>>> Okay, I assume then that this should be the only PTR record: >>> >>> 4.3.2.1.in-addr.arpa. IN PTR B.tld. >> >> Yes. Provided of course B.tld is The One True Hostname for >your server. > >It is!
No, imo, it is not.. and this setup can be better i think. read on.. A hostname is not a domain name, and best is not to mixup this. as per example. The server name is core.primary-domain.tld for postfix in master.cf myhostname = core.primary-domain.tld smtpd_banner = mail.primary-domain.tld ready core.primary-domain.tld has an A and PTR record. (the real and only hostname of the server) mail.primary-domain.tld has an A record and is not a CNAME. ( = the helo hostname ) And the MX point to mail.primary-domain.tld All virtual domains point the MX to mail.primary-domain.tld and in this case mail and core have the same IP, but depending on the setup, this can be split up very easy over multiple servers, without change-ing anything in my postfix setup, i just move domains to other servers, and change dns MX record. ( and if needed the SPF record ) an SPF setup is now very easy, like : TXT "v=spf1 mx -all" or TXT "v=spf1 mx ptr -all" or and here is where the A record for mail is handy.. TXT "v=spf1 mx a -all" This is not possible with a CNAME Why not use-ing domain.tld to and mail cnames.. ehlo hostname must be A record, and correct me if im wrong. what happens if you set the smtpd_helo_restrictions with reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, and what people often forget, is the setup of the webserver. For a webserver, the best is to set the domain.tld and www.domain.tld to the same virtual for the webserver, but this is not possible if you have your webserver and your mail server on 2 different machines. and a certificate these days have domain.tld and subdomain.domain.tld in 1 certificate. there are more reasons to not use the CNAME setup.. but all above is just a suggestion. Greetz, Louis >-----Oorspronkelijk bericht----- >Van: tom.brow...@gmail.com >[mailto:owner-postfix-us...@postfix.org] Namens Tom Browder >Verzonden: dinsdag 18 augustus 2015 23:35 >Aan: Jim Reid >CC: postfix users >Onderwerp: Re: Postfix and Mailman 2 virtual alias domain integration > >On Tue, Aug 18, 2015 at 4:22 PM, Jim Reid <j...@rfc1035.com> wrote: >> >> On 18 Aug 2015, at 22:06, Tom Browder <tom.brow...@gmail.com> wrote: >> >>> Okay, I assume then that this should be the only PTR record: >>> >>> 4.3.2.1.in-addr.arpa. IN PTR B.tld. >> >> Yes. Provided of course B.tld is The One True Hostname for >your server. > >It is! > >> BTW, you will get on a lot better if your postings used the actual >> IP addresses and domain names rather than hide these behind >> nonsense like B.tld and 1.2.3.4. Obscuring this information >> helps nobody, especially yourself. > >Good point, but I'm not trying to obscure anything. I am using the >"nonsense" names because I'm trying to emphasize the generality of the >solution to a very common setup for many users. The chosen IP of >1.2.3.4 is easy to type and is easy to see when it's been reversed. > >If anyone is interested, my current IP address which I use for all my >domains is 142.54.186.2 but I don't have a working mail server there >yet (I'm in the process of transferring it from my old server and want >to have a more robust setup than before--this is all prep work). > >Thanks for all the help, Jim. I'm sure I'll be back later for more >help on tightening up my mail server's security. > >Best regards, > >-Tom > >
