Hi guys,

I’m wondering if there is a way to do this when hosting multiple domain’s mail server aliases on a single postfix server.

Since postfix only use’s a single set of SSL keys is it possible not to get a mismatch with a TLSA DANE DNS record check for additional mail domains?


Use a single domain as your mail MX.

Virtualmin is configured in postfix to use domains individually though?

I don’t know what you mean by that.

I simply set the MX in my DNS records and mta-sts to point to a single “master” domain.

All the other domains also get a perfect score at the DANE validator.

Seems to have sorted itself out after the certificates renewed. :+1: :+1:

The same problem has popped up again after LetsEncrypt re-issued a domains certificate. The domains DNS record has not been correctly signed. Issue is apparently as follows:

The issues can be resolved by removing or updating the associated DNS
DANE TLSA records.

See also:


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.