Fiberax

iRedMail VPS - Getting Started Guide

Your iRedMail VPS based on Ubuntu 24.04 is a fully configured mail server. Postfix, Dovecot, Nginx, MariaDB, ClamAV antivirus, SpamAssassin, SOGo webmail and iRedAdmin panel are all pre-installed and ready to use. The mail domain and admin password you entered during the order are already applied.

Software Included

Component	Details
Ubuntu	24.04 LTS
iRedMail	1.7.4
Postfix	SMTP server (ports 25, 465, 587)
Dovecot	IMAP/POP3 server (ports 143, 993, 110, 995)
SOGo	Webmail + calendar + contacts (with 2FA/TOTP)
iRedAdmin	Admin panel (manage domains, mailboxes, aliases)
Nginx	Web server with SSL
MariaDB	Database backend
ClamAV	Antivirus scanning (incoming/outgoing mail)
SpamAssassin + Amavisd	Spam filtering + DKIM signing
Fail2Ban	Brute-force protection (SSH, mail, webmail)
Certbot	Let's Encrypt SSL

Minimum Requirements

Resource	Minimum
vCPU	2 cores
RAM	4 GB (ClamAV uses ~500-800 MB)
Disk	30 GB

Step 1 - Your Credentials

Mail admin login:

Username: postmaster@yourdomain.com (the Mail Domain you entered during the order)
Password: the Admin Password you entered during the order

These credentials work for SOGo webmail, iRedAdmin panel, and IMAP/SMTP email clients.

Step 2 - Access Mail Interfaces

Your mail server provides two web interfaces:

Interface	URL	Purpose
SOGo Webmail	`https://your.server.ip/mail`	Email, calendar, contacts, address book
iRedAdmin	`https://your.server.ip/iredadmin`	Manage domains, mailboxes, aliases

Note: The server uses a self-signed SSL certificate by default. Your browser will show a security warning - this is expected. Click "Advanced" and proceed. You can install a Let's Encrypt certificate later (see Step 5).

Step 3 - Configure DNS Records

For your mail server to send and receive email properly, you need to set up DNS records at your domain registrar. Add the following records for your mail domain:

Type	Name	Value	Purpose
A	mail	your.server.ip	Mail server hostname
MX	@	mail.yourdomain.com (priority 10)	Mail routing
TXT	@	`v=spf1 mx -all`	SPF (sender verification)
TXT	_dmarc	`v=DMARC1; p=quarantine`	DMARC policy
TXT	dkim._domainkey	(see below)	DKIM (email signing)

To get your DKIM public key, SSH into the server and run:

amavisd showkeys

The DKIM key is also saved in /root/.iredmail_credentials.

Additionally, ask your hosting provider to set up a PTR (reverse DNS) record for your IP pointing to mail.yourdomain.com. This significantly improves email deliverability.

DNS changes usually take a few minutes, but can take up to 24 hours. Check the status at dnschecker.org. You can verify your mail server configuration at mail-tester.com.

Step 4 - Connect an Email Client

Use any email client (Thunderbird, Outlook, Apple Mail, mobile apps) with these settings:

Setting	Incoming (IMAP)	Outgoing (SMTP)
Server	mail.yourdomain.com	mail.yourdomain.com
Port	993 (SSL/TLS)	587 (STARTTLS)
Username	postmaster@yourdomain.com	postmaster@yourdomain.com
Password	your Admin Password	your Admin Password
Encryption	SSL/TLS	STARTTLS

Note: Email clients use your regular password - two-factor authentication (2FA) applies only to the SOGo webmail interface, not to IMAP/SMTP.

Step 5 - Enable Let's Encrypt SSL (Optional)

If your domain's A record points to the server, you can replace the self-signed certificate with a free Let's Encrypt certificate. This applies to all services (Nginx, Postfix, Dovecot). Connect via SSH:

ssh root@your.server.ip

/opt/setup/get-ssl.sh mail.yourdomain.com

The script will verify DNS, obtain a certificate, and configure all services. The certificate renews automatically.

Note: Make sure your domain's A record points to the server IP before running the script. SSL is optional - the mail server works with the self-signed certificate, but clients may see security warnings.

