out.
it seem that the Records got mess up.
Mine anyone here share , how the setup should be?
I had domain configuration and set up iRedMail successfuly on server. But the link does not Work but I can access by ip…successfully File: access.log 162.158.178.90 - - [10/Nov/2016:19:25:52 +0000] “GET /mail/ HTTP/1.1” 302 154 “http://mail.khademo.net/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36”
Can you help me … ?
I have a drop housing a ruby on rails system, configured with the appropriate domain (ex: intranet.cfc.cl) in my case
And I want to see the ability to configure iRedmail to use corporate e using the domain (ex: correos@cfc.cl)
How should I make settings within the DNS to point to the new drop where iRedMail be installing?
Thank you so much
Friend For the installation of iRedmail it is necessary to have a completely empty droplets without another system?
how could attach droplets I have a ruby on rails project with nginx where?
Thanks for the help
What does this log mean?
Nov 13 04:32:08 mail postfix/smtpd[1371]: connect from mail.kien-trang.com[127.0.0.1] Nov 13 04:32:08 mail postfix/smtpd[1371]: A577541B2D: client=mail.kien-trang.com[127.0.0.1] Nov 13 04:32:08 mail postfix/cleanup[1376]: A577541B2D: message-id=CAKpVk9cAQvg8edhnxUsLF+OqRz66vprcy53XeOoBb4LsfgW41Q@mail.gmail.com Nov 13 04:32:08 mail postfix/smtpd[1371]: disconnect from mail.kien-trang.com[127.0.0.1] Nov 13 04:32:08 mail postfix/qmgr[1229]: A577541B2D: from=unholyknightz@gmail.com, size=2309, nrcpt=1 (queue active) Nov 13 04:32:08 mail amavis[1355]: (01355-01) Passed UNCHECKED {RelayedInternal}, MYUSERS LOCAL [209.85.220.47]:35851 [209.85.220.47] unholyknightz@gmail.com -> postmaster@kien-trang.com, Queue-ID: 0B15941B06, Message-ID: CAKpVk9cAQvg8edhnxUsLF+OqRz66vprcy53XeOoBb4LsfgW41Q@mail.gmail.com, mail_id: UmIW6ZymvqGo, Hits: -0.089, size: 1730, queued_as: A577541B2D, dkim_sd=20120113:gmail.com, 11471 ms Nov 13 04:32:08 mail postfix/smtp[1235]: 0B15941B06: to=postmaster@kien-trang.com, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=0.45/0/0.02/11, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as A577541B2D) Nov 13 04:32:08 mail postfix/qmgr[1229]: 0B15941B06: removed Nov 13 04:32:08 mail postfix/pipe[1377]: A577541B2D: to=postmaster@kien-trang.com, relay=dovecot, delay=0.17, delays=0.02/0.01/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 13 04:32:08 mail postfix/qmgr[1229]: A577541B2D: removed Nov 13 04:34:01 mail postfix/smtpd[1436]: connect from mail-pd0-f171.google.com[209.85.192.171] Nov 13 04:34:02 mail cbpolicyd[1128]: module=Greylisting, action=pass, host=209.85.192.171, helo=mail-pd0-f171.google.com, from=unholyknightz@gmail.com, to=postmaster@kien-trang.com, reason=authenticated Nov 13 04:34:02 mail postfix/smtpd[1436]: E666B41B2D: client=mail-pd0-f171.google.com[209.85.192.171] Nov 13 04:34:03 mail postfix/cleanup[1442]: E666B41B2D: message-id=CAKpVk9erx4cLAQP3rrMNjHtY9U-KzFEiKRVCTqMeLED=6TihdA@mail.gmail.com Nov 13 04:34:03 mail postfix/qmgr[1229]: E666B41B2D: from=unholyknightz@gmail.com, size=1766, nrcpt=1 (queue active) Nov 13 04:34:03 mail postfix/smtpd[1436]: disconnect from mail-pd0-f171.google.com[209.85.192.171] Nov 13 04:34:03 mail amavis[1357]: (01357-01) (!)connect to /tmp/clamd.socket failed, attempt #1: Can’t connect to a UNIX socket /tmp/clamd.socket: 2 Nov 13 04:34:04 mail amavis[1357]: (01357-01) (!)connect to /tmp/clamd.socket failed, attempt #1: Can’t connect to a UNIX socket /tmp/clamd.socket: No such file or directory Nov 13 04:34:04 mail amavis[1357]: (01357-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /tmp/clamd.socket, retrying (2) Nov 13 04:34:10 mail amavis[1357]: (01357-01) (!)connect to /tmp/clamd.socket failed, attempt #1: Can’t connect to a UNIX socket /tmp/clamd.socket: No such file or directory Nov 13 04:34:10 mail amavis[1357]: (01357-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /tmp/clamd.socket (All attempts (1) failed connecting to /tmp/clamd.socket) at (eval 115) line 608.