SIMPLFIED: Your own mail server (Postfix, Dovecot, SpamAssasin, ClamAV, Roundcube, SSL, Admin Panel)

The Stack

I was about to do the usual dance of setting up a mail system comprising of:

  • Postfix (outbound)
  • Dovecot (inbound – pop and imap)
  • MySQL (MariaDB for mailboxes etc.)
  • SpamAssassin (anti-spam)
  • ClamAV (anti-virus)
  • Roundcube (webmail)
  • Nginx (for the webmail)
  • SSL keys for everything
  • DNS – DKIM/SPF/etc
  • Fail2ban
  • IPTables firewall additions

It’s pretty intense setting all this up, so it’s recommended that you build using a configuration management tool like Ansible.

I took a look to see if there was a more modern way to do all this..

Enter iRedmail

iRedmail is an open source package that installs/configures all of the above and an administration panel iRedAdmin! The panel allows for user and domain administration but the pro version is what handles aliases and so on. It’s very expensive an unnecessary. You can make the same changes via the DB with one liners. If you have a server like Jenkins, you could easily push-button automate this. If/when I do, I’ll update this post.

You still need to add all the DNS entries (SPF, DKIM, etc) and sort out your SSL certs, plus integration with a smarthost (like Sendgrid).

Go here: and follow the instructions for your OS. It’s really *that* easy. It will even install the database server for you. 🙂

Add SendGrid (or another smart host / relay service) support

Postfix: /etc/postfix/

However, the local AV instance expects an unencrypted connection, so you need to account for this. Remember to restart the service after the config change with (debian/ubuntu) /etc/init.d/postfix restart.

# Sendgrid smarthost
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:USERNAME:PASSWORD
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = []:587

Postfix: /etc/postfix/

Amavisd integration.
smtp-amavis unix – – – – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o smtp_tls_security_level=none inet n – – – – smtpd
-o content_filter=
-o mynetworks_style=host
-o mynetworks=
-o local_recipient_maps=
-o relay_recipient_maps=

< snip >