Setting Up an Email Server for Multiple Subdomains (on Digital Ocean)
Why would someone setup an email server when there is Gmail?
The reasons are plenty: Gmail (or Google Apps) for Business is no longer free. Outlook support for custom domains is no longer free. And why store your most important data on someone else server?
As such, I set up an email server on the same $5 Digital Ocean instance I have been using.
I referred to the guide, with some corrections and enhancements, especially on the iRedMail host names and SSL.
My Objective
To setup a mail server for my new domain name wahhh.com.
I have these subdomains and want to create these 3 emails: support@app1.wahhh.com , support@app2.wahhh.com , and also admin@wahhh.com
It is good practise to setup an email server on a seperate subdomain such as mail.wahhh.com
Setup DNS Server
I am using Namecheap nameserver, and so I configure the records as such:
A Record
mail > 128.123.213.132
MX Records
@ > mail.wahhh.com
app1 > mail.wahhh.com
app2 > mail.wahhh.com
An example of how the configuration will work:
An email to admin@wahhh.com will use the first MX Record (@ means nothing), which points to the host name mail.wahhh.com, which the A Record points to my actual IP address. At the IP address is where the mail server will be installed.
Installing iRedMail
iRedMail is a bundle of various technologies such as Postfix, Dovecot and Roundcube. A bundle makes the installation much much easier.
Find out the latest version (0.8.7 is latest in Jul 2014) and install accordingly:
1 2 3 | |
Follow through the GUI installer.
Restart your droplet.
TXT Records
There are 2 TXT Records to add.
Firstly, add for DKIM, which is found in /root/iRedMail-0.8.7/iRedMail.tips. You might need to concatenate the strings.
The TXT Record looks like the following (must have the quotes):
1
| |
Add another one for SPF, which includes your IP address:
1 2 3 | |
Adding Virtual Domains and Users
At this point, you can use the iRedAdmin website to add users to your virtual domain. eg. user1@wahhh.com , user2@wahhh.com , support@app1.wahhh.com , etc
You can also add more virtual domains. For example, if you have a new okloh.com, you can add the virtual domain. In addition, you have to configure the A/MX/TXT records similarly for okloh.com.
SSL Cert
For email server, you really should have a SSL cert.
I use StartCom, as mentioned in ArsTechnica, which provides a FREE class 1 SSL. The steps are pretty lenthy from Ars, but they are not for iRedMail.
So, I followed Ars guide on creating the StartCom SSL key and cert, then Digital Ocean guide to setup Apache.
The steps:
Register at StartCom
Enter real identity and wait for approval
Validation Wizard > Verify for your domain eg wahhh.com
Certificate Wizard > Web Server SSL > 4096 keysize, SHA2 (SHA1 if takes forever) > Continue and wait for a minute..
Save the private key as
mail-wahhh.keyContinue > Select your domain > Add “mail.wahhh.com” as the sub domain (only 1 sub domain for this free SSL). Wait for their approval, then retrieve the certificate.
SSH into your mail server.
cd /etc/ssl/privatenano mail-wahhh.keyand paste your private keynano mail-wahhh.pemand paste your certificatewget https://www.startssl.com/certs/sub.class1.server.ca.pemto download their intermediate CA Certcat mail-wahhh.pem sub.class1.server.ca.pem > mail-wahhh-chain.pemto concat and create a chain certopenssl rsa -in mail-wahhh.key -out mail-wahhh-decrypted.key> enter your private key passwordchown root:root mail-wahhh*andchmod 400 mail-wahhh*to make sure this file is only accessible by rootnano /etc/apache2/sites-available/default-ssl.conf> Edit the key and cert pathSSLCertificateFile /etc/ssl/private/mail-wahhh-chain.pem SSLCertificateKeyFile /etc/ssl/private/mail-wahhh-decrypted.keyservice apache2 restart
That’s it! You have now secured https://mail.wahhh.com (my fictional URL!).