How to Host Multiple Domains in Modoboa Mail Server
This tutorial will be showing you how to set up multiple email domains (virtual hosting) with Modoboa, which is an easy-to-use and open-source mail hosting solution. To follow this tutorial, it’s assumed that you have already set up a Modoboa mail server with one domain name.
What You Need to Do
If you want to host multiple mail domains, then you need to
- Add a new mail domain and user in the Modoboa admin panel.
- Create MX, A, SPF, DKIM and DMARC records for the new mail domain.
- Set up Webmail, Postfix and Dovecot for multiple domains
PTR record is used to check if the sender’s IP address matches the HELO hostname. You don’t need to add another PTR record when adding a new mail domain.
Step 1: Adding Additional Domains in Modoboa Admin Panel
Log into the Modoboa admin panel with the admin account. (https://mail.your-domain.com/admin) Then go to Domains tab and click Add button to add a new domain.
Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector filed, you can enter a random word like modoboa. Choose 2048 as the key length.
In the next screen, you can choose to create an admin account for your domain. The SMTP protocol requires that a mail server should have a [email protected] address.
Click the Submit button and your new domain name will be added in Modoboa.
To add email addresses, go to Domains tab and click your second domain name.
Then click mailboxes.
Click Add button and choose Account.
Then choose Simple user as the role. Enter an email address in Username field and enter a password.
In the next screen, you can optionally create an alias for this email address.
After clicking the submit button, the email address is created.
Step 2: Creating MX, A, SPF, DKIM and DMARC record for the new mail domain
MX and A Record
In your DNS manager, add MX record for the new domain like below.
Record Type Name Value
MX @ mail.domain2.com
The A record points to your mail server’s IP address.
Record Type Name Value
A mail IP-address-of-mail-server
If your server uses IPv6 address, be sure to add AAAA record.
SPF, DKIM and DMARC Record
Then create SPF record to allow the MX host to send email for the new mail domain.
Record Type Name Value TXT @ v=spf1 mx ~all
To create DKIM record, we need to get the public key. Go to Modoboa admin panel and select your second domain name in the Domains tab. In the DNS section, click Show key button.
The public key of the second domain will be revealed. There are two formats. We only need the Bind/named format.
Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding the second domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.
Note that your DKIM record may need sometime to propagate to the Internet. Depending on the domain registrar you use, your DNS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to https://www.dmarcanalyzer.com/dkim/dkim-check/, enter modoboa as the selector and enter your domain name to check DKIM record propagation.
To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:
v=DMARC1; p=none; pct=100; rua=mailto:[email protected]
The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.
Step 3: Setting up Webmail, Postfix and Dovecot for Multiple Domains
It makes sense to let users of the first domain use mail.domain1.com and users of the second domain use mail.domain2.com when accessing webmail.
First, we need to add the second mail domain into the allowed hosts list. Edit the settings.py file.
sudo nano /srv/modoboa/instance/instance/settings.py
Find the following lines.
ALLOWED_HOSTS = [
'mail.domain1.com',
]
Add your second domain.
ALLOWED_HOSTS = [
'mail.domain1.com',
'mail.domain2.com',
]
Save and close the file. Then restart uWSGI for the change to take effect.
sudo systemctl restart uwsgi
Next, we need to create an Nginx virtual host file the second domain. Change working directory to /etc/nginx/sites-enabled.
cd /etc/nginx/sites-enabled
Copy the content of the first mail domain virtual host file to the second domain virtual host file.
sudo cp mail.domain1.com.conf mail.domain2.com.conf
Edit the second domain virtual host file.
sudo nano mail.domain2.com.conf
Find the following line.
server_name mail.domain1.com;
We need to change the server_name to mail.domain2.com
server_name mail.domain2.com;
There are 2 instances of server_name, you need to change both of them. (Note that you should not change the domain name in the SSL certificate path.) Then comment out the following 3 lines, because this upstream has already been defined in the mail.domain1.com.conf file.
upstream modoboa {
server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
}
Save and close the file. Then test Nginx configuartion.
sudo nginx -t
If the test is successful, reload Nginx for the changes to take effect.
