1

Topic: prepare my system for installation

I would like to prepare my system for installation of iredmail. I could use some help doing this.

I have: (according to my VPS documentation) VPS.  4.5 GB RAM.  Full Root Admin Access.  1 Dedicated IPv4 Address.  Operating System: Debian 11 64 Bit.

I read: Allowed 0 links

Port 25 is blocked.
Allowed 0 links  says:
port 22  SSH  open, incoming traffic allowed.
port 25  SMTP  closed, incoming traffic denied.
All other ports say: closed, incoming traffic denied.
iredmail instructions say to contact my ISP. I guess my ISP is My VPS host?
My VPS host says: "We do not block any ports on our side. Please ensure you do not have any ufw or firewall rules on your server, or SELINUX, that could be blocking your ability to utilize said ports."  So it looks like this is not a network or hardware related issue. Please help.

iredmail instructions say to Set a fully qualified domain name (FQDN) hostname on my server. I do not have domain name. Will this work?
Allowed 0 links
Our free domains are Second Level Domains. just like a fully functional domain that allows you to create a host name that point to either dynamic or static IP address. You can even create unlimited subdomains. You may manage your domain DNS remotely using our DNS API Document and use it with our Dynamic DNS Service.

I have not changed my server since I got it. I call that a fresh install. Can you give me the commands to make sure my server does NOT have mail related components installed, e.g. MySQL, OpenLDAP, Postfix, Dovecot, Amavisd, etc?

iredmail instructions say to Enable default official Debian/Ubuntu apt repositories. Will this work?
/etc/apt/sources.list
Debian 11 (Bullseye) Original:
deb Allowed 0 links bullseye main contrib non-free
deb Allowed 0 links bullseye-updates main contrib non-free
deb Allowed 0 links bullseye-security main contrib non-free
Do I need the  contrib non-free?

I do not know how to do this:
spam/virus scanning enabled. Make sure 3 UID/GID are not used by other user/group: 2000, 2001, 2002.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: prepare my system for installation

b1bb2 wrote:

iredmail instructions say to Set a fully qualified domain name (FQDN) hostname on my server. I do not have domain name. Will this work?

If you don't have a domain name, what do you use for email domain name?

Please follow our tutorial to install iRedMail:
https://docs.iredmail.org/#install

Since it's VPS, if you messed it, it's easy to start over again. So just do it.

3

Re: prepare my system for installation

To ZhangHuangbin:

My first post might be hard to read because this forum does not allow links from me. The post was based on the link you provided to tutorial. I hope the next two paragraphs answer your question about domain name. You may call my domain namehere.kname.com.
You may call my VPS IP address 192.0.2.0.

I did get a three-level domain name from a third party and I linked it to IPv4 Address of my VPS. When the name is put in a browser, message says Unable to connect.

In other words: I found a third-party that supplies second-level domain and allows me to add my (freely selectable name, or third level domain name, or hostname) to it. The result of this name chain is (fully qualified domain name, or FQDN, or absolute domain name). I then use DNS Service to link that FQDN to my VPS IPv4 Address.

I suspect the Unable to connect message will disappear after iRedMail.sh install is run.

Doc is: docs.iredmail.org/install.iredmail.on.debian.ubuntu.html

This looks easy to do but is hard to understand. I do not know where to put FQDN. You may call it namehere.kname.com.
Doc says: Set a fully qualified domain name (FQDN) hostname on your server.
solution: insert FQDN into /etc/hosts.
cat /etc/hosts says:
# Generated by SolusVM
127.0.0.1    localhost localhost.localdomain
::1    localhost localhost.localdomain
192.0.2.0    namehere-ab12

This looks like the biggest problem.
Doc says: Port 25 must be open.
whatismyip.com/port-scanner/ says:
Port: 25.  Status: closed, incoming traffic denied.
solution: ignore it. hope problem goes away. maybe iRedMail.sh install will automatically fix it.
another solution: try SMTP Mail Relay Service.

Can someone please tell me how my updated
/etc/hosts should look? After I edit /etc/hosts I will be ready to start.

4

Re: prepare my system for installation

Do you have correct DNS records for your email domain name and server hostname?
FYI https://docs.iredmail.org/setup.dns.html

5

Re: prepare my system for installation

OK, thank you for that link. I added MX record. My domain name registrar is providing the DNS service, they allow me to create the MX records. Here is what I have now. Do these look like the correct DNS records for my email domain name and server hostname?
 
Alias Records Record     TTL     Hostname     IP Address
A    120    namehere.kname.com    192.0.2.0
A    120    *.namehere.kname.com    192.0.2.0
   
DNS Records Hostname     Type     Data     TTL     Actions
*.namehere.kname.com     A     192.0.2.0     120     Edit   Disable IPv4 Wildcard Alias
*.namehere.kname.com     AAAA           120     Edit   Disable IPv6 Wildcard Alias
namehere.kname.com     A     192.0.2.0     120     Edit
namehere.kname.com     AAAA           120     Edit
namehere.kname.com     MX     namehere.kname.com [Priority: 10]     120

To check, I ran DNS Lookup:
Class     Record     TTL     Hostname     Details
INet     Mx     120     namehere.kname.com     Mail Host: namehere.kname.com
Priority: 10

6

Re: prepare my system for installation

b1bb2 wrote:

namehere.kname.com     A     192.0.2.0     120     Edit

Is this placeholder "192.0.2.0" a public IP address?

If you don't mind sharing: what's the real email domain name and server hostname?
Others in this forum can help verify it easily.

7

Re: prepare my system for installation

Yes, this placeholder is a public IP address. For now I do mind sharing the real email domain name and server hostname. Maybe later. I know little about firewall and security. One thing I do know: no one can hack it if they do not know where it is. I have only heard from ZhangHuangbin, are there others?

As I said, I already ran DNS Lookup. Here are some commands I found useful:
script 0209.txt
exit
date
whatismyip.com/port-scanner/
netstat -ltnp |grep :25
dpkg -s mysql-server mysql mysql_secure_installation slapd ldap-utils postfix dovecot-core dovecot-imapd amavisd-new
hostname -f
cat /etc/hostname
cat /etc/hosts
free --giga
cat /etc/apt/sources.list
apt-get install gzip
dpkg -s gzip
apt-get install wget
dpkg -s wget
ls 1.6.2.tar.gz
apt-get install tar
dpkg -s tar
cd /root/
tar zxf iRedMail-x.y.z.tar.gz
cd /root/iRedMail-x.y.z/
bash iRedMail.sh

I would like to know more ways to verify. It seems you cannot see any obvious errors. I repeat: Can someone please tell me how my updated /etc/hosts should look?

8

Re: prepare my system for installation

b1bb2 wrote:

Can someone please tell me how my updated /etc/hosts should look?

It's mentioned in iRedMail installation tutorials: https://docs.iredmail.org/#install

9

Re: prepare my system for installation

Yes, I read and studied that link before I started this topic. In fact, most of this topic is based on that link. It says:
# Part of file: /etc/hosts
127.0.0.1   mx.example.com mx localhost localhost.localdomain

This confuses me a little because it only shows part of file, and my /etc/hosts has my domain name at end of file. I was hoping to get clarification in this forum before I start. My best guess is to change /etc/hosts to this:
# Generated by SolusVM
127.0.0.1  namehere.kname.com namehere  localhost localhost.localdomain
::1    localhost localhost.localdomain
192.0.2.0    namehere-ab12

I found many sites that check DNS records. From what I can tell everything looks OK. Mx Record for domain name gives correct IP but says Status Connect failed. I guess this is because there is not yet a site to connect to. Thank you for your help and I am now ready to start.

10

Re: prepare my system for installation

Install worked. First problem was: < ERROR >> Please configure a fully qualified domain name (FQDN) in /etc/hosts before we go further.

I fixed it by tweaking:
cat /etc/hostname
cat /etc/hosts
reboot server.

Some install questions were asked that I did not expect (not in doc). I was expecting available backends: mysql, but this option was not offered. Being confused by these unexpected questions, I set mail domain name= example.com but I think it should have been my domain name. How to fix this?

After install I used browser firefox which said: Potential Security Risk Ahead. uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT. How to fix this?

I logged in and sent test email but it did not arrive. How to fix?

email from Logwatch quickly appeared and said sshd: Authentication Failures: Invalid Users: Unknown Account: 1856 Time(s). I guess these were automatic hack attempts?

11

Re: prepare my system for installation

b1bb2 wrote:

I was expecting available backends: mysql

It's "MariaDB".

b1bb2 wrote:

After install I used browser firefox which said: Potential Security Risk Ahead. uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT. How to fix this?

Either purchase a cert from SSL vendor, or request a free one. FYI https://docs.iredmail.org/letsencrypt.html

b1bb2 wrote:

I logged in and sent test email but it did not arrive. How to fix?

