I’m wondering if there is a way to do this when hosting multiple domain’s mail server aliases on a single postfix server.
Since postfix only use’s a single set of SSL keys is it possible not to get a mismatch with a TLSA DANE DNS record check for additional mail domains?
Use a single domain as your mail MX.
Virtualmin is configured in postfix to use domains individually though?
I don’t know what you mean by that.
I simply set the MX in my DNS records and mta-sts to point to a single “master” domain.
All the other domains also get a perfect score at the DANE validator.
Seems to have sorted itself out after the certificates renewed.
The same problem has popped up again after LetsEncrypt re-issued a domains certificate. The domains DNS record has not been correctly signed. Issue is apparently as follows:
The issues can be resolved by removing or updating the associated DNS
DANE TLSA records.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.