\n Nov 13 04:34:10 mail amavis[1357]: (01357-01) (!)WARN: all primary virus scanners failed, considering backups Nov 13 04:34:13 mail amavis[1135]: (!)Net::Server: 2014/11/13-04:34:13 Bad fork [Cannot allocate memory]\n at line 166 in file /usr/share/perl5/Net/Server/PreForkSimple.pm Nov 13 04:34:13 mail amavis[1357]: (01357-01) (!)TempDir removal: tempdir is to be PRESERVED: /var/spool/amavisd/tmp/amavis-20141113T043403-01357-j2qsqpvB Nov 13 04:34:14 mail postfix/smtp[1447]: E666B41B2D: to=postmaster@kien-trang.com, relay=127.0.0.1[127.0.0.1]:10024, delay=11, delays=0.45/0.03/0.02/10, dsn=4.3.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to end of DATA command)) Nov 13 04:35:27 mail postfix/smtpd[1462]: connect from mail.kien-trang.com[127.0.0.1] Nov 13 04:35:27 mail postfix/smtpd[1462]: 3131341AF0: client=mail.kien-trang.com[127.0.0.1], sasl_method=LOGIN, sasl_username=postmaster@kien-trang.com Nov 13 04:35:27 mail postfix/cleanup[1442]: 3131341AF0: message-id=8d4469dd10084bee55c34500d86fb964@kien-trang.com Nov 13 04:35:27 mail postfix/qmgr[1229]: 3131341AF0: from=postmaster@kien-trang.com, size=1702, nrcpt=1 (queue active) Nov 13 04:35:27 mail roundcube: User postmaster@kien-trang.com [118.70.171.229]; Message for unholyknightz@gmail.com; 250: 2.0.0 Ok: queued as 3131341AF0 Nov 13 04:35:27 mail postfix/smtp[1447]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Nov 13 04:35:27 mail postfix/smtp[1447]: 3131341AF0: to=unholyknightz@gmail.com, relay=none, delay=0.22, delays=0.21/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Nov 13 04:35:27 mail postfix/smtpd[1462]: disconnect from mail.kien-trang.com[127.0.0.1] Nov 13 04:37:23 mail postfix/anvil[1409]: statistics: max connection rate 1/60s for (smtp:209.85.220.47) at Nov 13 04:31:55 Nov 13 04:37:23 mail postfix/anvil[1409]: statistics: max connection count 1 for (smtp:209.85.220.47) at Nov 13 04:31:55 Nov 13 04:37:23 mail postfix/anvil[1409]: statistics: max cache size 1 at Nov 13 04:31:55 Nov 13 04:39:56 mail postfix/smtpd[1496]: connect from mail.kien-trang.com[127.0.0.1] Nov 13 04:39:56 mail postfix/smtpd[1496]: 7250941AF1: client=mail.kien-trang.com[127.0.0.1], sasl_method=LOGIN, sasl_username=postmaster@kien-trang.com Nov 13 04:39:56 mail postfix/cleanup[1502]: 7250941AF1: message-id=4de8ae17a1fa39eb2eac59653197b0b8@kien-trang.com Nov 13 04:39:56 mail postfix/qmgr[1229]: 7250941AF1: from=postmaster@kien-trang.com, size=573, nrcpt=1 (queue active) Nov 13 04:39:56 mail roundcube: User postmaster@kien-trang.com [118.70.171.229]; Message for kienlt.qn@gmail.com; 250: 2.0.0 Ok: queued as 7250941AF1 Nov 13 04:39:56 mail postfix/smtp[1507]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Nov 13 04:39:56 mail postfix/smtp[1507]: 7250941AF1: to=kienlt.qn@gmail.com, relay=none, delay=0.19, delays=0.17/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Nov 13 04:39:56 mail postfix/smtpd[1496]: disconnect from mail.kien-trang.com[127.0.0.1] Nov 13 04:40:21 mail postfix/smtpd[1521]: connect from mail-pd0-f179.google.com[209.85.192.179] Nov 13 04:40:22 mail cbpolicyd[1130]: module=Greylisting, action=pass, host=209.85.192.179, helo=mail-pd0-f179.google.com, from=unholyknightz@gmail.com, to=postmaster@kien-trang.com, reason=authenticated Nov 13 04:40:22 mail postfix/smtpd[1521]: E8BAA41B2F: client=mail-pd0-f179.google.com[209.85.192.179] Nov 13 04:40:23 mail postfix/cleanup[1502]: E8BAA41B2F: message-id=CAKpVk9dzBXM-KJ3_T+UqPOP16PA3_DvWJLwLaJHb0khqi2+gmw@mail.gmail.com Nov 13 04:40:23 mail postfix/qmgr[1229]: E8BAA41B2F: from=unholyknightz@gmail.com, size=2152, nrcpt=1 (queue active) Nov 13 04:40:23 mail postfix/smtp[1507]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Nov 13 04:40:23 mail postfix/smtp[1507]: E8BAA41B2F: to=postmaster@kien-trang.com, relay=none, delay=0.44, delays=0.44/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Nov 13 04:40:23 mail postfix/smtpd[1521]: disconnect from mail-pd0-f179.google.com[209.85.192.179] Nov 13 04:40:24 mail postfix/qmgr[1229]: E666B41B2D: from=unholyknightz@gmail.com, size=1766, nrcpt=1 (queue active) Nov 13 04:40:24 mail postfix/qmgr[1229]: 2A65941ADD: from=postmaster@kien-trang.com, size=1702, nrcpt=1 (queue active) Nov 13 04:40:24 mail postfix/smtp[1507]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Nov 13 04:40:24 mail postfix/smtp[1507]: E666B41B2D: to=postmaster@kien-trang.com, relay=none, delay=381, delays=381/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Nov 13 04:40:24 mail postfix/qmgr[1229]: 91CA641B25: from=postmaster@kien-trang.com, size=1199, nrcpt=1 (queue active) Nov 13 04:40:24 mail postfix/smtp[1507]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Nov 13 04:40:24 mail postfix/smtp[1507]: 2A65941ADD: to=unholyknightz@gmail.com, relay=none, delay=2515, delays=2515/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Nov 13 04:40:24 mail postfix/smtp[1507]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Nov 13 04:40:24 mail postfix/smtp[1507]: 91CA641B25: to=unholyknightz@gmail.com, relay=none, delay=2144, delays=2144/0.01/0.04/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Nov 13 04:42:09 mail postfix/scache[1526]: statistics: start interval Nov 13 04:40:24 Nov 13 04:42:09 mail postfix/scache[1526]: statistics: domain lookup hits=0 miss=1 success=0%
I can send 1 mail and receive 1 mail from postmaster. But when i try to send or receive another mail. I won’t show in my inbox =.=…
A question… when u say: Modify in /etc/httpd/conf.d/ssl.conf
SSLCACertificateFile /etc/pki/tls/certs/cloudmail.tk.ca-bundle.crt
I dont understand what ca-bundle.crt, default line in ssl.conf is :
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
with : openssl req -out cloudmail.tk.csr -new -newkey rsa:2048 -nodes -keyout cloudmail.tk.key
i dont generate this cloudmail.tk.ca-bundle.crt and i dont recive from GoDaddy’s zip this file “cloudmail.tk.ca-bundle.crt” .
I know name is my own domain name but i dont know if in the line:
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
i should let default ca-bundle.crt or use the GoDaddy’s ca-bundle.crt. If u are referring about GoDaddys ca-bundle.crt some question appear: The other file from zip (GoDaddy.crt) should be on
SSLCertificateFile /etc/pki/tls/certs/GoDaddy.crt ??? or i should let the selfgenerated with openssl comand ??
Thank you for read.
Hi. There is a good manual, but all other say
s that i need to chnge values in /etc/hosts, what exactly i need to change and what name must have a droplet to work correct? Now i can send email, but still didn
t recieve no one =((((Hi, I tried the installation on centOS with php-5.5.9, i already have mysql 5.5.39 installed but it give me the errors which are listed below. Do you have any idea how to resolve this issue
–> Processing Conflict: mysql55w-libs-5.5.40-1.w6.x86_64 conflicts mysql-libs < 5.5 –> Processing Conflict: mysql55w-5.5.40-1.w6.x86_64 conflicts mysql < 5.5 –> Processing Conflict: mysql55w-server-5.5.40-1.w6.x86_64 conflicts mysql-server < 5.5 –> Processing Conflict: php55w-common-5.5.17-1.w6.x86_64 conflicts php-common < 5.5.0 –> Finished Dependency Resolution Error: mysql55w-libs conflicts with mysql-libs-5.1.73-3.el6_5.x86_64 Error: mysql55w-server conflicts with mysql-server-5.1.73-3.el6_5.x86_64 Error: mysql55w conflicts with mysql-5.1.73-3.el6_5.x86_64 Error: php55w-common conflicts with php-common-5.3.3-27.el6_5.2.x86_64 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest < ERROR > Installation failed, please check the terminal output. < ERROR > If you’re not sure what the problem is, try to get help in iRedMail < ERROR > forum: http://www.iredmail.org/forum/
You may need bzip2 to extract the download
@adilimran: PHP 5.4 isn’t officially supported on CentOS. The errors you’re seeing are an unfortunate side effect of using a third party repository. If you make a major version upgrade to PHP, the libraries need to use that version as well. If you need both PHP 5.4 and iRedMail, Ubuntu 14.04 might be a better way to go. Short of that, you might try contacting the remi repo folks and request the additional packages…