Tuesday, 12 June 2018

linux - Multi domain mail server


I have to install a MTA on Debian server (postfix or exim). It will serve email for 3 domains. It is not a problem to receive email for multiple domains but I am not sure about sending (SMTP). There is only 1 static IP and the reverse DNS will return one of the domains. AFAIK, to avoid problems with anti-spam filters, the domain in HELO/EHLO SMTP command must match the domain of sender email address. Is there solution for good configuration of this case (MTA for many domains on single IP)?



Answer



You have to consider one of your DNS zones (domains) as main/primary. That means that some host for this domain should be resolved in both directions - by IN A as well as by IN PTR records. All the other zones/domains should have the IN MX records pointing to that host as the mailing relay.


I suppose you'll start your own name server instead of using registrar's one.
Here is the part of the bind configuration for the primary/MXrelay domain:


$ORIGIN .
$TTL 3600
yourdomain.tld  IN SOA  ns.yourdomain.tld. root.yourdomain.tld. (
                        2018121001 ; serial
                        30m        ; refresh
                        10m        ; retry
                        2d         ; expire
                        12h        ; minimum
                        )
                IN NS   ns.yourdomain.tld.   ; being NS for itself
                IN NS   ns.registrar.tld.    ; secondary NS
                IN A    333.444.555.666      ; glue record - IP addr of your host
                IN MX   10 yourdomain.tld.   ; trailing dot is mandatory
                IN TXT  "v=spf1 ip4:333.444.555.666 a mx ~all"

$ORIGIN yourdomain.tld.                      ; trailing dot is mandatory
ns              IN A    333.444.555.666      ; IP addr of your host
ns2             IN A    444.555.666.777      ; IP addr of the secondary NS
www             CNAME   yourdomain.tld.      ; will be expanded to the glue record
ftp             CNAME   yourdomain.tld.
m               CNAME   yourdomain.tld.
test            CNAME   yourdomain.tld.
. . . . .

All the other domains should be configured like that:


$ORIGIN .
$TTL 3600
domain2.tld     IN SOA  ns.yourdomain.tld. root.yourdomain.tld. (
                        2018121001 ; serial
                        30m        ; refresh
                        10m        ; retry
                        2d         ; expire
                        12h        ; minimum
                        )
                IN NS   ns.yourdomain.tld.    ; that NS is responsible 
                IN NS   ns.registrar.tld.     ; and this one too
                IN MX   10 yourdomain.tld.    ; this MX is used as primary
                IN TXT  "v=spf1 ip4:333.444.555.666 a mx ~all"

$ORIGIN domain2.tld.                         
www             CNAME   yourdomain.tld.       ; to be resolved into 333.444.555.666
mail            CNAME   yourdomain.tld.       ; ditto
. . . . .

You can start with the single yourdomain.tld and when all the things become fine you can add all the rest domains.


After all you'll get the single host that performs as MTA for all your domains and is properly recognized by all other services like google. Sure for best performance you have to setup DKIM/DMARC too but you can start from the minimal setup.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...