Hi guys,
I’m wondering if there is a way to do this when hosting multiple domain’s mail server aliases on a single postfix server.
Since postfix only use’s a single set of SSL keys is it possible not to get a mismatch with a TLSA DANE DNS record check for additional mail domains?
Cheers
Use a single domain as your mail MX.
Virtualmin is configured in postfix to use domains individually though?
I don’t know what you mean by that.
I simply set the MX in my DNS records and mta-sts to point to a single “master” domain.
All the other domains also get a perfect score at the DANE validator.
Seems to have sorted itself out after the certificates renewed. 
The same problem has popped up again after LetsEncrypt re-issued a domains certificate. The domains DNS record has not been correctly signed. Issue is apparently as follows:
The issues can be resolved by removing or updating the associated DNS
DANE TLSA records.
See also:
https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022/17
https://mail.sys4.de/pipermail/dane-users/2018-February/000440.html
Thx
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.