Postfix setup with different domain name, reverse lookup and SPF

dkimdmarcpostfixreverse-dnsspf

I would like to set up Postfix properly to serve multiple virtual domains while complying to all standards and being able to enable security measures like SPF.

The server has the hostname server.domain.tld.
Postfix has mydomain set to domain.tld.
Postfix has myhostname set to server.domain.tld.
Postfix has not set myorigin to anything.
The server is hosting a few dozen virtual domains.
All users have set up mail.tld as incoming and outgoing mail server.
I would like Postfix to act to the outer world as mail.tld.

My first thought was to just set mydomain and myhostname to mail.tld. But it seems, that it is advised, that the reverse lookup of mail.tld should resolve to the host's IP address (https://serverfault.com/a/366391/162258 for example). While I could do that, I am concerned though, that setting up the reverse lookup to mail.tld might lead to problems, when it will be necessary to reverse lookup the host itself.

How can I achieve that Postfix acts as mail.tld and that I will be able to specify mail.tld as MX record and use SPF, DKIM and DMARC with it, while retaining the DNS integrity of the host server.domain.tld?

Best Answer

I have a similar working set up - I'm not using DKIM or DMARC, just SPF for spam fighting.

Here's mine - I set mine up using this as a guide and while I follow it 90% of the way there are a few things I do differently - https://workaround.org/ispmail/jessie

Here's what is in my various files for hostnames. Like you, I'm hosting multiple domains and they all work fine.

Reverse DNS is set to mail.example.com

I get a letsencrypt cert via the standalone method, and specify example.com, mail.example.com, and www.example.com as hosts on it.

/etc/hostname - mailserver ( w/ appropriate mapping to 127.0.0.1 in /etc/hosts) /etc/mailname - mail.example.com

In /etc/postfix/main.cf I have the following references to hostnames or FQDNs -

smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
myhostname = mail.example.com
mydestination = $myhostname, mail.example.com, mailserver, localhost.localdomain, localhost

In my main.cf I pull in the domains to service as well as users and passwords from a mysql database (per the howto I linked above). Once I enter a domain in the proper table and create a user account or alias under it I can work as a mail server (incoming and outgoing) IF the other domain puts mail.example.com in as the highest priority (lowest number) MX record for the domain, and any SPF records they have specify that my mail.example.com is valid for sending - I use the MX record option

example.com. TXT  "v=spf1 a mx ptr ~all"

Clients connect to mail.example.com for Submission (w/ TLS/SSL) and pop3 and/or imap (both with tls/ssl). Works great.

Related Solutions

Postfix uses hostname instead of thehostname

mydomain = example.com
myorigin = $mydomain

By default, the option append_at_myorigin is set to yes, which means that any and all outgoing mail that has no domain component will get the value of myorigin appended.

In your case, that is the domain name, and not the hostname.

Always send mail using fully-qualified addresses, i.e. containing both a localpart and a valid, existing domain/hostname part.

If for some reason you cannot, use one of the methods described in the Address Rewriting Readme

Postfix not sending email from theorigin

Which do you use mailutils or bsd-mailx ?

$ ls -l /etc/alternatives/mail

If the mail command of mailutils, you can specify the sender in the -r option.

$ mail -r user@example.com recipient@address.com

If the mail command of bsd-mailx, $myorigin setting is enabled.

Best Answer

Related Solutions

Postfix uses hostname instead of thehostname

Postfix not sending email from theorigin

Related Topic