How to Host Multiple Domains in Modoboa Mail Server

This tutorial will be showing you how to set up multiple email domains with Modoboa, which is an easy-to-use and open-source mail hosting solution. To follow this tutorial, it’s assumed that you have already set up a Modoboa mail server with one domain name.

What You Need to Do

If you want to host multiple mail domains, then you need to

  • Add a new mail domain and user in Modoboa admin panel.
  • Create MX, A, SPF, DKIM and DMARC record for the new mail domain.
  • Set up Webmail, Postfix and Dovecot for multiple domains

PTR record is used to check if the sender’s IP address matches the HELO hostname. You don’t need to add another PTR record when adding a new mail domain.

Step 1: Adding Additional Domains in Modoboa Admin Panel

Log into Modoboa admin panel with the admin account. (https://mail.your-domain.com/admin) Then go to Domains tab and click Add button to add a new domain.

modoboa multiple domains

Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector filed, you can enter a random word like modoboa.  Choose 2048 as the key length.

host multiple email domains in modoboa

In the next screen, you can choose to create an admin account for your domain. The SMTP protocol requires that a mail server should have a [email protected] address.

modoboa add second domain

Click the Submit button and your new domain name will be added in Modoboa.

To add email addresses, go to Domains tab and click your second domain name.

modoboa simple mail hosting

Then click mailboxes.

modoboa virtual domain

Click Add button and choose Account.

modoboa domain mailbox

Then choose Simple user as the role. Enter an email address in Username field and enter a password.

modoboa add email address of second domain

In the next screen, you can optionally create an alias for this email address.

create-alias-in-modoboa-mail-server

After clicking the submit button, the email address is created.

Step 2: Creating MX, A, SPF, DKIM and DMARC record for the new mail domain

MX and A Record

In your DNS manager, add MX record for the new domain like below.

Record Type    Name      Value

MX             @         mail.domain2.com

The A record points to your mail server’s IP address.

Record Type    Name     Value

A              mail     IP-address-of-mail-server

If your server uses IPv6 address, be sure to add AAAA record.

SPF, DKIM and DMARC Record

Then create SPF record to allow the MX host to send email for the new mail domain.

Record Type    Name      Value

TXT            @         v=spf1 mx ~all

To create DKIM record, we need to get the public key. Go to Modoboa admin panel and select your second domain name in the Domains tab. In the DNS section, click Show key button.

modoboa-dkim-signing-for-second-domain

The public key of the second domain will be revealed. There are two formats. We only need the Bind/named format.

modoboa-dkim-public-key-for-second-domain

Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding the second domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.

modoboa dkim format

To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]

create dmarc record txt

The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.

Step 3: Setting up Webmail, Postfix and Dovecot for Multiple Domains

It makes sense to let users of the first domain use mail.domain1.com and users of the second domain use mail.domain2.com when accessing webmail.

First, we need to add the second mail domain into the allowed hosts list. Edit the settings.py file.

sudo nano /srv/modoboa/instance/instance/settings.py

Find the following lines.

ALLOWED_HOSTS = [
    'mail.domain1.com',
]

Add your second domain.

ALLOWED_HOSTS = [
    'mail.domain1.com',
    'mail.domain2.com',
]

Save and close the file. Then restart uWSGI for the change to take effect.

sudo systemctl restart uwsgi

Next, we need to create an Nginx virtual host file the second domain. Change working directory to /etc/nginx/sites-enabled.

cd /etc/nginx/sites-enabled

Copy the content of the first mail domain virtual host file to the second domain virtual host file.

sudo cp mail.domain1.com.conf mail.domain2.com.conf

Edit the second domain virtual host file.

sudo nano mail.domain2.com.conf

Find the following line.

server_name mail.domain1.com;

We need to change the server_name to mail.domain2.com

server_name mail.domain2.com;

There are 2 instances of server_name, you need to change both of them. (Note that you should not change the domain name in the SSL certificate path.) Then comment out the following 3 lines, because this upstream has already been defined in the mail.domain1.com.conf file.

upstream modoboa {
    server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
}

Save and close the file. Then test Nginx configuartion.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now use Certbot nginx plugin to obtain TLS certificate for all your mail domains, so you will have a single TLS certificate with multiple domain names on it.

sudo /opt/certbot-auto certonly --nginx --agree-tos -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email your-email-address 

Notice that in the above command, we specified the cert name using the first mail domain, which will be used in the file path, so you don’t have to change the file path in Postfix or Dovecot configuration file. Also note that we tell certbot to only obtain but not install the certificate (certonly).

When it asks if you want to update existing certificate to include the new domain, answer U and hit Enter.

modoboa letsencrypt multi-domain

Now you should see the following message, which indicates the multi-domain certificate is successfully obtained.

modoboa multi-domain nginx certificate

Reload Nginx to pick up the new certificate.

sudo systemctl reload nginx

You should now be able to use different domains to access webmail. Also you need to reload Postfix SMTP server and Dovecot IMAP server in order to let them pick up the new certificate.

sudo systemctl reload postfix dovecot

Using Mail Client on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account of the second domain.

