DebianDebian Based

How To Install iRedmail on Debian 13

r00t
8 minutes read

Install iRedmail on Debian 13

Running your own mail server used to mean cobbling together Postfix, Dovecot, SpamAssassin, and ClamAV one package at a time, debugging config files for days before sending a single test email. iRedMail removes that pain entirely. It is a battle-tested, open-source mail server installer that sets up a full production-grade email stack on your Linux server in under 30 minutes. This guide walks you through exactly how to install iRedMail on Debian 13 (Trixie), from a fresh VPS to a working mail server, including DNS, SSL, and post-install verification.

Debian 13, also known as Trixie, ships with updated packages including Dovecot 2.4, which introduced breaking changes from version 2.3. The iRedMail Enterprise Edition (EE) has been updated to fully support Debian 13 Trixie, making it the recommended installation path for this release. This guide covers the Enterprise Edition installer, the correct DNS configuration, and the most common troubleshooting scenarios you will hit on a real server.

By the end of this tutorial, you will have a fully operational self-hosted mail server running Postfix, Dovecot, Roundcube webmail, Amavisd, ClamAV, SpamAssassin, and iRedAdmin on Debian 13.

What Is iRedMail and Why Use It?

iRedMail is a free, open-source shell script that automates the installation and configuration of a complete mail server stack on Linux and BSD systems. Instead of manually installing and wiring together a dozen components, iRedMail handles the entire setup through an interactive terminal wizard.

Here is what iRedMail installs and configures for you automatically:

  • Postfix — SMTP server for sending and receiving mail
  • Dovecot — IMAP and POP3 server for mail retrieval
  • Amavisd-new — Content filter that connects Postfix to spam and AV scanners
  • SpamAssassin — Spam detection and scoring engine
  • ClamAV — Open-source antivirus scanner for email attachments
  • Roundcube — Fast, lightweight webmail interface
  • SOGo — Groupware with calendar, contacts, and ActiveSync support
  • iRedAdmin — Web-based mail server admin panel
  • Nginx or Apache — Web server for webmail and admin interfaces
  • OpenLDAP, MySQL/MariaDB, or PostgreSQL — Mail account backend (your choice)

iRedMail comes in two editions. The Community Edition uses the open-source shell script installer. The Enterprise Edition (EE) is the newer deployment platform with a web-based setup wizard, built-in update support, and is the version with confirmed Debian 13 Trixie support. For this guide, the Enterprise Edition is the recommended path on Debian 13.

Prerequisites

Before you start the iRedMail on Debian 13 setup, confirm the following:

Server requirements:

  • A fresh Debian 13 (Trixie) installation with no existing mail components (no Postfix, Dovecot, MySQL, or OpenLDAP already installed)
  • Minimum 4 GB RAM for a production server with spam and virus scanning enabled; 2 GB bare minimum for testing only
  • Minimum 20 GB disk space (mail storage grows over time)
  • A static public IP address
  • Port 25 must be open — many VPS providers (Vultr, AWS, Azure, Google Cloud) block port 25 by default; contact your provider to unblock it before proceeding
  • UID/GID 2000, 2001, and 2002 must not be in use by any existing users or groups

Access and DNS requirements:

  • Root or sudo SSH access to the server
  • A registered domain name (e.g., example.com)
  • Access to your domain DNS management panel
  • The ability to set a PTR (reverse DNS) record through your VPS provider control panel

Step 1: Update Your System and Set the Hostname

The first step in this Linux server tutorial is getting your Debian 13 server into a clean, updated state and configuring the correct hostname. iRedMail is strict about this: the hostname must be a Fully Qualified Domain Name (FQDN) before the installer runs, or the setup will fail or misconfigure your server.

Update All System Packages

Connect to your server via SSH as root, then run:

apt update && apt upgrade -y

This updates the package list and installs all available upgrades. Always do this first on a fresh VPS before installing anything.

Set Your Server Hostname

Your FQDN should follow the pattern mail.yourdomain.com. Set it with:

hostnamectl set-hostname mail.example.com

Now update /etc/hostname:

nano /etc/hostname

The file should contain only the short hostname:

mail

Next, edit /etc/hosts to map the FQDN to your server IP:

nano /etc/hosts

Add or update this line, replacing 203.0.113.10 with your actual server IP:

203.0.113.10   mail.example.com   mail

Important: List the FQDN first in that line, before the short hostname. iRedMail reads this file during installation.

Verify the FQDN

hostname -f

Expected output:

mail.example.com

If the output still shows the old hostname, reboot the server and verify again before continuing.

Install Required Utilities

apt install -y gzip dialog

dialog provides the terminal-based installation menu. gzip handles tarball decompression.

Step 2: Download the iRedMail Enterprise Edition Installer

Since the iRedMail Community Edition shell script has limited Debian 13 support at this time, this guide uses the iRedMail Enterprise Edition installer, which has confirmed Trixie compatibility including full support for Dovecot 2.4.

