The article is a quick reference for getting an iRedMail mail server up and running on a brand‑new CentOS 8 box without unnecessary detours. It starts with a list of prerequisites such as a clean OS installation, root or sudo privileges, a static IP, and properly configured DNS records before explaining how to temporarily turn off SELinux and open the required SMTP, IMAP, and POP3 ports in the firewall. The guide then walks through installing MariaDB 10.4, creating a dedicated iRedMail database user with full privileges, and running the official installer script that sets up Postfix, Dovecot, Roundcube, and optional Let’s Encrypt certificates. Finally it covers post‑installation tweaks like replacing self‑signed TLS certs, adding DKIM, SPF, and DMARC DNS records, troubleshooting common issues such as relaying errors or queue stalls, and testing the setup with a command‑line mail send to confirm proper delivery.

Deploy iRedMail on CentOS 8 – Quick, Reliable Mail Server Setup

Got a brand‑new CentOS 8 box and want a mail server that actually works? This guide walks you through installing iRedMail step by step, skipping the fluff and getting your inboxes working fast.

Prerequisites & System Prep

1. Fresh install of CentOS 8 – no extra packages should be on it; a clean slate saves headaches later.

2. Root or sudo access – you’ll need to run commands as root.

3. Static IP and proper DNS – make sure A, MX, PTR records are set up, otherwise your outgoing mail will bounce back with “unknown sender” messages.

iRedMail relies heavily on correct DNS for DKIM/SPF checks. A mis‑configured MX means nobody gets your emails.

Disable SELinux and Prepare the Firewall

# Temporarily turn off SELinux (you can set it to permissive in the future)
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
setenforce 0

# Open required ports
firewall-cmd --permanent --add-service=smtp
firewall-cmd --permanent --add-service=imap
firewall-cmd --permanent --add-service=pop3
firewall-cmd --reload

Why? SELinux can silently block mail traffic if you’re not careful, and the default firewall blocks all inbound mail ports. We open them once, then keep the firewall locked down elsewhere.

Install Dependencies & MariaDB

iRedMail needs a MySQL‑compatible engine; we’ll use MariaDB 10.4, which ships nicely with CentOS 8.

dnf install -y epel-release
dnf update -y
dnf groupinstall -y "Development Tools"
dnf install -y mariadb-server mariadb-devel
systemctl enable --now mariadb

Once MariaDB is running, secure it:

mysql_secure_installation

Follow the prompts – set a strong root password, remove anonymous users, disallow remote root login.

Why? A weak or unsecured database means your mail credentials could leak.

Set Up iRedMail Database and User

Open MariaDB:

mysql -u root -p

Create a user for iRedMail to use:

CREATE USER 'iredmail'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON . TO 'iredmail'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;

Why? iRedMail will drop its own tables; it needs a dedicated, fully‑privileged user. A separate account keeps things tidy and makes troubleshooting easier.

Download & Run the Installer Script

cd /opt
wget https://github.com/iredmail/iRedMail/archive/master.zip
unzip master.zip && rm master.zip
cd iRedMail-master

Launch the installer:

sh ./install.sh

During the interactive wizard:

1. Accept defaults unless you have a specific reason to tweak them.

2. Choose “MariaDB” as your database engine and point it to the iredmail user credentials you just created.

3. When asked about Mail server type, pick Postfix + Dovecot – that’s what iRedMail bundles for most setups.

The script will install Postfix, Dovecot, Roundcube webmail, and all the supporting services. It also configures OpenSSL certificates if you have a domain with Let's Encrypt; otherwise it falls back to a self‑signed cert (good enough for local testing).

Why this matters: The installer does most of the heavy lifting – but pay attention to its prompts. A wrong choice here can trip up SPF/DKIM later.

Post‑Installation Tweaks

OpenSSL & TLS

If you let iRedMail generate a self‑signed cert, consider replacing it with a Let’s Encrypt cert:

certbot --apache -d mail.yourdomain.com

Then update /etc/postfix/main.cf and /etc/dovecot/conf.d/10-ssl.conf to point to the new files.

DKIM Signing

iRedMail auto‑generates a DKIM key, but you need to add the TXT record to your DNS:

mail._domainkey.yourdomain.com   IN  TXT   "v=DKIM1; k=rsa; p=YOURKEY"

Why? Without DKIM, many ISPs will flag your mail as spam.

SPF & DMARC

Add these records to your DNS:

yourdomain.com.      IN  TXT  "v=spf1 mx a ip4:YOURIP -all"
_dmarc.yourdomain.com   IN  TXT  "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"

Why? SPF tells receivers you’re allowed to send mail from your IP. DMARC gives you visibility into spoofing attempts.

Common Pitfalls I’ve Seen in Production

• “550 5.7.1 Relaying denied” errors – usually caused by forgetting to add the domain to Postfix’s mydestination or leaving authentication turned off for outbound.
• SMTP bounce with “Connection timed out” – often a firewall rule that didn’t reload after installation.
• Emails stuck in queue – check /var/spool/postfix/queue and run postfix flush. A mis‑configured DNS lookup can stall the queue.

If you hit one of these, double‑check your firewall, DNS records, and Postfix logs (journalctl -u postfix). It’s usually a single line that slipped past.

Testing the Setup

Send a test email from the command line:

echo "Test body" | mail -s "Hello iRedMail" you@yourdomain.com

Check the recipient inbox (Roundcube is available at https://mail.yourdomain.com) to confirm delivery. If it lands in spam, look at the message headers and verify SPF/DKIM.

That’s all there is to it—iRedMail on CentOS 8 done in under an hour if you follow this guide. Now go enjoy a fully functional mail server that actually delivers!