Mail server: domain/sub-domain question

decentral1se · July 24, 2019, 9:29am

Sorry to drag you all into another “mail server 101”!

My YunoHost server

Hardware: Second hand HP Pro 3330 4gb RAM
YunoHost version: 3.6.4
I have access to my server : SSH, webadmin, directly via screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : No. Nothing beyond the defaults / following standard documentation.

Description of my issue

I have a foo.com domain registered with Gandi DNS. I’ve setup Yunohost to be accessible on the members.foo.com sub-domain (A record). I intend to use foo.com for the main website (a _ynh package of some sort).

I would like to have users have their email addresses on user@foo.com and not user@members.foo.com. However, my main domain for Yunohost (used at post-install time) is the members.foo.com domain.

So, I am wondering, can I choose members.foo.com at post-install time, as I have done and then still configure my DNS records to use foo.com as the main email domain? What should I keep in mind for this?

I was unsure because yunohost domain dns-conf foo.com and yunohost domain dns-conf members.foo.com are giving me very different configurations: members.foo.com gives me all the DKIM/DMARC/SPF stuff.

PS

The https://yunohost.org/#/dns_config documentation is helpful! But: “For specific needs or specific setups, and if you know what you’re doing, you might want or have to tweak these or add additional ones (e.g. to handle subdomains).” can hopefully be expanded. I think it’s a pretty standard need to allow for a “mail.foo.com” or whatever when setting up a Yunohost. I will try to do this as my understanding improves.

decentral1se · July 24, 2019, 10:20am

Huh, does the:

mail._domainkey 3600 IN TXT "v=DKIM1; k=rsa; p=someHuuuuuuugeKey"

Mean that you should have a “mail.foo.com” A record setup (because mail._domainkey)?

decentral1se · July 24, 2019, 1:38pm

OK, I managed to get my 10/10 rating …

Here’s my Gandi DNS text entry (amended some details …):

* 1800 IN A {IP}
@ 1800 IN A {IP}
@ 1800 IN CAA 128 issue "letsencrypt.org"
@ 1800 IN MX 10 mail.foo.com.
@ 1800 IN TXT "v=spf1 a mx ip4:{IP} -all"
_dmarc 1800 IN TXT "v=DMARC1; p=none"
_xmpp-client._tcp 1800 IN SRV 0 5 5222 xmpp.foo.com.
_xmpp-server._tcp 1800 IN SRV 0 5 5269 xmpp.foo.com.
login 1800 IN A {IP}
mail 1800 IN A {IP}
mail._domainkey 1800 IN TXT "v=DKIM1; h=sha256; k=rsa; p={KEY}"
muc 1800 IN CNAME @
pubsub 1800 IN CNAME @
vjud 1800 IN CNAME @
xmpp 1800 IN A {IP}

Where login.foo.com is my yunohost admin/sso login domain. I’ve got login.foo.com, mail.foo.com, xmpp.foo.com etc. registered as domains with lets encrypt certifications in the yunohost admin.

The PTR record remains a bit of a mystery but I’ve got a guess for it

Hopefully this helps someone! I’ll try to submit a documentation patch …

system · August 8, 2019, 1:38pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.