What You'll Be CreatingAbout the time of Edward Snowden's NSA PRISM revelations, I began exploring alternative email systems. Australia-based FastMail caught my attention because of a friend's recommendation and the seemingly better privacy protections its home country offered:
“Australia
does not have any equivalent to the US National Security Letter, so we
cannot be forced to do something without being allowed to disclose it."
However, some of FastMail's servers are actually hosted
in the U.S. and email can be compromised in a variety of ways. Whether
you use a third party service or host your own email, if privacy and
security are your main concerns, you need to build your skill set on
multiple levels.
I have no illusions that self-hosting your email will keep the government from reading it if it wants to. For example, Amazon recently received a $600 million contract to run the CIA’s cloud operations. But
it will make it slightly more difficult and encourage open source
innovators to move platforms towards a more private, more secure world.
If
minimizing costs is your concern, keep in mind running your own mail
server won't be free—it can easily cost from $7 to $15 monthly or more,
depending on your configuration. And I highly recommend running a
dedicated instance or server—mixing other apps on the same server can
expose your email to a broad variety of threats.
One such platform I began experimenting with is iRedMail, an open source email server solution which runs on common Linux systems. iRedMail bundles RoundCube,
an open source webmail client. Together, both provide a fairly decent
Gmail alternative. And iRedMail supports IMAP and POP so you can run it
with a variety of smartphone and tablet apps and desktop mail clients.
In
this tutorial series, I'll walk you through the basics of installing
and configuring iRedMail and RoundCube. If you want additional
assistance, iRedMail also offers a premium administrative console and
paid installation and support.
Don't be fooled into thinking
this will be as easy as running WordPress. It's not. In addition to
issues of security and privacy, you have to convince other mail servers
to trust your mail server. So You'd Like to Send Some Email (Through Code) describes some of the complexity of managing this challenge, including configuring Reverse PTR and DomainKeys Identified Mail.
Overview of iRedMail Features
iRedMail
is a free, full-featured, open source email server solution. It
provides a straightforward automated installation procedure and runs on
seven versions of Linux: Red Hat Enterprise Linux, CentOS, Scientific
Linux, Debian, Ubuntu, FreeBSD and OpenBSD. It's an open source project
licensed under GPLv2.
With iRedMail, you control your own data.
All of your personal data is on your server, not on a third party's.
Mail can be stored with either PostgreSQL, MySQL or OpenLDAP.
For
mail sending and delivery, it provides SMTP via Postfix and uses Dovecot
to provide POP3/POP3S and IMAP/IMAPS. It provides several layers of
anti-spam and threat protections including Amavisd, SpamAssassin, ClamAV
and Fail2ban.
Here's a view that represents the overall iRedMail architecture: Image credit: http://workaround.org/ispmail/lenny/bigpicture
It provides integrated webmail via Roundcube, which has its own developer community providing themes and plugins. Here's a complete list of RoundCube features.
Installing iRedMail
Configuring Your Operating System
Now I'll walk you through installing iRedMail with MySQL on Ubuntu 14.x. I'll be using this guide to installing and configuring Ubuntu at Digital Ocean, with
one primary difference. Instead of using the LAMP stack in the
Applications tab, we want to use the default Ubuntu 14.04 installation
in the Distributions tab, as shown below during the setup process: Of course, you can use any generic virtual server that you wish.
If you're using the 512MB memory instance, you will want to set up a swap file (scroll to Configuring Your Droplet), otherwise the anti-virus software will likely crash and prevent mail delivery.
Configuring Your Domain Name
Once
you've received your IP address, you will need to map your domain
name's DNS to the IP address. And you will need a secondary domain for
the mail services.
For example, I'm using red.lookahead.me as a subdomain for my installation—it's my primary server hostname: red.lookahead.me A 104.236.52.19
But during the installation, iRedMail will also require a mail server domain or subdomain. I'm using mailserver.lookahead.me: mailserver.lookahead.me A 104.236.52.19
Important: Choosing Your Default Domains
I
chose the domains above for demonstration purposes, and those choices
are reflected in the screenshots throughout the installation process
below.
Another way to configure iRedMail is to set up your server
with hostname mail.yourexampledomain.com and receive email at your root
domain. So, again, when creating your server instance, set the hostname
as mail.yourexampledomain.com. And, when prompted by iRedMail for your
virtual server, provide the root domain.
In other words: instead
of red.lookahead.me, configure the hostname
as mail.yourexampledomain.com. Instead of mailserver.lookahead.me,
specify yourexampledomain.com.
This will allow you to log in to Roundcube webmail at http://mail.yourexampledomain.com and send and receive email from youremail@yourexampledomain.com right out of the box.
Of
course, you'll also need to add MX records with your domain name
registrar for your chosen domain to route messages to your iRedMail
server. Here's an example:
iRedMail will begin walking you through its installation wizard. You can often accept the default responses. First, you can set a path for the mailbox store: Then you can choose whether to use Nginx or Apache: Next you can choose your mail store. We'll use MySQL for this demonstration: Specify a password for MySQL Server's administrator account: Then provide your secondary domain name for the mail server—not your server hostname. I'm using mailserver.lookahead.me: Specify a password for the administrator user account: That completes the initial configuration. A file will be written to /root/iRedmail-0.9.0/config which needs to be secured but may be needed to refer to: Click
continue to begin the actual automated installation process. When it's
done, you'll be shown your server URLs for using Roundcube and the
administrative panel, iRedAdmin. Congratulations, you're about ready to launch iRedMail. Reboot your server and let's check out what we've created.
Using Roundcube
In your browser, visit your webmail address, e.g. http://yourexampledomain.com/mail. You'll be greeted with the Roundcube login screen. When you log in, you'll see the Roundcube mailbox console: Click Compose to send your first message: We'll explore Roundcube and its customization options further in an upcoming tutorial.
Administering iRedMail
Now, let's explore the administration panel for iRedMail. Visit http://yourexampledomain.com/iredadmin to see the back-end login panel: When you log in, you'll see the iRedAdmin Dashboard: Here, you can manage domains and accounts configured for your mail server: And you can manage administrators: Using the Add menu, you can add users:
Advertisement
What's Next?
In
the next tutorial, I'll walk you through additional configurations of
iRedMail and explore its administration back-end console.
No comments:
Post a Comment