Setting Up an Email Server for Multiple Subdomains (on Digital Ocean)
Why would someone setup an email server when there is Gmail?
As such, I set up an email server on the same $5 Digital Ocean instance I have been using.
I referred to the guide, with some corrections and enhancements, especially on the iRedMail host names and SSL.
To setup a mail server for my new domain name wahhh.com.
It is good practise to setup an email server on a seperate subdomain such as
Setup DNS Server
I am using Namecheap nameserver, and so I configure the records as such:
mail > 22.214.171.124
@ > mail.wahhh.com app1 > mail.wahhh.com app2 > mail.wahhh.com
An example of how the configuration will work:
An email to email@example.com will use the first MX Record (@ means nothing), which points to the host name
mail.wahhh.com, which the A Record points to my actual IP address. At the IP address is where the mail server will be installed.
iRedMail is a bundle of various technologies such as Postfix, Dovecot and Roundcube. A bundle makes the installation much much easier.
Find out the latest version (0.8.7 is latest in Jul 2014) and install accordingly:
1 2 3
Follow through the GUI installer.
Restart your droplet.
There are 2 TXT Records to add.
Firstly, add for DKIM, which is found in
/root/iRedMail-0.8.7/iRedMail.tips. You might need to concatenate the strings.
The TXT Record looks like the following (must have the quotes):
Add another one for SPF, which includes your IP address:
1 2 3
Adding Virtual Domains and Users
You can also add more virtual domains. For example, if you have a new okloh.com, you can add the virtual domain. In addition, you have to configure the A/MX/TXT records similarly for okloh.com.
For email server, you really should have a SSL cert.
So, I followed Ars guide on creating the StartCom SSL key and cert, then Digital Ocean guide to setup Apache.
Register at StartCom
Enter real identity and wait for approval
Validation Wizard > Verify for your domain eg wahhh.com
Certificate Wizard > Web Server SSL > 4096 keysize, SHA2 (SHA1 if takes forever) > Continue and wait for a minute..
Save the private key as
Continue > Select your domain > Add “mail.wahhh.com” as the sub domain (only 1 sub domain for this free SSL). Wait for their approval, then retrieve the certificate.
SSH into your mail server.
nano mail-wahhh.keyand paste your private key
nano mail-wahhh.pemand paste your certificate
wget https://www.startssl.com/certs/sub.class1.server.ca.pemto download their intermediate CA Cert
cat mail-wahhh.pem sub.class1.server.ca.pem > mail-wahhh-chain.pemto concat and create a chain cert
openssl rsa -in mail-wahhh.key -out mail-wahhh-decrypted.key> enter your private key password
chown root:root mail-wahhh*and
chmod 400 mail-wahhh*to make sure this file is only accessible by root
nano /etc/apache2/sites-available/default-ssl.conf> Edit the key and cert path
SSLCertificateFile /etc/ssl/private/mail-wahhh-chain.pem SSLCertificateKeyFile /etc/ssl/private/mail-wahhh-decrypted.key
service apache2 restart
That’s it! You have now secured https://mail.wahhh.com (my fictional URL!).