Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changing DOMAIN doesn't work #747

MarekSuchanek opened this issue Dec 15, 2018 · 2 comments

Changing DOMAIN doesn't work #747

MarekSuchanek opened this issue Dec 15, 2018 · 2 comments


Copy link

@MarekSuchanek MarekSuchanek commented Dec 15, 2018

I use Mailu 1.5 and I changed DOMAIN in .env but only change visible is for DNS DMARC, suggested MX and SPF remains for the old domain...

I used Mailu for single domain domain1.tld used in DOMAIN and HOSTNAMES. Now I want new primary domain domain2.tld but have the mail server on mail.domain2.tld. So i changed the .env:


and then docker-compose down + docker-compose up -d, but it won't get new certificate with TLS_FLAVOR=letsencrypt (still has cert for domain1.tld) and suggests domain1.tld for MX and SPF.

What else needs to be done to get it working correctly?

Thanks in advance for any advice...

@muhlemmer muhlemmer self-assigned this Dec 15, 2018
Copy link

@muhlemmer muhlemmer commented Dec 15, 2018

DOMAIN is the main mail domain. Aka, server identification for outgoing mail. DMARC reports point to POSTMASTER@DOMAIN. These are really the only things it is used for. You don't need a cert for DOMAIN, as it is a mail domain only and not used as host in any sense. However, it is usual that DOMAIN gets setup as one of the many mail domains. None of the mail domains ever need a certificate. TLS certificates work on host connection level only.

HOSTNAMES however, can be used to connect to the server. All host names supplied in this variable will need a certificate. When TLS_FLAVOR=letsencrypt is set, then a certificate is requested automatically for all those domains.

So when you have something like this:
  • You'll end up with a DMARC address to`.
  • Server identifies itself as the SMTP server of when sending mail. Make sure your reverse DNS hostname is part of that domain!
  • Your server will have certificates for the 3 hostnames. You will need to create A and AAAA records for those names, pointing to the IP addresses of your server. Note that is this example your server will not be reachable on
  • You'll get MX and SPF examples which point to the first entry of HOSTNAMES but these are only examples. You can modify them to use any other HOSTNAMES entry.

You're mail service will be reachable for IMAP, POP3, SMTP and Webmail at the addresses:


However, is not reachable and will not have a certificate. If you would want that, include it in HOSTNAMES.

Since this lead to confusion to more users, I will include the above text in the documentation.

Copy link

@MarekSuchanek MarekSuchanek commented Dec 16, 2018

Thank you @muhlemmer , very much for clarification...

So it is correct when I have config like this:

and I set DNS: MX 10 599 IN TXT "v=spf1 mx -all" MX 10 599 IN TXT "v=spf1 mx -all"

When I use reverse lookup on IP A.B.C.D that is used for A records for, and, it should return

Then I can use emails with both and - it shouldn't end up in spam?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants