How to Host Multiple Domains in Modoboa Mail Server

This tutorial will be showing you how to set up multiple email domains (virtual hosting) with Modoboa, which is an easy-to-use and open-source mail hosting solution. To follow this tutorial, it’s assumed that you have already set up a Modoboa mail server with one domain name.

What You Need to Do

If you want to host multiple mail domains, then you need to

  • Add a new mail domain and user in the Modoboa admin panel.
  • Create MX, A, SPF, DKIM and DMARC records for the new mail domain.
  • Set up Webmail, Postfix and Dovecot for multiple domains

PTR record is used to check if the sender’s IP address matches the HELO hostname. You don’t need to add another PTR record when adding a new mail domain.

Step 1: Adding Additional Domains in Modoboa Admin Panel

Log into the Modoboa admin panel with the admin account. (https://mail.your-domain.com/admin) Then go to Domains tab and click Add button to add a new domain.

modoboa multiple domains

Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector filed, you can enter a random word like modoboa.  Choose 2048 as the key length.

host multiple email domains in modoboa

In the next screen, you can choose to create an admin account for your domain. The SMTP protocol requires that a mail server should have a [email protected] address.

modoboa add second domain

Click the Submit button and your new domain name will be added in Modoboa.

To add email addresses, go to Domains tab and click your second domain name.

modoboa simple mail hosting

Then click mailboxes.

modoboa virtual domain

Click Add button and choose Account.

modoboa domain mailbox

Then choose Simple user as the role. Enter an email address in Username field and enter a password.

modoboa add email address of second domain

In the next screen, you can optionally create an alias for this email address.

create-alias-in-modoboa-mail-server

After clicking the submit button, the email address is created.

Step 2: Creating MX, A, SPF, DKIM and DMARC record for the new mail domain

MX and A Record

In your DNS manager, add MX record for the new domain like below.

Record Type    Name      Value

MX             @         mail.domain2.com

The A record points to your mail server’s IP address.

Record Type    Name     Value

A              mail     IP-address-of-mail-server

If your server uses IPv6 address, be sure to add AAAA record.

SPF, DKIM and DMARC Record

Then create SPF record to allow the MX host to send email for the new mail domain.

Record Type    Name      Value

TXT            @         v=spf1 mx ~all

To create DKIM record, we need to get the public key. Go to Modoboa admin panel and select your second domain name in the Domains tab. In the DNS section, click Show key button.

modoboa-dkim-signing-for-second-domain

The public key of the second domain will be revealed. There are two formats. We only need the Bind/named format.

modoboa-dkim-public-key-for-second-domain

Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding the second domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.

modoboa dkim format

Note that your DKIM record may need sometime to propagate to the Internet. Depending on the domain registrar you use, your DNS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to https://www.dmarcanalyzer.com/dkim/dkim-check/, enter modoboa as the selector and enter your domain name to check DKIM record propagation.

To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]

create dmarc record txt

The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.

Step 3: Setting up Webmail, Postfix and Dovecot for Multiple Domains

It makes sense to let users of the first domain use mail.domain1.com and users of the second domain use mail.domain2.com when accessing webmail.

First, we need to add the second mail domain into the allowed hosts list. Edit the settings.py file.

sudo nano /srv/modoboa/instance/instance/settings.py

Find the following lines.

ALLOWED_HOSTS = [
    'mail.domain1.com',
]

Add your second domain.

ALLOWED_HOSTS = [
    'mail.domain1.com',
    'mail.domain2.com',
]

Save and close the file. Then restart uWSGI for the change to take effect.

sudo systemctl restart uwsgi

Next, we need to create an Nginx virtual host file the second domain. Change working directory to /etc/nginx/sites-enabled.

cd /etc/nginx/sites-enabled

Copy the content of the first mail domain virtual host file to the second domain virtual host file.

sudo cp mail.domain1.com.conf mail.domain2.com.conf

Edit the second domain virtual host file.

sudo nano mail.domain2.com.conf

Find the following line.

server_name mail.domain1.com;

We need to change the server_name to mail.domain2.com

server_name mail.domain2.com;

There are 2 instances of server_name, you need to change both of them. (Note that you should not change the domain name in the SSL certificate path.) Then comment out the following 3 lines, because this upstream has already been defined in the mail.domain1.com.conf file.

upstream modoboa {
    server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
}

Save and close the file. Then test Nginx configuartion.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Make sure you have cerbot intalled on your Debian/Ubuntu server.

sudo apt install certbot python3-certbot-nginx

On CentOS/RHEL, run the following command to install certbot.

sudo dnf install certbot python3-certbot-nginx

Now use Certbot nginx plugin to obtain TLS certificate for all your mail domains, so you will have a single TLS certificate with multiple domain names on it and mail clients won’t throw security warnings.

sudo certbot certonly --nginx --agree-tos -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email your-email-address 

Notice that in the above command, we specified the cert name using the first mail domain, which will be used in the file path, so you don’t have to change the file path in Postfix or Dovecot configuration file. Also note that we tell certbot to only obtain but not install the certificate (certonly).

