iRedMail - Getting Started Guide
iRedMail is a full-featured mail server with webmail, antivirus, spam filtering and an admin panel. This server comes with Postfix, Dovecot, Nginx, MariaDB, ClamAV, SpamAssassin, SOGo webmail and iRedAdmin fully installed and configured - the mail domain and admin password you specified during the order are already set up. SOGo provides email, calendar, contacts and address book with 2FA support. iRedAdmin lets you manage domains, mailboxes and aliases. All you need to do is configure DNS records for your domain.
Step 1 - Verify iRedMail Works
Your server's IP address and root password are shown on the Server Details page in your client panel. Your mail server provides two web interfaces accessible by IP address:
- SOGo Webmail:
https://your.server.ip/mail- email, calendar, contacts - iRedAdmin:
https://your.server.ip/iredadmin- manage domains, mailboxes, aliases
Mail admin login:
- Username:
postmaster@yourdomain.com(the mail domain you entered during the order) - Password: the admin password you set during the order
These credentials work for SOGo webmail, iRedAdmin panel and email clients (IMAP/SMTP).
If you placed the server behind a VyOS router on a private network, set up port forwarding for ports 25 (SMTP), 80 (HTTP), 443 (HTTPS), 587 (submission), 993 (IMAP) and 995 (POP3). A mail server must be reachable from the internet to send and receive email.
Step 2 - Configure DNS Records
Proper DNS configuration is critical for email delivery. Without correct records, your emails will be rejected or marked as spam. Add the following records in your domain's DNS management panel:
| Type | Name | Value |
|---|---|---|
| A | your.server.ip | |
| MX | @ | mail.yourdomain.com (priority 10) |
| TXT | @ | v=spf1 mx -all |
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:postmaster@yourdomain.com |
| TXT | dkim._domainkey | SSH in and run amavisd showkeys to get the value |
Reverse DNS (PTR record): Contact support to set the PTR record for your server IP to mail.yourdomain.com. This is required for reliable email delivery.
DNS changes usually take a few minutes, but can take up to 24 hours. You can verify your mail server configuration at mail-tester.com.
Step 3 - Create Mailboxes
Open the iRedAdmin panel at https://your.server.ip/iredadmin and log in as postmaster@yourdomain.com:
- Click Add → User
- Enter the email address and password for the new user
- Set the mailbox quota (optional)
- Click Add
The new user can immediately log in to SOGo webmail or configure an email client with the settings from Step 4.
Step 4 - Connect an Email Client
Use any email client (Thunderbird, Outlook, Apple Mail, mobile apps) with these settings:
| Protocol | Server | Port | Security |
|---|---|---|---|
| IMAP | mail.yourdomain.com | 993 | SSL/TLS |
| SMTP | mail.yourdomain.com | 587 | STARTTLS |
| POP3 | mail.yourdomain.com | 995 | SSL/TLS |
Username is the full email address (e.g. postmaster@yourdomain.com). Email clients use your regular password - two-factor authentication (2FA) applies only to the SOGo webmail interface, not to IMAP/SMTP.
Step 5 - Enable Let's Encrypt SSL (Optional)
If your domain's A record points to the server, you can replace the self-signed certificate with a free Let's Encrypt certificate. This applies to all services (Nginx, Postfix, Dovecot). Connect via SSH and run:
ssh root@your.server.ip/opt/setup/get-ssl.sh mail.yourdomain.comThe script will verify DNS, obtain a certificate and configure all services. Automatic renewal is already configured.
Post-Installation
Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is enabled by default for the SOGo webmail interface. When you log in to SOGo for the first time, you will see a "2FA disabled" notification - click CONTINUE to proceed, then set up 2FA:
- In SOGo, go to Preferences (gear icon) → Security
- Enable 2FA Authenticator
- Scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, etc.)
- Enter the code from the app to verify and save
After setup, you will need both your password and the 2FA code to log in to SOGo webmail. Email clients (IMAP/SMTP) continue to use only the password.
Fail2Ban - Brute-Force Protection
Your server comes with Fail2Ban pre-configured to protect SSH, Postfix, Dovecot and SOGo from brute-force attacks.
| Rule | Max Attempts | Ban Duration |
|---|---|---|
| SSH | 5 failed logins | 10 minutes |
| Postfix / Dovecot / SOGo | 5 failed logins | 1 hour |
Useful commands:
# Check banned IPs
fail2ban-client status sshd
fail2ban-client status dovecot
fail2ban-client status postfix
# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.
Service Management
# Check mail services
systemctl status postfix dovecot nginx sogo
# View mail log
tail -f /var/log/mail.log
# Mail queue
postqueue -p # view queue
postqueue -f # flush (retry) queue
# DKIM public key (for DNS)
amavisd showkeysUpdates
OS and mail components update together via apt:
apt update && apt upgrade -yFor iRedMail-specific upgrades, see the official upgrade guide.
Server Credentials
Your admin login, password and DKIM public key are saved in /root/.iredmail_credentials. View them via SSH:
cat /root/.iredmail_credentialsSoftware Included
| Component | Details |
|---|---|
| Ubuntu | 24.04 LTS |
| iRedMail | 1.7.4 |
| Postfix | SMTP server (ports 25, 465, 587) |
| Dovecot | IMAP / POP3 server (ports 993, 995) |
| SOGo | Webmail + calendar + contacts (with 2FA) |
| iRedAdmin | Admin panel (domains, mailboxes, aliases) |
| Nginx | Web server with SSL |
| MariaDB | Database backend |
| ClamAV | Antivirus (incoming/outgoing mail) |
| SpamAssassin + Amavisd | Spam filtering + DKIM signing |
| Fail2Ban | Brute-force protection |
| Certbot | Let's Encrypt SSL |
Troubleshooting
| Problem | Solution |
|---|---|
| Browser shows SSL warning | This is expected with the default self-signed certificate. Set up a domain and run /opt/setup/get-ssl.sh mail.yourdomain.com for a trusted certificate |
| Cannot access SOGo or iRedAdmin | Check services: systemctl status nginx sogo. Make sure you use https:// (not http). URL must include /mail or /iredadmin |
| Emails going to spam | Verify all DNS records: MX, SPF, DKIM, DMARC. Check PTR record with dig -x your.server.ip. Test at mail-tester.com |
| Cannot send or receive email | Check Postfix: systemctl status postfix. Check mail log: tail -100 /var/log/mail.log. Make sure port 25 is not blocked by your provider |
| Email client cannot connect | Use the full email address as username (e.g. postmaster@yourdomain.com). IMAP port 993 (SSL/TLS), SMTP port 587 (STARTTLS). Accept the certificate if using self-signed |
| 2FA prompt at first login | This is expected. Click CONTINUE to skip the warning, then set up 2FA in Preferences → Security |
| ClamAV not running | ClamAV downloads virus databases on first boot. Wait a few minutes, then: systemctl start clamav-daemon |
| Forgot admin password | SSH in and check cat /root/.iredmail_credentials |
| Blocked by Fail2Ban | Use VNC console in your client panel to unban your IP |
| Forgot root password | Use VNC console in your client panel to reset it |