How To Install iRedmail on Fedora 43
Running your own mail server gives you full control over your data, your deliverability, and your infrastructure. If you have been relying on third-party services like Google Workspace or Zoho Mail, the costs add up fast, and you are always one policy change away from losing access. iRedMail is a free, open-source mail server solution that bundles Postfix, Dovecot, Nginx, Roundcube, SpamAssassin, ClamAV, and more into a single automated installer, making it one of the most practical ways to self-host email on Linux. This guide walks you through how to install iRedMail on Fedora 43 from scratch, covering every step from system preparation to DNS configuration, so your mail server is production-ready by the end.
What Is iRedMail and Why Fedora 43?
iRedMail is not just a single application. It is a shell-script-based deployment tool that installs and wires together a complete mail server stack in one run. Here is every component it sets up for you:
- Postfix — Mail Transfer Agent (MTA) that handles sending and receiving email
- Dovecot — IMAP and POP3 server for mail client access
- Nginx — Web server that powers the webmail and admin interfaces
- Roundcube — Browser-based webmail client written in PHP
- Amavisd-new — Interface between Postfix and the spam/virus scanners
- SpamAssassin — Content-based spam scoring engine
- ClamAV — Antivirus scanner for incoming and outgoing mail
- Fail2Ban — Monitors logs and blocks IPs showing brute-force behavior
- iRedAPD — iRedMail’s own Postfix policy server with SRS support
- iRedAdmin — Web-based administration panel for managing domains and users
Fedora 43, released in October 2025, ships with DNF 5 for faster dependency resolution, GCC 15.2, and RPM 6.0 for enhanced package security. It is a strong base for a production mail server because it stays close to upstream packages and gets security updates quickly.
Backend Database Options
During installation, iRedMail asks which database backend to use for storing mail accounts. Your three choices are:
- MariaDB — Best for most small to medium deployments; widely documented
- PostgreSQL — Solid choice if you prefer strict relational integrity
- OpenLDAP — Best for large enterprise setups with centralized directory services
If you are not sure, choose MariaDB. It is the most common choice and has the most community support.
Prerequisites Before You Start
Before touching the installer, make sure your environment meets these requirements.
Hardware and System Requirements
- A fresh Fedora 43 installation with no existing Postfix, Dovecot, MySQL, or OpenLDAP running
- Minimum 4 GB RAM; 8 GB recommended if you enable ClamAV antivirus scanning
- Minimum 40 GB disk space for the OS, mail storage, and logs
- A static public IP address
- UIDs and GIDs 2000, 2001, and 2002 must not be in use by existing system users
Networking Requirements
- A registered domain name (example:
yourdomain.com) - A Fully Qualified Domain Name (FQDN) hostname for your server (example:
mail.yourdomain.com) - Firewall ports 25, 587, 993, 995, 80, and 443 must be open
- Port 25 must not be blocked by your hosting provider. Note that DigitalOcean blocks port 25 permanently, and providers like Vultr, AWS EC2, and Linode require you to submit a support request to unblock it
- A reverse DNS (PTR) record configured through your VPS provider, pointing your server IP back to the FQDN
Access Requirements
- Root or full
sudoaccess to the server - No control panel software installed (cPanel, Plesk, Webmin) — these conflict with iRedMail’s configuration files
Step 1: Prepare Your Fedora 43 Server
Set the FQDN Hostname
The iRedMail installer reads your system hostname during setup and uses it to configure Postfix, Dovecot, and SSL certificates. If the hostname is wrong at install time, the entire stack misconfigures itself.
Set the hostname with:
sudo hostnamectl set-hostname mail.yourdomain.comVerify it returned the full FQDN, not just a short name:
hostname -fExpected output:
mail.yourdomain.comUpdate /etc/hosts
Now map that FQDN to your server’s IP in /etc/hosts. Open the file with your preferred editor:
sudo nano /etc/hostsAdd this line at the top, replacing the IP with your actual server IP:
203.0.113.10 mail.yourdomain.com mailThis ensures the installer can resolve the hostname locally even before DNS propagates.
Disable SELinux
iRedMail does not support SELinux in enforcing mode on RHEL-family systems. Running the installer with SELinux active will cause service failures that are difficult to debug.
Edit the SELinux configuration file:
sudo nano /etc/selinux/configChange the value to:
SELINUX=disabledTo disable it immediately without rebooting, run:
sudo setenforce 0A full reboot later will apply the permanent change from the config file.
Update the System
Run a full system update before anything else. Fedora 43 uses DNF 5, which is significantly faster than previous versions:
sudo dnf update -yThis avoids package conflicts during installation and ensures your system is on the latest security patches.
