iRedMail-Home

iRedMail Extras

revised: 19-Feb-2022

a. Webmin Module for Nginx

iRedmail installs the Nginx Webserver but the Webmin module for this webserver is not installed by default.

Note: To install the Webmin Nginx Webserver module, go to [Webmin]->[Webmin Configuration]-.[Webmin Modules] and activate the button 'From ftp or http URL' and enter this link: https://www.justindhoffman.com/sites/justindhoffman.com/files/nginx-0.11.wbm_.gz
Click on the button 'Install Module'
Return to the main menu and click on 'Refresh Modules' - all the server related modules should now appear and are active.
Should it fail, download the module file at the above link. With this file on your computer, again go to [Webmin]->[Webmin Configuration]-.[Webmin Modules] and select "Uploaded File" then, via the button, choose this file and install it.
Warning: Do not attempt to configure mail users or domains for iRedmail via Webmin - for that purpose see below point b. iRedadmin

b. iRedadmin

Configure of domains and users are all done via the application's admin page in the browser with a link such as: https://[example.com]/iredadmin or https://[YourIP]/iredadmin
Of the warning, accept the exception.
This should open the logon page for the Admin Panel.
Enter: postmaster@[example.com] then its password
In the assumption that the iRedmail was setup with the primary domain (eg. example.com), one would simply add users and set the storage quota of their mailboxes. If other domains are hosted on the server, the domains are first required to be set then the users. The usernames of users for logging all follow this pattern: somename@example.com

c. DNS Security Settings for a Mailserver

Assumption: That the A and MX settings for mail have been set, that is: The two settings are needed for the mailserver in the DNS table:
a. In 'A'; mail   Value: 12.34.56.78   Note: that the IP entry your [IP-address]
b. In 'MX'; mail.example.com   Value: 10  

Due to much abuse of relaying spam and criminal emails through open mailservers, one needs to take these step to secure and protect one's own mailserver. Some important measures is to introduce in the 'TXT' field of each domain the settings provided by iRedmain installation details.
In this first three email messages for the admin user: postmaster@example.com, there is one entitled,'Details of this iRedMail installation'
Within this message there is a section labelled: 'DNS record for DKIM support:' having a 'key' such as this:
1. DKIM setting with TTL set at 3600
dkim._domainkey 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCv1m1hohgWwgYk7byQ6RwKT"
"Kw0ZWWAY7jvVRdmuylJbw5S2yOD0XakwQTOm3BQGVlNElEFVKBrIH"
"PbDRbZuNvHy16p0hcremMNGwblV3C3OQYny0TR2Ab9XWak6DdcMPH"
"YGUZFGp6gp5DD/eWDwIDAQAB")

Using a text editor, one requires to modify the above to create the following entries in the DNS manager:
1. DKIM key Setting with TTL set at 3600
a. dkim._domainkey
b. v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBA....eWDwIDAQAB - as one long single line with no interrupting quotes.

Note: All domains on the server will have the same entry with the same domainname key.

2. DMARC Setting with TTL set at 3600
a. _dmarc
b. v=DMARC1; p=none; rua=mailto:postmaster@example.com; aspf=r; pct=50
Note: Once in operation: change p=none; to p=quarantine;

3. SPF setting with TTL set at default
a. _spf
b. v=spf1 a ip4:[Your Ip] include:example.com -all

4. _smtp._tls setting with TTL set at default
Two settings are needed for the mailserver in the DNS table:
a. _smtp._tls
b. v=TLSRPTv1; rua=mailto:tls-reports@example.com // also create this mailbox via the browser -> iRedadmin

The settings in the Linode DNS Manager will look similar to these (other DNS may have a sligthly different layout):
DNS Record Settings

DNS Record Settings2

For reference: see install-iredmail-on-ubuntu
Tip#01 Check Your Setting: For verify that the settings were properly done and are effective against spam-abuse, make use of these sites:
a. Check SPF settings: Validate SPF by kitterman.com
b. Check one's anti-spam mail status at this website's facility: Mail-Tester.com
Tip#02 Also implement MTA-STS protocal settings to avoid receipent emails received going into their spambox -- see iRedMailSwitch-PartC
iRedMail-Home iRedMail-Extras
iRedMail-Backup iRedMail-Switch