Download the Installer

Navigate to https://www.iredmail.org/download.html for the latest release, or grab it directly:

cd /root
wget https://github.com/iredmail/iRedMail/releases/download/1.7.4/iRedMail-1.7.4.tar.gz

Check the official download page for the latest version number and replace 1.7.4 if a newer release is available.

Verify the Checksum

sha256sum iRedMail-1.7.4.tar.gz

Compare the output against the checksum on the official download page. If they match, the file is intact and untampered.

Extract and Prepare

tar zxf iRedMail-1.7.4.tar.gz
cd /root/iRedMail-1.7.4/
chmod +x iRedMail.sh

Step 3: Run the iRedMail Installation Wizard

Now the actual installation begins. The iRedMail installer is an interactive terminal wizard that asks you a series of straightforward questions.

Launch the Installer

bash iRedMail.sh

The installer checks your system for conflicts, then launches the text-based setup wizard.

Step 3.1 — Mail Storage Location

The wizard first asks where to store all mailboxes. The default is /var/vmail/. Accept this default unless you have a dedicated disk or partition mounted at a different path.

Step 3.2 — Choose a Web Server

Select between Nginx (recommended) and Apache. Nginx uses less memory and handles concurrent connections more efficiently for webmail.

Step 3.3 — Choose a Database Backend

Backend Best For
OpenLDAP Large enterprise setups with many users
MySQL/MariaDB Most users — simpler management, broad compatibility
PostgreSQL Teams already running PostgreSQL infrastructure

For most setups, choose MySQL/MariaDB. The installer generates a strong random password automatically and saves it to iRedMail.tips.

Step 3.4 — Set Your Mail Domain Name

Enter your primary mail domain — the part after @ in email addresses:

example.com

Do not enter the server hostname (mail.example.com) here. Enter the base domain only.

Step 3.5 — Set the Admin Account Password

Set a strong password for postmaster@example.com. This account doubles as both a mail user and the iRedAdmin administrator. Store it in a password manager immediately.

Step 3.6 — Choose Optional Components

  • Roundcube — Lightweight webmail; best if you only need email access
  • SOGo — Full groupware with calendar, contacts, and ActiveSync; requires more RAM
  • Netdata — Real-time server monitoring dashboard
  • Fail2Ban — Blocks brute-force login attempts on SSH, SMTP, and IMAP

For a standard production setup, select Roundcube and Fail2Ban at minimum.

Step 3.7 — Confirm and Start Installation

Type Y and press Enter to begin:

Continue? [y|N]   y

The installer downloads and configures all packages automatically. This typically takes 5 to 15 minutes. Do not interrupt it.

Step 4: Post-Installation Configuration

Installation finishing is not the same as installation being done. Several critical steps remain before your mail server is ready for production.

Read the iRedMail Tips File Immediately

cat /root/iRedMail-1.7.4/iRedMail.tips

This file contains all generated database passwords, web interface URLs, configuration file paths, and your DKIM public key. Save it securely before doing anything else.

Reboot the Server

reboot

After the server comes back up, verify all core services are running:

systemctl status postfix dovecot nginx amavis clamav-daemon

Each service should show active (running). If any service failed, check its logs with journalctl -u servicename.

Access the Web Interfaces

After rebooting, visit these URLs in a browser (replace mail.example.com with your hostname):

  • Roundcube webmail: https://mail.example.com/mail/
  • SOGo Groupware: https://mail.example.com/SOGo
  • iRedAdmin panel: https://mail.example.com/iredadmin/

Your browser will show a security warning because iRedMail installs a self-signed SSL certificate by default. This is expected and gets resolved in the next step.

Install a Let’s Encrypt SSL Certificate

Install Certbot:

apt install -y certbot python3-certbot-nginx

Obtain a certificate for your mail hostname:

certbot --nginx -d mail.example.com

Certbot modifies the Nginx configuration to use the new certificate automatically. Restart the affected services:

systemctl restart postfix dovecot nginx

Add a cron job for automatic renewal:

crontab -e

Add this line:

@daily certbot renew --quiet --post-hook 'systemctl restart postfix dovecot nginx'

Step 5: Configure DNS Records to configure iRedMail on Debian 13 for Deliverability

Correct DNS records separate a mail server that delivers successfully from one that lands in spam or gets rejected. This step is non-negotiable for production use.

A Record

Name Type Value TTL
mail.example.com A 203.0.113.10 1800

MX Record

Name Type Priority Value TTL
example.com MX 10 mail.example.com 1800

PTR (Reverse DNS) Record

Log into your VPS provider control panel and set reverse DNS for your server IP to resolve to mail.example.com. This is one of the most common reasons new servers land in spam — receiving servers run a reverse DNS check and reject mail from IPs with no valid PTR.