Please check Postfix log file. FYI https://docs.iredmail.org/file.locations.html

12

Re: prepare my system for installation

I reinstalled. I am now able to send and receive emails. Thank you ZhangHuangbin for your help.

In my first install I had access to a pretty webpage that showed graphs of system information. Where is it?

Some other hosts consider these emails to be junk and spam. Maybe because I do not have proper SSL certificate.

If a login attempt has wrong password, then all other login attempts within one hour fail. How can system administrator clear this and log in? I suppose this is a function of fail2ban. But /etc/fail2ban/fail2ban.conf says jail is not enabled. Maybe I misunderstand this setting? Would it help if I add my IP adderss to /etc/fail2ban/jail.local ignoreip?

whatismyip.com/port-scanner/ now says nine ports are open. How did this happen? I tried to figure this out before installing.

Dashboard says New version of iRedAdmin, 2.1, is now available for upgrading. ChangeLog says 2.2. Should I do this? Why was it not automatically done? Is it stable? Is it worth doing, what new features?

I would like to install other web-based programs on the same system that runs iredmail. Any hints?

Later I might offer to host my email service for other people. Good idea?

13

Re: prepare my system for installation

https://docs.iredmail.org/network.ports.html

You really should take some time to read the docs, many of you questions are explained there, but for now i can strongly suggest NOT to host for other ppl without getting some more experience, some of your questions seem from a lack of basic understandings which is a huge red flag for hosting public available web and mail services

14

Re: prepare my system for installation

Thank you Cthulhu. Although ZhangHuangbin is the author of iRedMail.sh, it is nice to also hear opinions from others. I have used much time to read many docs. I agree I should get some more experience, and that is what I meant when I said later. Looking back, I agree that when starting this post, I had a lack of basic understandings. As I got iredmail working, this topic may be considered solved, I can not find how to mark that in this forum. Some questions remain unanswered but they are off-topic here. The rest of this thread describes some answers I found and how I did the install. I might repeat this install so improvements to this method would be appreciated.

I have: (according to my VPS documentation) VPS.  4.5 GB RAM.  Full Root Admin Access.  1 Dedicated IPv4 Address.  Operating System: Debian 11 64 Bit.

From a third party, Get a third level domain name. In this post, You may call my domain namehere.kname.com. You may call my VPS IP address 192.0.2.0. link the domain name to the IP address. Create MX record. Test the link using browser. namehere.kname.com Unable to connect. This is expected because site has not been made yet.

whatismyip.com/port-scanner/ port 25
script log1.txt
ping -4ac2 192.0.2.0
ssh root@192.0.2.0
root@192.0.2.0's password:
date
netstat -ltnp |grep :25
dpkg -s mysql-server mysql mysql_secure_installation slapd ldap-utils postfix dovecot-core dovecot-imapd amavisd-new
free --giga
cat /etc/apt/sources.list
dig +short -t a namehere.kname.com
host -t mx namehere.kname.com
nslookup -type=A namehere.kname.com
hostname -f
cat /etc/hostname
cat /etc/hosts
nano /etc/hostname
namehere
nano /etc/hosts
# Generated by SolusVM
127.0.0.1   namehere.kname.com namehere    localhost localhost.localdomain
::1    localhost localhost.localdomain
192.0.2.0    namehere
shutdown -r now
ping -4ac2 192.0.2.0
ssh root@192.0.2.0
root@192.0.2.0's password:
hostname -f
cat /etc/hostname
cat /etc/hosts
hostname -f
cat /etc/hostname
cat /etc/hosts
dpkg -s tar
apt-get install tar
dpkg -s dialog
apt-get install dialog
dpkg -s gzip
apt-get install gzip
dpkg -s wget
apt-get install wget
wget github.com/iredmail/iRedMail/archive/refs/tags/1.6.2.tar.gz
ls 1.6.2.tar.gz
tar zxf 1.6.2.tar.gz
cd iRedMail-1.6.2
bash iRedMail.sh
Storage base directory:  /var/vmail
Store mail accounts in:  MariaDB
Web server:     Nginx
First mail domain name:   example.com
Mail domain admin:  postmaster@namehere.kname.com
Additional components:   Roundcubemail netdata iRedAdmin Fail2ban
shutdown -r now
ping -4ac2 192.0.2.0
ssh root@192.0.2.0
cat iRedMail-1.6.2/iRedMail.tips
exit
exit
exit

iRedMail.tips give login data. Initial visit to URL says Warning: Potential Security Risk Ahead. Later visits display no warnings. A valid email address should be added. Strict password will be required. postmaster@namehere.kname.com