1

Topic: MX records, SPF/DKIM and virtual domains...

I have some problem receiving mails... Before boring all of you with long lists of logfiles, I have some doubts...

What's the right configuration of MX records for virtual domains?
Is it better to point every MX record to the public IP address of the server or to the same hostname used for main domain's MX record (e.g. mail.maindomain.com)?
I'm using the first way at now, but I'm starting to feel that I missed something... for example, do I need to add the same SPF and DKIM entries in every domains' DNS zone? I added these entries only in the main domain DNS zone and all clients use imap.maindomain.com/smtp.maindomain.com even if they have a mailbox under firstvirtualdomain.com... But lots of mails do not arrive. And I have no entry into /var/log/maillog for the sender address...

Thank you again...

2

Re: MX records, SPF/DKIM and virtual domains...

recommend point the mx record to A record.

the spf record also suggest use the A record.

http://code.google.com/p/iredmail/wiki/DNS_SPF

3 (edited by Rashef 2009-06-17 16:15:56)

Re: MX records, SPF/DKIM and virtual domains...

shake wrote:

recommend point the mx record to A record.

Oh yes, I didn't specify but I I pointed the MX record to a (A)HOST. And users point to imap.domain.com/smtp.domain.com which are CNAME of that (A)HOST.

And I pointed the MX record of all virtual domains each to a (A)HOST linked to the same external IP of the mailserver.

4

Re: MX records, SPF/DKIM and virtual domains...

the email client, the user name must be www@domain.com  or www@maindomain.com

if you have the multi domian.

5 (edited by Rashef 2009-06-17 18:19:23)

Re: MX records, SPF/DKIM and virtual domains...

shake wrote:

the email client, the user name must be www@domain.com  or www@maindomain.com

if you have the multi domian.

Do you mean that if I have more then one domain

domain1.com (domain of the server)
domain2.com (virtual domain on postfix)
domain3.com (virtual domain on postfix)

all users must authenticate as user@domain1.com even if the mailbox is on domain2.com?
At now every user is able to authenticate with his own mail address (real mailbox, not alias).

6

Re: MX records, SPF/DKIM and virtual domains...

no, my mean is

if the mailbox is on domain2.com , user@domain2.com
if the mailbox is on domain3.com,  user@domain3.com



the spf setting is different.


domain3.com.           3600    IN      TXT     "v=spf1 mx mx:mail.domain3.com -all"
domain2.com.           3600    IN      TXT     "v=spf1 mx mx:mail.domain2.com -all"

7 (edited by Rashef 2009-06-17 18:36:51)

Re: MX records, SPF/DKIM and virtual domains...

shake wrote:

no, my mean is

if the mailbox is on domain2.com , user@domain2.com
if the mailbox is on domain3.com,  user@domain3.com

Ok, this match my settings...

the spf setting is different.


domain3.com.           3600    IN      TXT     "v=spf1 mx mx:mail.domain3.com -all"
domain2.com.           3600    IN      TXT     "v=spf1 mx mx:mail.domain2.com -all"

Ok, I think I missed this one. Has this to be set even if users are using the same host of main server?
I mean that both user@domain1.com and user@domain2.com are using smtp.domain1.com to send mail... is this wrong?

8 (edited by Rashef 2009-06-17 19:07:24)

Re: MX records, SPF/DKIM and virtual domains...

What's more if I set:

domain2.com.           3600    IN      TXT     "v=spf1 mx mx:mail.domain2.com -all"
domain2.com.           399      IN      MX      0      mail.domain2.com.
mail                        399      IN      A         <my_public_ip>

I can read in my outgoing mails' header:
Received-SPF: fail (receiverdomain.com: domain of user@domain2.com does not designate <my_public_ip> as permitted sender) client-ip=<my_public_ip>;

This is why I previously set

domain2.com.           3600    IN      TXT     "v=spf1 ip4:<my_public_ip> -all"

9

Re: MX records, SPF/DKIM and virtual domains...

The last... I swear!!! :-P
What about DKIM entry? Do I need to repeat it in every domain DNS config? Is the main domain enough?

10

Re: MX records, SPF/DKIM and virtual domains...

Rashef wrote:

What about DKIM entry? Do I need to repeat it in every domain DNS config? Is the main domain enough?

You can use a 'catch-all' DKIM for all domains, so that you don't need to create & maintain dkim keys, DNS records for each domains.

Open /etc/amavisd.conf and read dkim related settings.