sudo systemctl reload nginx
Make sure you have cerbot intalled on your Debian/Ubuntu server.
sudo apt install certbot python3-certbot-nginx
On CentOS/RHEL, run the following command to install certbot.
sudo dnf install certbot python3-certbot-nginx
Now use Certbot nginx plugin to obtain TLS certificate for all your mail domains, so you will have a single TLS certificate with multiple domain names on it and mail clients won’t throw security warnings.
sudo certbot certonly --nginx --agree-tos -d mail.domain1.com,mail.domain2.com --cert-name mail.domain1.com --email your-email-address
Notice that in the above command, we specified the cert name using the first mail domain, which will be used in the file path, so you don’t have to change the file path in Postfix or Dovecot configuration file. Also note that we tell certbot to only obtain but not install the certificate (certonly).
When it asks if you want to update existing certificate to include the new domain, answer U and hit Enter.
Now you should see the following message, which indicates the multi-domain certificate is successfully obtained.
Reload Nginx to pick up the new certificate.
sudo systemctl reload nginx
You should now be able to use different domains to access webmail. Also you need to reload Postfix SMTP server and Dovecot IMAP server in order to let them pick up the new certificate.
sudo systemctl reload postfix dovecot
Using Mail Client on Your Computer or Mobile Device
Fire up your desktop email client such as Mozilla Thunderbird and add a mail account of the second domain.
- In the incoming server section, select IMAP protocol, enter
mail.domain2.comas the server name, choose port 143 and STARTTLS. Choosenormal passwordas the authentication method. - In the outgoing section, select SMTP protocol, enter
mail.domain2.comas the server name, choose port 587 and STARTTLS. Choosenormal passwordas the authentication method.
Hint: You can also use port 993 with SSL/TLS encryption for IMAP, and use port 465 with SSL/TLS encryption for SMTP. You should not use port 25 as the SMTP port in mail clients to submit outgoing emails.
Although Postfix SMTP server and Dovecot IMAP server are using the hostname of the first mail domain (mail.domain1.com) when communicating with others, they are now using a multi-domain certificate, so the mail client won’t display certificate warnings.
SPF and DKIM Check
Now you can use your desktop email client or webmail client to send a test email to [email protected] and get a free email authentication report. Here’s the report I got from port25.com
Don’t forget to test your email score at https://www.mail-tester.com and also test email placement with GlockApps.
If DKIM check fails, you can go to https://www.dmarcanalyzer.com/dkim/dkim-check/ to see if there are any errors with your DKIM record.
What if Your Emails Are Still Being Marked as Spam?
I have more tips for you in this article: 7 effective tips to stop your emails being marked as spam. Although it requires some time and effort, your emails will eventually be placed in the inbox after applying these tips.
rDNS for Multiple Mail Domains?
Reverse DNS (rDNS), aka PTR record, is used to check if the sender’s IP address matches the HELO hostname. You don’t need to add another PTR record when adding a new mail domain. Your rDNS should be set to just one hostname, i.e. the hostname set in Postfix, which can be shown with the following command.
postconf myhostname
rDNS is a record for IP addresses. It’s not a record for domain name. If you have just one IP address, then you need just one rDNS record pointing to one hostname. Reverse DNS check doesn’t verify what From: domain is in your email, as long as your IP address has an rDNS record and the hostname can resolve back to the same IP address, you can pass reverse DNS check.
Also, you don’t need to change the following settings in Postfix when hosting multiple domains on one server.
- myhostname
- myorigin
- mydestination
Hosted email services like G Suite and Microsoft Exchange Online all use one hostname for a server to send an email for their customers. Emails sent from G Suite users all use google.com in the hostname and emails sent from Microsoft Exchange Online users all use outlook.com in the hostname. This is also true for other email service providers like Mailchimp, SendinBlue, SendPluse, etc. They all use one hostname for a single server and one IP address has just one rDNS record.
(Optional) Set Up Autodiscover and AutoConfig for Multiple Domains
Autodiscover and AutoConfig make it easy to configure a desktop or mobile mail client. The end user just need to enter a name, email address and password to set up his/her mail account, without having to enter the SMTP or IMAP server details. Setting up Autodiscover and AutoConfig for multiple domains requires 2 simple steps.