Step 2: Download the iRedMail Installer
Always download iRedMail directly from the official GitHub releases page to get the latest stable version. Never use a third-party mirror.
Move to the /root directory:
cd /rootDownload the installer tarball. Check the official GitHub page for the latest version number and replace 1.7.1 if a newer release is available:
curl -L https://github.com/iredmail/iRedMail/archive/refs/tags/1.7.1.tar.gz -o iRedMail-1.7.1.tar.gzExtract the archive:
tar zxf iRedMail-1.7.1.tar.gzEnter the extracted directory and make the script executable:
cd iRedMail-1.7.1/
chmod +x iRedMail.shYour installer is now ready to run.
Step 3: Run the iRedMail Installation Script
The iRedMail installer is an interactive, wizard-driven script. It asks you a series of questions and then handles every package installation and configuration step automatically.
Launch the script:
sudo bash iRedMail.shThe script performs initial system checks and enables the iRedMail package repository. Walk through each prompt as follows.
Prompt 1: Mail Storage Path
The default storage location for all mailboxes is /var/vmail. Accept the default unless you have a dedicated disk mounted elsewhere. Press Next to continue.
Prompt 2: Web Server
Choose Nginx. It uses less memory than Apache and performs better under production load.
Prompt 3: Backend Database
Select MariaDB for most setups. If you chose OpenLDAP, the installer will ask you to set an LDAP suffix at this step. For MariaDB and PostgreSQL, iRedMail generates a strong random password and saves it to the iRedMail.tips file.
Prompt 4: First Mail Domain
Enter your registered domain name — for example, yourdomain.com. Do not enter the server FQDN here. This domain becomes the primary virtual domain for all mail accounts.
Prompt 5: Admin Account Password
Set a strong password for the postmaster@yourdomain.com admin account. This account controls the iRedAdmin web panel and can log into Roundcube webmail.
Prompt 6: Optional Components
You will see a checklist of optional components. Here is what each one does and whether to enable it:
| Component | Enable? | Reason |
|---|---|---|
| Roundcube | Yes | Browser-based webmail; highly recommended |
| iRedAdmin | Yes | Web admin panel for users and domains |
| Fail2Ban | Yes | Protects against brute-force login attacks |
| ClamAV | Yes if RAM > 4 GB | Antivirus scanning; memory-hungry |
| SOGo | Optional | Full groupware with calendar and contacts |
| Netdata | Optional | Real-time system monitoring dashboard |
Prompt 7: Confirm and Install
Review the configuration summary the installer displays. Type Y and press Enter to begin.
Installation takes between 5 and 15 minutes depending on your server’s speed and internet connection. Do not interrupt it.
Step 4: Post-Installation Setup
Reboot the Server
The installer requires a reboot to apply all changes, including the SELinux disable and service registrations:
sudo rebootRead the iRedMail Tips File
After the reboot, the single most important file on your server is:
/root/iRedMail-1.7.1/iRedMail.tipsThis file contains all generated credentials, database passwords, URLs, and service configuration locations. Read it immediately and then restrict its permissions:
chmod 600 /root/iRedMail-*/iRedMail.tipsAccess the Web Interfaces
All web interfaces are ready immediately after the reboot. Access them using your server FQDN:
| Service | URL |
|---|---|
| Roundcube Webmail | https://mail.yourdomain.com/mail/ |
| iRedAdmin Panel | https://mail.yourdomain.com/iredadmin/ |
| SOGo Groupware (if installed) | https://mail.yourdomain.com/SOGo/ |
| Netdata Dashboard (if installed) | https://mail.yourdomain.com/netdata/ |
Your browser will show a self-signed certificate warning on first visit. That is expected; you will replace this with a Let’s Encrypt certificate in the hardening section below.
Verify Services Are Running
Confirm all critical services started correctly:
sudo systemctl status postfix dovecot nginx amavisdIf any service failed to start, check its log with journalctl -u servicename before proceeding.
Step 5: Configure Firewalld
Fedora 43 uses firewalld by default, and the mail server needs specific ports open to communicate with the outside world.
Open all required ports with these commands:
sudo firewall-cmd --permanent --add-service=smtp
sudo firewall-cmd --permanent --add-service=smtps
sudo firewall-cmd --permanent --add-service=imap
sudo firewall-cmd --permanent --add-service=imaps
sudo firewall-cmd --permanent --add-service=pop3s
sudo firewall-cmd --permanent --add-port=587/tcp
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadVerify your open ports:
sudo firewall-cmd --list-allPort 25 handles server-to-server SMTP delivery. Port 587 is for authenticated client submission. Both must be open and unblocked by your hosting provider.
Step 6: Configure DNS Records for Email Deliverability
This is the step most people get wrong, and it is the reason emails land in spam. Proper DNS configuration tells the world that your server is a legitimate sender.