When it asks if you want to update existing certificate to include the new domain, answer U and hit Enter.

modoboa letsencrypt multi-domain

Now you should see the following message, which indicates the multi-domain certificate is successfully obtained.

modoboa multi-domain nginx certificate

Reload Nginx to pick up the new certificate.

sudo systemctl reload nginx

You should now be able to use different domains to access webmail. Also you need to reload Postfix SMTP server and Dovecot IMAP server in order to let them pick up the new certificate.

sudo systemctl reload postfix dovecot

Using Mail Client on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account of the second domain.

  • In the incoming server section, select IMAP protocol, enter mail.domain2.com as the server name, choose port 143 and STARTTLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter mail.domain2.com as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

modoboa-multiple-domain-postfix-dovecot

Hint: You can also use port 993 with SSL/TLS encryption for IMAP, and use port 465 with SSL/TLS encryption for SMTP. You should not use port 25 as the SMTP port in mail clients to submit outgoing emails.

Although Postfix SMTP server and Dovecot IMAP server are using the hostname of the first mail domain (mail.domain1.com) when communicating with others, they are now using a multi-domain certificate, so the mail client won’t display certificate warnings.

SPF and DKIM Check

Now you can use your desktop email client or webmail client to send a test email to [email protected] and get a free email authentication report. Here’s the report I got from port25.com

postfix spf dkim ubuntu

Don’t forget to test your email score at https://www.mail-tester.com and also test email placement with GlockApps.

If DKIM check fails, you can go to https://www.dmarcanalyzer.com/dkim/dkim-check/ to see if there are any errors with your DKIM record.

dmarc analyzer dkim record checker

What if Your Emails Are Still Being Marked as Spam?

I have more tips for you in this article: 7 effective tips to stop your emails being marked as spam. Although it requires some time and effort, your emails will eventually be placed in the inbox after applying these tips.

rDNS for Multiple Mail Domains?

Reverse DNS (rDNS), aka PTR record, is used to check if the sender’s IP address matches the HELO hostname. You don’t need to add another PTR record when adding a new mail domain. Your rDNS should be set to just one hostname, i.e. the hostname set in Postfix, which can be shown with the following command.

postconf myhostname

rDNS is a record for IP addresses. It’s not a record for domain name. If you have just one IP address, then you need just one rDNS record pointing to one hostname. Reverse DNS check doesn’t verify what From: domain is in your email, as long as your IP address has an rDNS record and the hostname can resolve back to the same IP address, you can pass reverse DNS check.

Also, you don’t need to change the following settings in Postfix when hosting multiple domains on one server.

  • myhostname
  • myorigin
  • mydestination

Hosted email services like G Suite and Microsoft Exchange Online all use one hostname for a server to send an email for their customers. Emails sent from G Suite users all use google.com in the hostname and emails sent from Microsoft Exchange Online users all use outlook.com in the hostname. This is also true for other email service providers like Mailchimp, SendinBlue, SendPluse, etc. They all use one hostname for a single server and one IP address has just one rDNS record.

(Optional) Set Up Autodiscover and AutoConfig for Multiple Domains

Autodiscover and AutoConfig make it easy to configure a desktop or mobile mail client. The end user just need to enter a name, email address and password to set up his/her mail account, without having to enter the SMTP or IMAP server details. Setting up Autodiscover and AutoConfig for multiple domains requires 2 simple steps.

First, create CNAME records for the second domain in your DNS manager,

autoconfig.domain2.com       CNAME         mail.domain2.com
autodiscover.domain2.com     CNAME         mail.domain2.com

Then go to the Nginx virtual host directory.

cd /etc/nginx/sites-enabled/

Copy the autoconfig virtual host for the second domain.

sudo cp autoconfig.domain1.com.conf autoconfig.domain2.com.conf

Edit the new virtual host file.

sudo nano autoconfig.domain2.com.conf

Find the following line.

server_name autoconfig.domain1.com;

We need to change the server_name to autoconfig.domain2.com

server_name autoconfig.domain2.com;

Then comment out the following 3 lines, because this upstream has already been defined in the autoconfig.domain1.com.conf file, we can’t define it again.

upstream automx {
      server unix:/run/uwsgi/app/automx_instance/socket fail_timeout=0;
}

Save and close the file. Then test Nginx configuartion.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now you can test the Autodiscover and AutoConfig feature in Microsoft Outlook and Mozilla Thunderbird mail client.