First, create CNAME records for the second domain in your DNS manager,
autoconfig.domain2.com CNAME mail.domain2.com autodiscover.domain2.com CNAME mail.domain2.com
Then go to the Nginx virtual host directory.
cd /etc/nginx/sites-enabled/
Copy the autoconfig virtual host for the second domain.
sudo cp autoconfig.domain1.com.conf autoconfig.domain2.com.conf
Edit the new virtual host file.
sudo nano autoconfig.domain2.com.conf
Find the following line.
server_name autoconfig.domain1.com;
We need to change the server_name to autoconfig.domain2.com
server_name autoconfig.domain2.com;
Then comment out the following 3 lines, because this upstream has already been defined in the autoconfig.domain1.com.conf file, we can’t define it again.
upstream automx {
server unix:/run/uwsgi/app/automx_instance/socket fail_timeout=0;
}
Save and close the file. Then test Nginx configuartion.
sudo nginx -t
If the test is successful, reload Nginx for the changes to take effect.
sudo systemctl reload nginx
Now you can test the Autodiscover and AutoConfig feature in Microsoft Outlook and Mozilla Thunderbird mail client.
By default, AutoMX will send the first hostname (mail.domain1.com) to mail clients who request Autodiscover and AutoConfig info, which means Microsoft Outlook and Mozilla Thunderbird would use mail.domain1.com as the SMTP server and IMAP server for the second domain. This works, but isn’t perfect.
If you want Microsoft Outlook and Mozilla Thunderbird to use mail.domain2.com as SMTP and IMAP server address for the second domain, then edit the AutoMX configuration file.
sudo nano /etc/automx.conf
Create a new section for the second domain at the end of this file.
[domain2.com]
Then copy the lines from the [global] section and change the domain name.
[domain2.com] backend = sql action = settings account_type = email host = postgres://modoboa:[email protected]/modoboa query = SELECT first_name || ' ' || last_name AS display_name, email, SPLIT_PART(email, '@', 2) AS domain FROM core_user WHERE email='%s' AND is_active result_attrs = display_name, email smtp = yes smtp_server = mail.domain2.com smtp_port = 587 smtp_encryption = starttls smtp_auth = plaintext smtp_auth_identity = ${email} smtp_refresh_ttl = 6 smtp_default = yes imap = yes imap_server = mail.domain2.com imap_port = 143 imap_encryption = starttls imap_auth = plaintext imap_auth_identity = ${email} imap_refresh_ttl = 6 pop = yes pop_server = mail.domain2.com pop_port = 110 pop_encryption = starttls pop_auth = plaintext pop_auth_identity = ${email}
Save and close the file. Then restart AutoMX.
sudo systemctl restart uwsgi
Wrapping Up
That’s it! I hope this tutorial helped you host multiple email domains with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂
One question:
Can we use autodiscover on second domain?
Great Tutorial!
Hi, I just added “how to set up autodiscover and autoconfig for multiple domains” at the end of this article.
I have the same question, if I want to use autodiscover and autoconfig on multiple domains how do we do that?
Hi, I just added “how to set up autodiscover and autoconfig for multiple domains” at the end of this article.
That’s amazing, thanks Xizo Guo An!
Thank you for your sharing!
I learning how to make email server, but after do to this post, I stop at here.
–> sudo nginx -t –> Test failed
can you send me your suggest or samples code content with the second domain?
Thanks & Best regards!
…………..
There are 2 instances of server_name, you need to change both of them. Then comment out the following 3 lines.
upstream modoboa {
server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
}
Save and close the file. Then test Nginx configuartion.
sudo nginx -t
If the test is successful, reload Nginx for the changes to take effect.
sudo systemctl reload nginx
…..
Note that you should not change the domain name in the SSL certificate path when editing the mail.domain2.conf file.
You need to comment out the
upstreamdefinition in mail.domain2.conf file, because this upstream has already been defined in the mail.domain1.conf file. Theupstreamblock belongs to thehttpblock, so it should not be declared twice.Hi Xiao Guo An ,
I will checked again.
Thanks so much!
