Multi domain mail server

1

1

I have to install a MTA on Debian server (postfix or exim). It will serve email for 3 domains. It is not a problem to receive email for multiple domains but I am not sure about sending (SMTP). There is only 1 static IP and the reverse DNS will return one of the domains. AFAIK, to avoid problems with anti-spam filters, the domain in HELO/EHLO SMTP command must match the domain of sender email address. Is there solution for good configuration of this case (MTA for many domains on single IP)?

i486

Posted 2018-12-16T15:04:56.723

Reputation: 163

Answers

1

You have to consider one of your DNS zones (domains) as main/primary. That means that some host for this domain should be resolved in both directions - by IN A as well as by IN PTR records. All the other zones/domains should have the IN MX records pointing to that host as the mailing relay.

I suppose you'll start your own name server instead of using registrar's one.
Here is the part of the bind configuration for the primary/MXrelay domain:

$ORIGIN .
$TTL 3600
yourdomain.tld  IN SOA  ns.yourdomain.tld. root.yourdomain.tld. (
                        2018121001 ; serial
                        30m        ; refresh
                        10m        ; retry
                        2d         ; expire
                        12h        ; minimum
                        )
                IN NS   ns.yourdomain.tld.   ; being NS for itself
                IN NS   ns.registrar.tld.    ; secondary NS
                IN A    333.444.555.666      ; glue record - IP addr of your host
                IN MX   10 yourdomain.tld.   ; trailing dot is mandatory
                IN TXT  "v=spf1 ip4:333.444.555.666 a mx ~all"

$ORIGIN yourdomain.tld.                      ; trailing dot is mandatory
ns              IN A    333.444.555.666      ; IP addr of your host
ns2             IN A    444.555.666.777      ; IP addr of the secondary NS
www             CNAME   yourdomain.tld.      ; will be expanded to the glue record
ftp             CNAME   yourdomain.tld.
m               CNAME   yourdomain.tld.
test            CNAME   yourdomain.tld.
. . . . .

All the other domains should be configured like that:

$ORIGIN .
$TTL 3600
domain2.tld     IN SOA  ns.yourdomain.tld. root.yourdomain.tld. (
                        2018121001 ; serial
                        30m        ; refresh
                        10m        ; retry
                        2d         ; expire
                        12h        ; minimum
                        )
                IN NS   ns.yourdomain.tld.    ; that NS is responsible 
                IN NS   ns.registrar.tld.     ; and this one too
                IN MX   10 yourdomain.tld.    ; this MX is used as primary
                IN TXT  "v=spf1 ip4:333.444.555.666 a mx ~all"

$ORIGIN domain2.tld.                         
www             CNAME   yourdomain.tld.       ; to be resolved into 333.444.555.666
mail            CNAME   yourdomain.tld.       ; ditto
. . . . .

You can start with the single yourdomain.tld and when all the things become fine you can add all the rest domains.

After all you'll get the single host that performs as MTA for all your domains and is properly recognized by all other services like google. Sure for best performance you have to setup DKIM/DMARC too but you can start from the minimal setup.

Kondybas

Posted 2018-12-16T15:04:56.723

Reputation: 499

Thanks for the interesting information. Is there official document/manual or RFC for such configuration? – i486 – 2018-12-21T18:29:59.710

That is the standard approach that need no additional RFCs. In fact proposed configuration is the typical setup with relay in the DMZ and internal MTAs on the localnet but everything is hosted on the same host. – Kondybas – 2018-12-21T19:26:57.393

Asked: 2018-12-16T15:04:56.723

Viewed: 441 times

Active: 2018-12-16T15:46:50.737