1cloud
March 25, 2021, 12:48pm
1
Hi guys,
I’m wondering if there is a way to do this when hosting multiple domain’s mail server aliases on a single postfix server.
Since postfix only use’s a single set of SSL keys is it possible not to get a mismatch with a TLSA DANE DNS record check for additional mail domains?
Cheers
Cor
May 14, 2021, 5:27pm
2
Use a single domain as your mail MX.
Virtualmin is configured in postfix to use domains individually though?
Cor
May 14, 2021, 9:36pm
4
I don’t know what you mean by that.
I simply set the MX in my DNS records and mta-sts to point to a single “master” domain.
All the other domains also get a perfect score at the DANE validator.
1cloud
June 12, 2021, 8:39am
5
Seems to have sorted itself out after the certificates renewed.
1cloud
August 7, 2021, 9:42am
6
The same problem has popped up again after LetsEncrypt re-issued a domains certificate. The domains DNS record has not been correctly signed. Issue is apparently as follows:
The issues can be resolved by removing or updating the associated DNS
DANE TLSA records.
See also:
https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022/17
https://mail.sys4.de/pipermail/dane-users/2018-February/000440.html
Thx
system
Closed
October 6, 2021, 9:42am
7
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.