  • In the incoming server section, select IMAP protocol, enter mail.domain2.com as the server name, choose port 993 and SSL/TLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter mail.domain2.com as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

modoboa-multiple-domain-postfix-dovecot

Although Postfix SMTP server and Dovecot IMAP server are using the hostname of the first mail domain (mail.domain1.com) when communicating with others, they are now using a multi-domain certificate, so the mail client won’t display certificate warnings.

SPF and DKIM Check

Now you can use your desktop email client or webmail client to send a test email to [email protected] and get a free email authentication report. Here’s the report I got from port25.com

postfix spf dkim ubuntu

Don’t forget to test your email score at https://www.mail-tester.com and also test email placement with GlockApps.

What if Your Emails Are Still Being Marked as Spam?

I have more tips for you in this article: How to stop your emails being marked as spam. Although it requires some time and effort, your emails will eventually be placed in inbox after applying these tips.

(Optional) Set Up Autodiscover and AutoConfig for Multiple Domains

Autodiscover and AutoConfig make it easy to configure a desktop or mobile mail client. The end user just need to enter a name, email address and password to set up his/her mail account, without having to enter the SMTP or IMAP server details. Setting up Autodiscover and AutoConfig for multiple domains requires 2 simple steps.

First, create CNAME records for the second domain in your DNS manager,

autoconfig.domain2.com       CNAME         mail.domain2.com
autodiscover.domain2.com     CNAME         mail.domain2.com

Then go to the Nginx virtual host directory.

cd /etc/nginx/sites-enabled/

Copy the autoconfig virtual host for the second domain.

sudo cp autoconfig.domain1.com.conf autoconfig.domain2.com.conf

Edit the new virtual host file.

sudo nano autoconfig.domain2.com.conf

Find the following line.

server_name autoconfig.domain1.com;

We need to change the server_name to autoconfig.domain2.com

server_name autoconfig.domain2.com;

Then comment out the following 3 lines, because this upstream has already been defined in the autoconfig.domain1.com.conf file, we can’t define it again.

upstream automx {
      server unix:/run/uwsgi/app/automx_instance/socket fail_timeout=0;
}

Save and close the file. Then test Nginx configuartion.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now you can test the Autodiscover and AutoConfig feature in Microsoft Outlook and Mozilla Thunderbird mail client.

By default, AutoMX will send the first hostname (mail.domain1.com) to mail clients who request Autodiscover and AutoConfig info, which means Microsoft Outlook and Mozilla Thunderbird would use mail.domain1.com as the SMTP server and IMAP server for the second domain. This works, but isn’t perfect.

If you want Microsoft Outlook and Mozilla Thunderbird to use mail.domain2.com as SMTP and IMAP server address for the second domain, then edit the AutoMX configuration file.

sudo nano /etc/automx.conf

Create a new section for the second domain at the end of this file.

[domain2.com]

Then copy the lines from the [global] section and change the domain name.

[domain2.com]
backend = sql
action = settings
account_type = email
host = postgres://modoboa:[email protected]/modoboa
query = SELECT first_name || ' ' || last_name AS display_name, email, SPLIT_PART(email, '@', 2) AS domain FROM core_user WHERE email='%s' AND is_active
result_attrs = display_name, email

smtp = yes
smtp_server = mail.domain2.com
smtp_port = 587
smtp_encryption = starttls
smtp_auth = plaintext
smtp_auth_identity = ${email}
smtp_refresh_ttl = 6
smtp_default = yes

imap = yes
imap_server = mail.domain2.com
imap_port = 143
imap_encryption = starttls
imap_auth = plaintext
imap_auth_identity = ${email}
imap_refresh_ttl = 6

pop = yes
pop_server = mail.domain2.com
pop_port = 110
pop_encryption = starttls
pop_auth = plaintext
pop_auth_identity = ${email}

Save and close the file. Then restart AutoMX.

sudo systemctl restart uwsgi

Wrapping Up

That’s it! I hope this tutorial helped you host multiple email domains with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 10 Average: 5]

8 Responses to “How to Host Multiple Domains in Modoboa Mail Server

  • One question:

    Can we use autodiscover on second domain?

    Great Tutorial!

  • Quang Nguyen
    7 months ago

    Thank you for your sharing!

    I learning how to make email server, but after do to this post, I stop at here.
    –> sudo nginx -t –> Test failed

    can you send me your suggest or samples code content with the second domain?

    Thanks & Best regards!

    …………..

    There are 2 instances of server_name, you need to change both of them. Then comment out the following 3 lines.

    upstream modoboa {
    server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
    }
    Save and close the file. Then test Nginx configuartion.

    sudo nginx -t
    If the test is successful, reload Nginx for the changes to take effect.

    sudo systemctl reload nginx
    …..

    • Note that you should not change the domain name in the SSL certificate path when editing the mail.domain2.conf file.

      You need to comment out the upstream definition in mail.domain2.conf file, because this upstream has already been defined in the mail.domain1.conf file. The upstream block belongs to the http block, so it should not be declared twice.

  • Quang Nguyen
    7 months ago

    Hi Xiao Guo An ,

    I will checked again.

    Thanks so much!

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • If you ask me more than 5 questions, I expect you to make a donation, or I would stop answering your questions.