New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changing DOMAIN doesn't work #747

Closed
MarekSuchanek opened this Issue Dec 15, 2018 · 2 comments

Comments

2 participants
@MarekSuchanek
Copy link

MarekSuchanek commented Dec 15, 2018

I use Mailu 1.5 and I changed DOMAIN in .env but only change visible is for DNS DMARC, suggested MX and SPF remains for the old domain...

I used Mailu for single domain domain1.tld used in DOMAIN and HOSTNAMES. Now I want new primary domain domain2.tld but have the mail server on mail.domain2.tld. So i changed the .env:

DOMAIN=mail.domain2.tld
HOSTNAMES=domain1.tld,domain2.tld

and then docker-compose down + docker-compose up -d, but it won't get new certificate with TLS_FLAVOR=letsencrypt (still has cert for domain1.tld) and suggests domain1.tld for MX and SPF.

What else needs to be done to get it working correctly?

Thanks in advance for any advice...

@muhlemmer muhlemmer self-assigned this Dec 15, 2018

@muhlemmer

This comment has been minimized.

Copy link
Member

muhlemmer commented Dec 15, 2018

DOMAIN is the main mail domain. Aka, server identification for outgoing mail. DMARC reports point to POSTMASTER@DOMAIN. These are really the only things it is used for. You don't need a cert for DOMAIN, as it is a mail domain only and not used as host in any sense. However, it is usual that DOMAIN gets setup as one of the many mail domains. None of the mail domains ever need a certificate. TLS certificates work on host connection level only.

HOSTNAMES however, can be used to connect to the server. All host names supplied in this variable will need a certificate. When TLS_FLAVOR=letsencrypt is set, then a certificate is requested automatically for all those domains.

So when you have something like this:

DOMAIN=example.com
POSTMASTER=me
HOSTNAMES=mail.example.com,mail.foo.com,bar.com
TLS_FLAVOR=letsencrypt
  • You'll end up with a DMARC address to me@example.com`.
  • Server identifies itself as the SMTP server of @example.com when sending mail. Make sure your reverse DNS hostname is part of that domain!
  • Your server will have certificates for the 3 hostnames. You will need to create A and AAAA records for those names, pointing to the IP addresses of your server. Note that is this example your server will not be reachable on example.com.
  • You'll get MX and SPF examples which point to the first entry of HOSTNAMES but these are only examples. You can modify them to use any other HOSTNAMES entry.

You're mail service will be reachable for IMAP, POP3, SMTP and Webmail at the addresses:

  • mail.example.com
  • mail.foo.com
  • bar.com

However, example.com is not reachable and will not have a certificate. If you would want that, include it in HOSTNAMES.

Since this lead to confusion to more users, I will include the above text in the documentation.

@MarekSuchanek

This comment has been minimized.

Copy link
Author

MarekSuchanek commented Dec 16, 2018

Thank you @muhlemmer , very much for clarification...

So it is correct when I have config like this:

DOMAIN=our-server.hosting.com
POSTMASTER=me
HOSTNAMES=foo.com,bar.com
TLS_FLAVOR=letsencrypt

and I set DNS:

foo.com. MX 10 foo.com.
foo.com. 599 IN TXT "v=spf1 mx a:foo.com -all"
bar.com. MX 10 bar.com.
bar.com. 599 IN TXT "v=spf1 mx a:bar.com -all"
  • DKIM & DMARC.

When I use reverse lookup on IP A.B.C.D that is used for A records for foo.com, bar.com and our-server.hosting.com, it should return our-server.hosting.com?

Then I can use emails with both user@foo.com and user@bar.com - it shouldn't end up in spam?

@muhlemmer muhlemmer added this to the 1.6 milestone Dec 18, 2018

@muhlemmer muhlemmer closed this in 4c7cdeb Jan 2, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment