On Wed, Aug 19, 2015 at 2:26 AM, L.P.H. van Belle <be...@bazuin.nl> wrote: >>>> Okay, I assume then that this should be the only PTR record: >>>> >>>> 4.3.2.1.in-addr.arpa. IN PTR B.tld. >>> >>> Yes. Provided of course B.tld is The One True Hostname for >>your server. >> >>It is! > > No, imo, it is not.. and this setup can be better i think. > read on.. > > A hostname is not a domain name, and best is not to mixup this. > as per example. > The server name is core.primary-domain.tld
Yes, you are correct! > for postfix in master.cf > myhostname = core.primary-domain.tld > smtpd_banner = mail.primary-domain.tld ready > > core.primary-domain.tld has an A and PTR record. (the real and only hostname > of the server) Okay, good. > mail.primary-domain.tld has an A record and is not a CNAME. ( = the helo > hostname ) You are correct! CNAME should be an alias and mail.* is not an alias (as opposed to www.*) > And the MX point to mail.primary-domain.tld > All virtual domains point the MX to mail.primary-domain.tld > > and in this case mail and core have the same IP, but depending on the setup, > this can be split up very easy over multiple servers, without change-ing > anything in my postfix setup, > i just move domains to other servers, and change dns MX record. ( and if > needed the SPF record ) > > an SPF setup is now very easy, like : > TXT "v=spf1 mx -all" > or > TXT "v=spf1 mx ptr -all" > or > and here is where the A record for mail is handy.. > TXT "v=spf1 mx a -all" > This is not possible with a CNAME Good point. > > Why not use-ing domain.tld to and mail cnames.. > ehlo hostname must be A record, and correct me if im wrong. Okay. > what happens if you set the smtpd_helo_restrictions with > reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, > reject_unknown_helo_hostname, > > and what people often forget, is the setup of the webserver. > For a webserver, the best is to set the domain.tld and www.domain.tld to the > same virtual for the webserver, > but this is not possible if you have your webserver and your mail server on 2 > different machines. > and a certificate these days have domain.tld and subdomain.domain.tld in 1 > certificate. > > there are more reasons to not use the CNAME setup.. > but all above is just a suggestion. Thanks so much, Louis. Taking your suggestions I have changed my setup to: # the web server virtual domains (A..Z) X.TLD. IN A 142.54.186.2 www.X.TLD. IN CNAME X.TLD. X.TLD. IN MX 10 mail.B.TLD. # only for B.TLD (the mail server in the "real" Postfix domain): mail.B.TLD. IN A 142.54.186.2 2.186.54.142.in-addr.arpa. IN PTR B.TLD. Does that look better (the only difference from your comments I believe is I am using 'mail' instead of 'core' for the server name since ALL is on one real host)? Best regards, -Tom