SPF Record

Name: example.com
Type: TXT
Value: "v=spf1 mx ip4:203.0.113.10 -all"
TTL: 3600

The -all mechanism means mail from any other source is rejected. Use ~all (soft fail) during initial testing.

DKIM Record

Retrieve your DKIM public key from the server:

amavisd showkeys

Copy the output inside the () brackets, combine it into one continuous string, and create a TXT record:

Name: dkim._domainkey.example.com
Type: TXT
Value: "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ..."
TTL: 3600

Critical warning: The DKIM record must go on dkim._domainkey.example.com, NOT on example.com. This is the most common DKIM configuration mistake.

Verify the record after publishing:

amavisd testkeys

Expected output: TESTING: dkim._domainkey.example.com => pass

DMARC Record

Name: _dmarc.example.com
Type: TXT
Value: "v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc@example.com"
TTL: 3600

Start with p=quarantine to monitor mail flow without rejecting legitimate messages. Switch to p=reject once SPF and DKIM pass consistently.

Step 6: Verify Your Mail Server Is Working

With DNS records configured, test the full setup before going live.

Test with mail-tester.com

Send an email from postmaster@example.com to the address shown on mail-tester.com. The site scores your message out of 10 based on SPF, DKIM, DMARC, blacklist presence, and content. A score of 9 or 10 confirms a healthy server.

Check Mail Logs

After sending a test email, inspect the Postfix log:

tail -f /var/log/mail.log

Look for status=sent for successful deliveries. Any status=bounced or status=deferred lines will include an error reason to investigate.

Troubleshooting Common Errors

Port 25 Is Blocked by Your VPS Provider

Symptoms: Outbound email never leaves the server; mail.log shows connection timeouts to port 25.

Solution: Contact your VPS provider and request that port 25 be unblocked for your server IP. This is a manual approval process at Linode, AWS, and Azure. DigitalOcean does not unblock port 25 for new accounts.

Out of Memory — Services Crashing

Symptoms: ClamAV or Amavisd crashes shortly after starting; database crashes; mail delivery fails intermittently.

Solution: Upgrade to at least 4 GB RAM, or disable ClamAV by editing /etc/amavis/conf.d/15-content_filter_mode and commenting out the ClamAV-related lines.

FQDN Not Set Correctly

Symptoms: iRedMail installer throws a hostname error, or Postfix sends mail from the wrong domain.

Solution: Re-check /etc/hostname (short name only) and /etc/hosts (FQDN listed first). Run hostname -f to verify before re-running the installer.

DKIM Test Shows “fail”

Symptoms: amavisd testkeys returns fail.

Solution: Delete the DNS record, re-run amavisd showkeys, and reconstruct the value as one continuous string without extra spaces or line breaks. Confirm the record is published at dkim._domainkey.example.com.

Emails Going to Spam Despite Correct DNS

Symptoms: Mail-tester.com score below 7; Gmail marks messages as spam.

Solution: Confirm the PTR record is set correctly. Check whether your server IP appears on any realtime blacklists (RBLs) using the Blacklist check on MXToolbox. Some fresh VPS IPs arrive pre-listed and need to be delisted before you can send reliably.

Security Hardening After Installation

Configure Fail2Ban

Verify it is active and monitoring the right services:

fail2ban-client status

Confirm that dovecot, postfix, and sshd jails are active. Fail2Ban blocks IPs that fail authentication repeatedly, stopping brute-force attacks.

Configure the Firewall

apt install -y ufw
ufw allow 22/tcp
ufw allow 25/tcp
ufw allow 465/tcp
ufw allow 587/tcp
ufw allow 993/tcp
ufw allow 995/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable

Enable Automatic Security Updates

apt install -y unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

This installs security patches automatically without requiring manual intervention.

Congratulations! You have successfully installed iRedmail. Thanks for using this tutorial for installing the iRedmail free and open-source mail server on Debian 13 “Trixie” system. For additional help or useful information, we recommend you check the official iRedmail website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
8 minutes read
Photo of r00t

r00t

r00t is a dedicated and highly skilled Linux Systems Administrator with over a decade of progressive experience in designing, deploying, and maintaining enterprise-grade Linux infrastructure. His professional journey began in the telecommunications industry, where early exposure to Unix-based operating systems ignited a deep and enduring passion for open-source technologies and server administration.​ Throughout his career, r00t has demonstrated exceptional proficiency in managing large-scale Linux environments, overseeing more than 300 servers across development, staging, and production platforms while consistently achieving 99.9% system uptime. He holds advanced competencies in Red Hat Enterprise Linux (RHEL), Debian, and Ubuntu distributions, complemented by hands-on expertise in automation tools such as Ansible, Terraform, Bash scripting, and Python.
Copyright © 2026 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button