Principal domain as @domain.tld but https://domain.tld not hosted on Yunohost

Context

My domain.tld is a static website I will host at cloudflare but I would like Yunohost to being able to receive the email@domain.tld and also being able to use the XMPP and Matrix service if possible via domain.tld

Does anyone have a similar setup ?

NOTE: For performance and availability purpose I don’t want to redirect the domain via NGINX.`

Potential solution I’m thinking of…

Solution #1: make a 3 domains in Yunohost

Solution #2: Using IP instead of DNS

• Pointing all CNAME, MX and SRV directly to the IP.

Solution #3: Explain your scenario

It seems to me that you could do the following:

• A record for domain.tld points to your cloudflare (for your website)
• MX record for domain.tld points to your yunohost (to receive emails)
• A record for mail.domain.tld points to your yunohost (for your webmail)
• … any additional subdomain you need can point to yunohost

Then you add all domains you need (including domain.tld in the yunohost admin). For simplicity of the mail config, you can make domain.tld the default yunohost domain, but you might encounter issues with the SSO if you do so, so maybe chose another domain as main yunohost domain, and customize postfix and dovecot configs by hand.

The yunohost diagnosis will complain of some things for sure, but you can ignore the warnings and it should still work I think.

(Note that if you use MX record for mail.domain.tld instead of domain.tld, then your yunohost server has no way to receive emails coming to someone@domain.tld, it receives only emails sent to someone@mail.domain.tld.)

If the mail domain you use in yunohost is not your main yunohost domain, these are the two modifications you need to do:

If your main yunohost domain is yuno.domain.tld.

Change in /etc/dovecot/dovecot.conf:

ssl_cert = </etc/yunohost/certs/yuno.domain.tld/crt.pem
ssl_key = </etc/yunohost/certs/yuno.domain.tld/key.pem

to

ssl_cert = </etc/yunohost/certs/domain.tld/crt.pem
ssl_key = </etc/yunohost/certs/domain.tld/key.pem

and in /etc/postfix/main.cf

smtpd_tls_cert_file = /etc/yunohost/certs/yuno.domain.tld/crt.pem
smtpd_tls_key_file = /etc/yunohost/certs/yuno.domain.tld/key.pem

to

smtpd_tls_cert_file = /etc/yunohost/certs/domain.tld/crt.pem
smtpd_tls_key_file = /etc/yunohost/certs/domain.tld/key.pem

and in the same file:

myhostname = yuno.domain.tld
...
mydomain = yuno.domain.tld

into:

myhostname = domain.tld
...
mydomain = domain.tld

and finally run:

sudo service dovecot restart
sudo service postfix restart

Sorry, I’m getting old and have a harder time to understand others

I only have one Yunohost which the authentication (SSO) is under auth.domain.tld
I would like my MX being mail.domain.tld which is also a domain managed by my Yunohost
but I want the address email being user@domain.tld not user@mail.domain.tld.

Where I make it complex is domain.tld DNS entry is not pointing to the Yunohost.
How I could attribute email user@domain.tld while domain.tld has not being added in Yunohost ?

Sorry, I understood you had only one yunohost, but I got confused with the MX records
Yes in fact you’re right, pointing your MX records to mail.domain.tld should work, as long as you have also an A record for mail.domain.tld that points to your yunohost’s IP.
I’m actually having a similar setup that work fine.
Would be something like this:

@ 3600 IN A 98.765.43.210
@ 3600 IN MX 5 mail.domain.tld.
mail 3600 IN A 123.45.67.890

(Where 98.765.43.210 is the IP of your cloudflare server and 123.45.67.890 the one of your yunohost server.)

Then you can add domain.tld as domain from the yunohost admin interface, and use it for the email addresses of users you create.

Also for your emails not to be identified as spam by receiver servers, you’ll probably need to:

• add SPF, DKIM and DMARC records as well
• setup reverse DNS for your yunohost IP pointing to mail.domain.tld

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.