MX Record
This record tells other mail servers where to deliver email for your domain:
yourdomain.com. IN MX 10 mail.yourdomain.com.A and PTR Records
The A record maps your mail subdomain to your server IP:
mail.yourdomain.com. IN A 203.0.113.10The PTR record (reverse DNS) must be configured through your VPS control panel or hosting provider support team. It maps your IP back to the FQDN. Without this, many mail servers will reject your outbound mail.
SPF Record
SPF (Sender Policy Framework) authorizes your server IP to send mail on behalf of your domain:
yourdomain.com. IN TXT "v=spf1 mx ip4:203.0.113.10 -all"DKIM Record
iRedMail generates DKIM signing keys automatically via Amavisd during installation. Retrieve the public key:
sudo amavisd-new showkeysCopy the output and add it as a TXT DNS record under dkim._domainkey.yourdomain.com. After DNS propagates, verify the key is working:
sudo amavisd-new testkeysA passing result confirms your outbound mail is being signed correctly.
DMARC Record
DMARC tells receiving servers what to do with mail that fails SPF or DKIM checks. Start with p=quarantine and move to p=reject once you have confirmed legitimate mail is passing:
_dmarc.yourdomain.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@yourdomain.com"The v and p tags must always appear in that exact order per RFC 7489.
Step 7: Harden Your iRedMail Installation
A working mail server is only half the job. A secure one requires a few more steps.
Replace the Self-Signed SSL Certificate
Install Certbot and get a free Let’s Encrypt certificate:
sudo dnf install -y certbot python3-certbot-nginx
sudo certbot --nginx -d mail.yourdomain.comFollow the prompts. Certbot auto-renews the certificate every 90 days.
Verify Fail2Ban Jails
Confirm that Fail2Ban is actively protecting your Postfix, Dovecot, and Roundcube services:
sudo fail2ban-client statusYou should see jails for postfix, dovecot, and roundcube-auth in the active list.
Restrict iRedAdmin Access
Edit the Nginx configuration for iRedAdmin to limit access to your own IP address only. This prevents unauthorized users from reaching the admin panel:
sudo nano /etc/nginx/sites-available/0-iredadmin.confAdd an allow/deny block inside the location block:
allow 203.0.113.0/24;
deny all;Reload Nginx after saving:
sudo systemctl reload nginxBack Up Critical Directories
Set up regular backups for these paths at minimum:
/var/vmail— all mail storage/etc/postfix— Postfix configuration/etc/dovecot— Dovecot configuration- Your database: run
mysqldumpdaily for MariaDB orpg_dumpfor PostgreSQL
Step 8: Test Your Mail Server
Send a Test Email via Roundcube
Log into https://mail.yourdomain.com/mail/ using postmaster@yourdomain.com and the admin password you set during installation. Send a test email to a Gmail or Outlook address and check whether it arrives in the inbox, not spam.
Monitor Mail Logs
Watch the Postfix log in real time to confirm outbound delivery:
sudo tail -f /var/log/maillogLook for lines containing status=sent. That confirms Postfix delivered the message successfully. Any status=bounced or status=deferred lines indicate a delivery problem that needs investigation.
Use External Verification Tools
Run your domain through these two free tools to catch any configuration gaps:
- mail-tester.com — Gives your server a score out of 10 and flags missing DNS records, header issues, and blacklist status
- mxtoolbox.com — Verifies that your MX, SPF, DKIM, and DMARC records are all resolving correctly
A score of 9 or 10 on mail-tester.com means your server is well configured for inbox delivery.
Troubleshooting Common iRedMail Problems on Fedora 43
| Problem | Likely Cause | Fix |
|---|---|---|
| Installer fails during package install | EPEL repository not enabled | Run sudo dnf install -y epel-release then retry |
| Emails consistently land in spam | Missing SPF, DKIM, or DMARC records | Add all three DNS records; re-test on mail-tester.com |
| Cannot connect to webmail on port 443 | Firewall blocking HTTPS | Run sudo firewall-cmd --permanent --add-service=https && sudo firewall-cmd --reload |
| Services fail to start after reboot | SELinux still in enforcing mode | Verify /etc/selinux/config shows SELINUX=disabled and reboot |
| ClamAV crashes or slows the server | Insufficient RAM | Deselect ClamAV during reinstall, or run sudo systemctl disable clamav-daemon |
| Port 25 connection refused from external server | Hosting provider blocking port 25 | Submit a support ticket to your provider to unblock port 25 |
Congratulations! You have successfully installed iRedmail. Thanks for using this tutorial for installing the iRedmail free and open-source mail server on Fedora 43 system. For additional help or useful information, we recommend you check the official iRedmail website.
