How to Host Multiple Mail Domains in iRedMail with Nginx

This tutorial will be showing you how to set up multiple email domains with iRedMail, which is an easy way to set up your own email server.

Prerequisites

To follow this tutorial, it’s assumed that

What You Need to Do

If you want to host multiple mail domains, then you need to

  • Add a new mail domain and user in iRedMail admin panel.
  • Create MX, A and SPF record for the new mail domain.
  • Set up DKIM signing for additional domains
  • Set up RoundCube Webmail for multiple domains
Reverse DNS check is used to check if the sender’s IP address matches the HELO hostname. You don’t need to add another PTR record when adding a new mail domain.

Step 1: Adding Additional Domains in iRedMail Admin Panel

Log into iRedMail admin panel with the postmaster account. (https://mail.your-domain.com/iredadmin) Then add domains in the Add tab.

iredmail multiple domains

Next, add a user under the new domain.

iredmail multiple domains ssl

Step 2: Creating MX, A and SPF record for the new mail domain

In your DNS manager, add MX record for the new domain like below.

Record Type    Name      Value

MX             @         mail.domain2.com

The A record points to your mail server’s IP address.

Record Type    Name     Value

A              mail     IP-address-of-mail-server

If your server uses IPv6 address, be sure to add AAAA record.

Then create SPF record to allow the MX host to send email for the new mail domain.

Record Type    Name      Value

TXT            @         v=spf1 mx ~all

Step 3: Setting up DKIM signing for the new domain

You need to tell amavisd to sign every outgoing email for the new mail domain. Edit /etc/amavis/conf.d/50-user file.

sudo nano /etc/amavis/conf.d/50-user

Find the following line,

dkim_key('domain1.com', 'dkim', '/var/lib/dkim/domain1.com.pem');

Add another line to specify the location of the private key of second domain.

dkim_key('domain2.com', 'dkim', '/var/lib/dkim/domain2.com.pem');

In @dkim_signature_options_bysender_maps section, add the following line.

 "domain2.com" => { d => "domain2.com", a => 'rsa-sha256', ttl => 10*24*3600 },

amavis dkim signing

Save and close the file. Then generate the private key for the second domain.

sudo amavisd-new genrsa /var/lib/dkim/domain2.com.pem 2048

Restart Amavis.

sudo systemctl restart amavis

Display the public keys.

sudo amavisd-new showkeys

All public keys will be displayed. We need the public key of the second domain, which is in the parentheses.

amavis show keys

In your DNS manager, create a TXT record for the second domain. Enter dkim._domainkey in the Name field. Copy everything in the parentheses and paste into the value field. Delete all double quotes. (You can paste it into a text editor first, delete all double quotes, the copy it to your DNS manager. Your DNS manager may require you to delete other invalid characters, such as carriage return.)

amavisd-new ubuntu

After saving your changes. Check the TXT record with this command.

dig TXT dkim._domainkey.domain2.com

Now you can run the following command to test if your DKIM DNS record is correct.

sudo amavisd-new testkeys

If the DNS record is correct, the test will pass.

TESTING#1 domain1.com: dkim._domainkey.domain1.com => pass
TESTING#2 domain2.com: dkim._domainkey.domain2.com => pass

Step 4: Setting up RoundCube for Multiple Domains

It makes sense to let users of the first domain use mail.domain1.com and users of the second domain use mail.domain2.com when using RoundCube webmail.

Change working directory to /etc/nginx/.

cd /etc/nginx/

Create a blank server block file for the second domain in /etc/nginx/sites-enabled/ directory.

sudo touch sites-enabled/mail.domain2.com.conf

Copy the default HTTP site configurations to the file.

cat sites-enabled/00-default.conf | sudo tee -a sites-enabled/mail.domain2.com.conf

Copy the default SSL site configurations to the file.

cat sites-enabled/00-default-ssl.conf | sudo tee -a sites-enabled/mail.domain2.com.conf

Edit the virtual host file.

sudo nano sites-enabled/mail.domain2.com.conf

Find the following line.

server_name _;

We need to change the server_name to mail.domain2.com, because later we need to use Certbot to generate a new tls certificate.

server_name mail.domain2.com;

There are 2 instances of server_name, you need to change both of them. Save and close the file. Then test Nginx configuartion.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now use Certbot webroot plugin to obtain TLS certificate for all your mail domains, so you will have a single TLS certificate with multiple domain names on it.

sudo certbot certonly --webroot --agree-tos -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email your-email-address -w /var/www/html

Notice that in the above command, we specified the cert name using the first mail domain, which will be used in the file path, so you don’t have to change the file path in Postfix or Dovecot configuration file.

When it asks if you want to update existing certificate to include the new domain, answer U and hit Enter.

certbot multi-domain iredmail

Now you should see the following message, which indicates the multi-domain certificate is successfully obtained.

iredmail nginx multiple domain

Reload Nginx to pick up the new certificate.

sudo systemctl reload nginx

You should now be able to use different domains to access RoundCube webmail. Also you need to reload Postfix SMTP server and Dovecot IMAP server in order to let them pick up the new certificate.

sudo systemctl reload postfix

sudo systemctl reload dovecot

Using Mail Client on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account of the second domain.

  • In the incoming server section, select IMAP protocol, enter mail.domain2.com as the server name, choose port 993 and SSL/TLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter mail.domain2.com as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

iredmail multiple domain postfix dovecot

Although Postfix SMTP server and Dovecot IMAP server are using the hostname of the first mail domain (mail.domain1.com) when communicating with others, they are now using a multi-domain certificate, so the mail client won’t display certificate warnings.

SPF and DKIM Check

Now you can use your desktop email client or webmail client to send a test email to [email protected] and get a free email authentication report. Here’s the report I got from port25.com

postfix spf dkim ubuntu

Don’t forget to test your email score at https://www.mail-tester.com and also GlockApps.com.

That’s it! I hope this tutorial helped you host multiple email domains with iRedMail. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 1 Average: 5]

One Response to “How to Host Multiple Mail Domains in iRedMail with Nginx

  • Thank you for this interesting read.
    Is there any encryption implemented for mail data stored at the server?
    If not, how would I add this?

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • If my answer helped you, please consider supporting this site. Thanks :)