1 Topic by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Topic: Pre Installation Questions

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  Don't Know yet
- Web server (Apache or Nginx):  Don't Know Yet
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I currently have all my email hosted with GoDaddy - they do a fine job, but renewals get expensive.

I have 5 domains they host and provide email for.  I'll let them continue to hold the domain names.

Here are my questions:

I intend to use a woothosting OpenVZ VPS system with a static IP.  It should have sufficient CPU, RAM and storage.

1.     Are there any real differences between using OpenLDAP and mySQL?
2.     I note from the install doc how to set up the first domain for email; how/where do I add in all the others
3.     My family is used to Godaddy's email.mydomain.com way of getting to webmail - can I set up iRedMail or my DNS records to allow the same access command?
4.      Other than strong user passwords, what security is running to disallow third parties to either a) send email through my system or b) hack the system?  I'm used to running iptables and only allowing a whitelisted person to have access, but that doesn't seem practical for sending/receiving email.  I know fail2ban is running, but that's sort of an after the fact security.  Can i run Iptables and block all non-whitelisted access except to ports X, Y and Z (and which ports are those <g>)?


Thanks.


Andrew

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by brix

  • brix
  • Member
  • Offline
  • Registered: 2014-01-22
  • Posts: 30

Re: Pre Installation Questions

Hello Andrew!
Great that you are interested to use self hosted email service instead of 3rd party hosting. iRedMail project is very good, very stable and getting more and more features. I have been using it for some years now and have very good experience with it.

Let me get to your questions:
1. It really depends on what else do you intend to do with iRedMail. For example, OpenLDAP is very good if you want to use Single sign-on. A lot of other software (I use owncloud, and custom applications) have LDAP support so you can then login to that service with your email - username and same password, so you use your email credentials to connect to other applications that email. But if you don't need this, MySQL is better as it's easier to maintain.

2. You just login to open source version of iRedAdmin web panel, which is provided in the project and there you can create new domains and new users. But if you need more advanced features, iRedAdmin-Pro is preferred, but for family use you probably don't need it.

3. You have to set DNS A type records on your domain to point to your VPS server. So email.mydomain.com -> VPS IP address. Godaddy has an interface for that and you can check the documentation on how to do it.
3.1 Also you will have to change the MX records for all the domains you want to migrate.

4. iRedMail is by default pretty secure. Last version has of course patched all the previous bugs and security problems. It has rules to block hosts that act as legit email servers and try to send spam through and to your system. And it has by default iptables set to allow only ports that are used for ssh access, email protocols and web panel access. Fail2ban is good for brute force attacks. You can for example add some additional block lists that contain malicious IP addresses. But you can get more crazy about security (IDS/IPS systems, more advanced firewalls, etc), but that is beyond the iRedMail project.

Also to note, you will have to manually update iRedMail by connecting to a shell by ssh and following step by step procedure, applying commands, changing configuration files. But if you are not familiar with Linux environment I would suggest iRedMail official support for that. (btw I'm not affiliated by iRedMail project, just know the person in charge of the project, he is very professional, skilful and will make update procedures smooth and will make sure that everything is working like it should)

Hope that cleared up some things, but if you have any other questions or more detailed answers for above, have no hesitation to ask smile

Greetings!

3 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Re: Pre Installation Questions

Brix,

How sweet of you to answer (I hope you get the joke).

The system will run iRedMail for the domains and a VPN to test web browsing, streaming, etc. beyond the throttling control of my ISP - this is just for fun, not the use of the system.

I have 4 processors and a couple gigs of RAM, but I don't think I'll be doing anything to make them sweat - I don't think I'll run a public web site for my domains from here.

Thanks for the fast response.


Andrew

brix wrote:

Hello Andrew!
Great that you are interested to use self hosted email service instead of 3rd party hosting. iRedMail project is very good, very stable and getting more and more features. I have been using it for some years now and have very good experience with it.

Let me get to your questions:
1. It really depends on what else do you intend to do with iRedMail. For example, OpenLDAP is very good if you want to use Single sign-on. A lot of other software (I use owncloud, and custom applications) have LDAP support so you can then login to that service with your email - username and same password, so you use your email credentials to connect to other applications that email. But if you don't need this, MySQL is better as it's easier to maintain.

2. You just login to open source version of iRedAdmin web panel, which is provided in the project and there you can create new domains and new users. But if you need more advanced features, iRedAdmin-Pro is preferred, but for family use you probably don't need it.

3. You have to set DNS A type records on your domain to point to your VPS server. So email.mydomain.com -> VPS IP address. Godaddy has an interface for that and you can check the documentation on how to do it.
3.1 Also you will have to change the MX records for all the domains you want to migrate.

4. iRedMail is by default pretty secure. Last version has of course patched all the previous bugs and security problems. It has rules to block hosts that act as legit email servers and try to send spam through and to your system. And it has by default iptables set to allow only ports that are used for ssh access, email protocols and web panel access. Fail2ban is good for brute force attacks. You can for example add some additional block lists that contain malicious IP addresses. But you can get more crazy about security (IDS/IPS systems, more advanced firewalls, etc), but that is beyond the iRedMail project.

Also to note, you will have to manually update iRedMail by connecting to a shell by ssh and following step by step procedure, applying commands, changing configuration files. But if you are not familiar with Linux environment I would suggest iRedMail official support for that. (btw I'm not affiliated by iRedMail project, just know the person in charge of the project, he is very professional, skilful and will make update procedures smooth and will make sure that everything is working like it should)

Hope that cleared up some things, but if you have any other questions or more detailed answers for above, have no hesitation to ask smile

Greetings!