Tuesday, March 10, 2015

Running Your Own Open Source Email Server


Final product image
What You'll Be Creating
About the time of Edward Snowden's NSA PRISM revelations, I began exploring alternative email systems. Australia-based FastMail caught my attention because of a friend's recommendation and the seemingly better privacy protections its home country offered:
“Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it."
However, some of FastMail's servers are actually hosted in the U.S. and email can be compromised in a variety of ways. Whether you use a third party service or host your own email, if privacy and security are your main concerns, you need to build your skill set on multiple levels.
I have no illusions that self-hosting your email will keep the government from reading it if it wants to. For example, Amazon recently received a $600 million contract to run the CIA’s cloud operations. But it will make it slightly more difficult and encourage open source innovators to move platforms towards a more private, more secure world.
If minimizing costs is your concern, keep in mind running your own mail server won't be free—it can easily cost from $7 to $15 monthly or more, depending on your configuration. And I highly recommend running a dedicated instance or server—mixing other apps on the same server can expose your email to a broad variety of threats.
One such platform I began experimenting with is iRedMail, an open source email server solution which runs on common Linux systems. iRedMail bundles RoundCube, an open source webmail client. Together, both provide a fairly decent Gmail alternative. And iRedMail supports IMAP and POP so you can run it with a variety of smartphone and tablet apps and desktop mail clients.
In this tutorial series, I'll walk you through the basics of installing and configuring iRedMail and RoundCube. If you want additional assistance, iRedMail also offers a premium administrative console and paid installation and support.
Don't be fooled into thinking this will be as easy as running WordPress. It's not. In addition to issues of security and privacy, you have to convince other mail servers to trust your mail server. So You'd Like to Send Some Email (Through Code) describes some of the complexity of managing this challenge, including configuring Reverse PTR and DomainKeys Identified Mail.
iRedMail is a free, full-featured, open source email server solution. It provides a straightforward automated installation procedure and runs on seven versions of Linux: Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, FreeBSD and OpenBSD. It's an open source project licensed under GPLv2.
With iRedMail, you control your own data. All of your personal data is on your server, not on a third party's. Mail can be stored with either PostgreSQL, MySQL or OpenLDAP.
For mail sending and delivery, it provides SMTP via Postfix and uses Dovecot to provide POP3/POP3S and IMAP/IMAPS. It provides several layers of anti-spam and threat protections including Amavisd, SpamAssassin, ClamAV and Fail2ban.
Here's a view that represents the overall iRedMail architecture:
iRedMail Open Source Email Architecture and Flow
Image credit: http://workaround.org/ispmail/lenny/bigpicture
It provides integrated webmail via Roundcube, which has its own developer community providing themes and plugins.
iRedMail Roundcube Webmail Client
Here's a complete list of RoundCube features.
Now I'll walk you through installing iRedMail with MySQL on Ubuntu 14.x. I'll be using this guide to installing and configuring Ubuntu at Digital Ocean, with one primary difference. Instead of using the LAMP stack in the Applications tab, we want to use the default Ubuntu 14.04 installation in the Distributions tab, as shown below during the setup process:
iRedMail Use the Default Ubuntu Installation
Of course, you can use any generic virtual server that you wish.
If you're using the 512MB memory instance, you will want to set up a swap file (scroll to Configuring Your Droplet), otherwise the anti-virus software will likely crash and prevent mail delivery.
Once you've received your IP address, you will need to map your domain name's DNS to the IP address. And you will need a secondary domain for the mail services.
For example, I'm using red.lookahead.me as a subdomain for my installation—it's my primary server hostname:
red.lookahead.me  A
But during the installation, iRedMail will also require a mail server domain or subdomain. I'm using mailserver.lookahead.me:
mailserver.lookahead.me   A
I chose the domains above for demonstration purposes, and those choices are reflected in the screenshots throughout the installation process below.
Another way to configure iRedMail is to set up your server with hostname mail.yourexampledomain.com and receive email at your root domain. So, again, when creating your server instance, set the hostname as mail.yourexampledomain.com. And, when prompted by iRedMail for your virtual server, provide the root domain.
In other words: instead of red.lookahead.me, configure the hostname as mail.yourexampledomain.com. Instead of mailserver.lookahead.me, specify yourexampledomain.com.
This will allow you to log in to Roundcube webmail at http://mail.yourexampledomain.com and send and receive email from youremail@yourexampledomain.com right out of the box.
Of course, you'll also need to add MX records with your domain name registrar for your chosen domain to route messages to your iRedMail server. Here's an example:
See also Setup DNS records for your iRedMail server.
We run the iRedMail installation from \root. So first we download the code and extract it from the BitBucket archive:
Then we'll run the installation script:
iRedMail will begin walking you through its installation wizard. You can often accept the default responses.
iRedMail Installation Welcome
First, you can set a path for the mailbox store:
iRedMail Installation Mail Storage Path
Then you can choose whether to use Nginx or Apache:
iRedMail Installation Choose Web Server
Next you can choose your mail store. We'll use MySQL for this demonstration:
iRedMail Installation Choose Mail Store
Specify a password for MySQL Server's administrator account:
iRedMail Installation Set MySQL Admin password
Then provide your secondary domain name for the mail server—not your server hostname. I'm using mailserver.lookahead.me:
iRedMail Installation Set First Virtual Domain Name
Specify a password for the administrator user account:
iRedMail Installation Set Password for Administrator
That completes the initial configuration. A file will be written to /root/iRedmail-0.9.0/config which needs to be secured but may be needed to refer to:
iRedMail Installation Configuration Complete
Click continue to begin the actual automated installation process. When it's done, you'll be shown your server URLs for using Roundcube and the administrative panel, iRedAdmin.
iRedMail Installation Automated Installation Complete
Congratulations, you're about ready to launch iRedMail. Reboot your server and let's check out what we've created.
In your browser, visit your webmail address, e.g. http://yourexampledomain.com/mail. You'll be greeted with the Roundcube login screen.
iRedMail RoundCube Login
When you log in, you'll see the Roundcube mailbox console:
Roundcube Client Desktop
Click Compose to send your first message:
Roundcube Send Mail
We'll explore Roundcube and its customization options further in an upcoming tutorial.
Now, let's explore the administration panel for iRedMail. Visit http://yourexampledomain.com/iredadmin to see the back-end login panel:
iRedMail Administration Login
When you log in, you'll see the iRedAdmin Dashboard:
iRedMail Administration Dashboard
Here, you can manage domains and accounts configured for your mail server:
iRedMail Administration Domains
And you can manage administrators:
iRedMail Administration Admins
Using the Add menu, you can add users:
iRedMail Administration Add User
In the next tutorial, I'll walk you through additional configurations of iRedMail and explore its administration back-end console.

No comments:

Post a Comment