By default, AutoMX will send the first hostname (mail.domain1.com) to mail clients who request Autodiscover and AutoConfig info, which means Microsoft Outlook and Mozilla Thunderbird would use mail.domain1.com as the SMTP server and IMAP server for the second domain. This works, but isn’t perfect.

If you want Microsoft Outlook and Mozilla Thunderbird to use mail.domain2.com as SMTP and IMAP server address for the second domain, then edit the AutoMX configuration file.

sudo nano /etc/automx.conf

Create a new section for the second domain at the end of this file.

[domain2.com]

Then copy the lines from the [global] section and change the domain name.

[domain2.com]
backend = sql
action = settings
account_type = email
host = postgres://modoboa:[email protected]/modoboa
query = SELECT first_name || ' ' || last_name AS display_name, email, SPLIT_PART(email, '@', 2) AS domain FROM core_user WHERE email='%s' AND is_active
result_attrs = display_name, email

smtp = yes
smtp_server = mail.domain2.com
smtp_port = 587
smtp_encryption = starttls
smtp_auth = plaintext
smtp_auth_identity = ${email}
smtp_refresh_ttl = 6
smtp_default = yes

imap = yes
imap_server = mail.domain2.com
imap_port = 143
imap_encryption = starttls
imap_auth = plaintext
imap_auth_identity = ${email}
imap_refresh_ttl = 6

pop = yes
pop_server = mail.domain2.com
pop_port = 110
pop_encryption = starttls
pop_auth = plaintext
pop_auth_identity = ${email}

Save and close the file. Then restart AutoMX.

sudo systemctl restart uwsgi

Wrapping Up

That’s it! I hope this tutorial helped you host multiple email domains with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 11 Average: 5]

24 Responses to “How to Host Multiple Domains in Modoboa Mail Server

  • One question:

    Can we use autodiscover on second domain?

    Great Tutorial!

    • Xiao Guo An (Admin)
      5 years ago

      Hi, I just added “how to set up autodiscover and autoconfig for multiple domains” at the end of this article.

    • I have the same question, if I want to use autodiscover and autoconfig on multiple domains how do we do that?

      • Xiao Guo An (Admin)
        5 years ago

        Hi, I just added “how to set up autodiscover and autoconfig for multiple domains” at the end of this article.

        • That’s amazing, thanks Xizo Guo An!

  • Quang Nguyen
    5 years ago

    Thank you for your sharing!

    I learning how to make email server, but after do to this post, I stop at here.
    –> sudo nginx -t –> Test failed

    can you send me your suggest or samples code content with the second domain?

    Thanks & Best regards!

    …………..

    There are 2 instances of server_name, you need to change both of them. Then comment out the following 3 lines.

    upstream modoboa {
    server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
    }
    Save and close the file. Then test Nginx configuartion.

    sudo nginx -t
    If the test is successful, reload Nginx for the changes to take effect.

    sudo systemctl reload nginx
    …..

    • Xiao Guo An (Admin)
      5 years ago

      Note that you should not change the domain name in the SSL certificate path when editing the mail.domain2.conf file.

      You need to comment out the upstream definition in mail.domain2.conf file, because this upstream has already been defined in the mail.domain1.conf file. The upstream block belongs to the http block, so it should not be declared twice.

  • Quang Nguyen
    5 years ago

    Hi Xiao Guo An ,

    I will checked again.

    Thanks so much!

  • Attila Foris
    5 years ago

    Hello Xiao Guo An,

    Something is not 100% right here. I’ve created my new mail server based on the https://www.linuxbabe.com/mail-server/email-server-ubuntu-18-04-modoboa article.
    I’ve added my two other domains according to this article, but still something missing. When I receive mail to the main domain name then everything is OK, but the other two domain names are can not receive the mails.
    Error message is something like this:

    "450 4.1.1 : Recipient address rejected: unverified address: connect to mail.example2.domain.com[private/dovecot-lmtp]: Connection refused; "

    error 450 is pointing (based on googling) to a not correct postfix main.cf config entry, most probably the
    “mydestination = $myhostname” is not OK. I tried to replace with a localhost but it still not OK.

  • Attila Foris
    5 years ago

    OK problem found. $myhostname variable is not good for mydestination in postfix main.cf. Usually myhostname is the external dns address of the mail server and only port 25 and secure smtp/pop3/inet should be open toward public internet. Lmtp must work only locally. So mydestination in this case where the lmtp service listen on the server. In my case it was the private IP address (10.x.x.x), not the loopback 127.0.0.1/localhost.
    It should be corrected in modoboa installer, or should be mentioned in this guide.