Step 6 - Two-Factor Authentication (2FA)

Two-factor authentication with TOTP is enabled by default for the SOGo webmail interface. When you log in to SOGo for the first time, you will see a "2FA disabled" notification - click CONTINUE to proceed, then set up TOTP:

In SOGo, go to Preferences (gear icon) → Security
Enable TOTP Authenticator
Scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, etc.)
Enter the code from the app to verify and save

After setup, you will need both your password and the TOTP code to log in to SOGo webmail. Email clients (IMAP/SMTP) continue to use only the password - 2FA does not affect them.

Step 7 - Create Mailboxes

To create new email accounts, open the iRedAdmin panel:

https://your.server.ip/iredadmin

Click Add → User
Enter the email address and password for the new user
Set the mailbox quota (optional)
Click Add

The new user can immediately log in to SOGo webmail or configure an email client with the same IMAP/SMTP settings as in Step 4.

Post-Installation

Security Features

Your mail server comes pre-configured with multiple layers of protection:

Feature	Details
ClamAV	Scans all incoming and outgoing mail for viruses
SpamAssassin	Scores and filters spam (via Amavisd)
DKIM	Signs outgoing mail (verified by recipients)
TLS 1.2+	Enforced for Postfix, Dovecot, Nginx
Fail2Ban	Bans IPs after failed login attempts (SSH, Postfix, Dovecot, SOGo)
2FA/TOTP	Two-factor authentication for SOGo webmail
Attachment limit	20 MB per message

Server Credentials

After setup, your login, password and DKIM public key are saved in /root/.iredmail_credentials. View them via SSH:

cat /root/.iredmail_credentials

Useful Commands

# Service management
systemctl status postfix dovecot    # mail services
systemctl status clamav-daemon      # antivirus
systemctl status sogo               # webmail
systemctl status nginx              # web server
systemctl status amavis             # spam filter + DKIM

# Mail queue
postqueue -p                        # view mail queue
postqueue -f                        # flush (retry) queue

# DKIM public key (for DNS)
amavisd showkeys

# View mail log
tail -f /var/log/mail.log

# Fail2Ban
fail2ban-client status              # list active jails
fail2ban-client status sshd         # check SSH jail
fail2ban-client set sshd unbanip 1.2.3.4  # unban IP

# SSL certificate log
cat /opt/setup/get-ssl.log

Updates

OS updates can be applied via SSH:

apt update && apt upgrade -y

iRedMail components (Postfix, Dovecot, ClamAV, etc.) are installed from Ubuntu repositories and update with the OS. For iRedMail-specific upgrades, see the official upgrade guide.

Troubleshooting

Problem	Solution
Browser shows SSL warning	This is expected with the default self-signed certificate. Click "Advanced" and proceed. To fix, set up a domain and run `/opt/setup/get-ssl.sh mail.yourdomain.com`
Can't access SOGo or iRedAdmin	Check services: `systemctl status nginx sogo`. Make sure you use `https://` (not http). URL must include `/mail` or `/iredadmin`
Emails go to spam	Verify all DNS records (Step 3): MX, SPF, DKIM, DMARC. Set up a PTR record via your hosting provider. Test at mail-tester.com
Can't send or receive email	Check Postfix: `systemctl status postfix`. Check mail log: `tail -100 /var/log/mail.log`. Make sure port 25 is not blocked by your provider
Email client can't connect	Use full email address as username (e.g. `user@yourdomain.com`). IMAP port 993 (SSL/TLS), SMTP port 587 (STARTTLS). Accept the certificate if using self-signed
2FA prompt at first login	This is expected. Click CONTINUE to skip the warning, then set up TOTP in Preferences → Security
Forgot admin password	SSH in and check `/root/.iredmail_credentials`. Or reset via SSH: `doveadm pw -s SSHA512 -p "newpass"`, then update in MySQL
ClamAV not running	ClamAV needs to download virus databases on first boot. Wait a few minutes, then: `systemctl start clamav-daemon`
Blocked by Fail2Ban	Use VNC console in your client panel to unban your IP: `fail2ban-client set sshd unbanip 1.2.3.4`

IRedMail VPS - Getting Started Guide