1 Topic by iRedDale (edited by iRedDale 2018-07-23 08:08:38)

  • iRedDale
  • Member
  • Offline
  • Registered: 2016-07-23
  • Posts: 45

Topic: DNS and additional domains

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 098
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Not so much an error, but I'm trying to get a better grasp on how the various bits of DNS interact with multiple domains in iRedMail on a single server.

I have 5 static IP addresses where I control the PTR records.  I have three domains, and of those three two of I have the .net, .org and .us complementary domains of the same names.

I setup PTR records that point to the three .com domains, no host names.
I set up one PTR record that points to the host that will be the iRedmail server -- mail.domain1.com and the host that will be the main web server for anything non mail related -- www.domain1.com.

I already had have pfSense configured as my firewall with domain2 as the primary domain in the LAN.
I can change that if I have to, but I think if I do it this way it will help strengthen my overall understanding.  If I can.

I have created a DMZ, created the 1:1 NAT for the IredMail server, installed the Iredmail server and added the appropriate search domains everywhere so that everything resolves properly everywhere. 

SPF record in DNS for doamin1 is "v=spf1 mx mx:domain1.com -all" and the DKIM key is the output of the amvisd-new showkeys command.  amavisd-new testkeys shows a pass result.

I don't have let's encrypt certificates yet...

Where I immediately get off in the weeds is what to do for the additional domains.

Could anyone point me at a tutorial on how to do that or maybe some functional examples?
What I have found so far has been a bit vague or at least enough over my head to make sense.


==========================

Edit:  I'm not even making any sense with then?
Two shorter questions then:
SPF DNS records:
Should the primary domain SPF record have all the domain listed, and all the other domains only have an MX record that list the mail server name of the primary domain? 

How to deal with postfix rejections of mail being sent from those domains from private non-routable networks behind the firewall?  Nothing in Iredmail seems to affect that at all.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: DNS and additional domains

iRedDale wrote:

Should the primary domain SPF record have all the domain listed, and all the other domains only have an MX record that list the mail server name of the primary domain? 

- Each mail domain should have its own A/MX/SPF records.
- For SPF, it should contain the mail servers which are allowed to send email as that domain.

For more details, please check our tutorial:
https://docs.iredmail.org/setup.dns.html

iRedDale wrote:

How to deal with postfix rejections of mail being sent from those domains from private non-routable networks behind the firewall?  Nothing in Iredmail seems to affect that at all.

1: nothing you need to do. emails will be sent to your mail server if you have correct DNS records. but email will go to the public IP address instead.
2: To avoid going to public IP address, you need to setup a internal DNS server for these servers behind same firewall, so that all machines can know the mail server is an IP address in LAN. Or update /etc/hosts on all machines to map mail server to a local/private ip address.