    • Xiao Guoan (Admin)
      5 years ago

      The mydestination parameter contains a list of domains that will accept emails for users with local Unix account. By default, Modoboa sets its value to $myhostname, which is fine.

      Modoboa creates virtual mailboxes, which means that there’s no need to create a local Unix account for each email address. The virtual mailboxes and domains are stored in a database (MySQL, MariaDB, or PostgreSQL). When Postfix receives an email message from other SMTP server, it queries the database to check if the recipient email address exists on the mail server.

      If Postfix is configured to use dovecot-lmtp to deliver email, as is the case with Modoboa, then Dovecot will query the database to check if the recipient email address exists on the mail server.

      The problem with your mail server is probably caused by Dovecot, not by Postfix. Perhaps Dovecot isn’t running, or there’s a permission issue.

  • Hi Xiao

    Thank you for this amazing guide, it works just fine

    Just notice that a user from domain1 can login in domain2

    How can I avoid this?

    • Xiao Guoan (Admin)
      4 years ago

      You have to write a Javascript to check the domain name entered by the user. If it doesn’t match the domain name in the address bar, produce an error message on the web page.

  • Digi Doe
    4 years ago

    Good day Xiao,

    Thank you for your in-depth tutorial, it worked for me, but I have a question.

    The header for second domain2.com is showing domain1.com can this be changed?

    Message was sent from domain2.com but it is showing domain1.com

    Example
    Received: from localhost (localhost [127.0.0.1]) by mail.domain1.com (Postfix) with ESMTP id D4326243

  • I love this article. Thank you so much. Everything working fine on first domain. Now I’ve added a second one. Webmail is broken though

    Error: Namespace '': Mail storage autodetection failed with home=/srv/vmail/***/john
    dovecot: imap(john@***.com): Namespace '': Mail storage autodetection failed with home=/srv/vmail/***/john in=0 out=419 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

    Any help would be hugely appreciated. Again, thanks so much for writing this!

  • Smakodak
    4 years ago

    I had problems regarding the Let’s encrypt update and found the following:

    Modoboa version: 1.6.1

    The below command did not work:

    sudo /opt/certbot-auto certonly --nginx --agree-tos -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email your-email-address

    So I tried this instead:

    sudo certbot certonly --nginx --agree-tos -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email your-email-address

    But got this error:

    Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed

    I then installed:

    sudo apt install python-certbot-nginx

    Ran:

    sudo certbot certonly --nginx --agree-tos -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email your-email-address

    It’s working. But I’m baffled about the fact that the plugin error was already in the logs before I started messing around.
    But my knowledge regarding this is to limited to draw conclusions.

  • Hello, and thank you for the tutorial.

    I shifted over my mail server to Modoboa, and it’s working fine, but I need to add two old domains to receive a couple of old emails but not for replying or sending. I want to still collect some old subscription emails as I did on iRedMail.

    When I run “sudo /opt/certbot-auto certonly –nginx –agree-tos -d mail.domain1.com,mail.domain2.com –cert-name mail.domain1.com –email your-email-address” I get /opt/certbot not found. Looked in the folder “/opt” and it is empty. Should I install the certbot application? The initial setup installed the Let’s Encrypt TLS Certificate for my main mail-server domain, and my mail server is https.

    Thanks, Fred.

    • Xiao Guoan (Admin)
      4 years ago

      The new Modoboa version now installs certbot from the default software repository, instead of downloading the certbot-auto script.

      sudo apt install certbot python3-certbot-nginx

      Then run

      sudo certbot certonly –nginx –agree-tos -d mail.domain1.com,mail.domain2.com –cert-name mail.domain1.com –email your-email-address
  • Rodrigo Vieira
    3 years ago

    I can`t find “cd /etc/nginx/sites-enabled” in CentOS!

  • Hey Xiao

    Thanks for all your work here. I’ve played through a few of your tutorials now and they’ve worked great.

    With this one, however, I have a little trouble. The installation and configuration worked great, but when I login with a user of the second domain on the web interface, this can write and receive emails, but certain settings such as CardDAV activation can not be saved. Also no calendars can be created.

    Could you help me further?

    Thanks already, Uwe

  • Thanks Xiao. Thanks a lot. I would like to ask you how to make my subdomain not mail.domain.com but mx2.domain.com

  • Rodrigo
    2 years ago

    I get error 400 (Bad Request) in https://mail.domain2.com/

  • Spurgeon
    8 months ago

    Thanks for the great tutorial.

    It is very useful.

    Can you please share some info, if it is possible to have custom webmail instances (nginx confs) for the virtual domains as well? and if so, how to do it?

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here