Hello Xiao Guo An,
Something is not 100% right here. I’ve created my new mail server based on the https://www.linuxbabe.com/mail-server/email-server-ubuntu-18-04-modoboa article.
I’ve added my two other domains according to this article, but still something missing. When I receive mail to the main domain name then everything is OK, but the other two domain names are can not receive the mails.
Error message is something like this:
error 450 is pointing (based on googling) to a not correct postfix main.cf config entry, most probably the
“mydestination = $myhostname” is not OK. I tried to replace with a localhost but it still not OK.
OK problem found. $myhostname variable is not good for mydestination in postfix main.cf. Usually myhostname is the external dns address of the mail server and only port 25 and secure smtp/pop3/inet should be open toward public internet. Lmtp must work only locally. So mydestination in this case where the lmtp service listen on the server. In my case it was the private IP address (10.x.x.x), not the loopback 127.0.0.1/localhost.
It should be corrected in modoboa installer, or should be mentioned in this guide.
The
mydestinationparameter contains a list of domains that will accept emails for users with local Unix account. By default, Modoboa sets its value to$myhostname, which is fine.Modoboa creates virtual mailboxes, which means that there’s no need to create a local Unix account for each email address. The virtual mailboxes and domains are stored in a database (MySQL, MariaDB, or PostgreSQL). When Postfix receives an email message from other SMTP server, it queries the database to check if the recipient email address exists on the mail server.
If Postfix is configured to use dovecot-lmtp to deliver email, as is the case with Modoboa, then Dovecot will query the database to check if the recipient email address exists on the mail server.
The problem with your mail server is probably caused by Dovecot, not by Postfix. Perhaps Dovecot isn’t running, or there’s a permission issue.
Hi Xiao
Thank you for this amazing guide, it works just fine
Just notice that a user from domain1 can login in domain2
How can I avoid this?
You have to write a Javascript to check the domain name entered by the user. If it doesn’t match the domain name in the address bar, produce an error message on the web page.
Good day Xiao,
Thank you for your in-depth tutorial, it worked for me, but I have a question.
The header for second domain2.com is showing domain1.com can this be changed?
Message was sent from domain2.com but it is showing domain1.com
Example
Received: from localhost (localhost [127.0.0.1]) by mail.domain1.com (Postfix) with ESMTP id D4326243
I love this article. Thank you so much. Everything working fine on first domain. Now I’ve added a second one. Webmail is broken though
Any help would be hugely appreciated. Again, thanks so much for writing this!
I had problems regarding the Let’s encrypt update and found the following:
Modoboa version: 1.6.1
The below command did not work:
So I tried this instead:
But got this error:
I then installed:
Ran:
It’s working. But I’m baffled about the fact that the plugin error was already in the logs before I started messing around.
But my knowledge regarding this is to limited to draw conclusions.
Hello, and thank you for the tutorial.
I shifted over my mail server to Modoboa, and it’s working fine, but I need to add two old domains to receive a couple of old emails but not for replying or sending. I want to still collect some old subscription emails as I did on iRedMail.
When I run “sudo /opt/certbot-auto certonly –nginx –agree-tos -d mail.domain1.com,mail.domain2.com –cert-name mail.domain1.com –email your-email-address” I get /opt/certbot not found. Looked in the folder “/opt” and it is empty. Should I install the certbot application? The initial setup installed the Let’s Encrypt TLS Certificate for my main mail-server domain, and my mail server is https.
Thanks, Fred.
The new Modoboa version now installs certbot from the default software repository, instead of downloading the certbot-auto script.
Then run
I can`t find “cd /etc/nginx/sites-enabled” in CentOS!
Hey Xiao
Thanks for all your work here. I’ve played through a few of your tutorials now and they’ve worked great.
With this one, however, I have a little trouble. The installation and configuration worked great, but when I login with a user of the second domain on the web interface, this can write and receive emails, but certain settings such as CardDAV activation can not be saved. Also no calendars can be created.
Could you help me further?
Thanks already, Uwe
Thanks Xiao. Thanks a lot. I would like to ask you how to make my subdomain not mail.domain.com but mx2.domain.com
I get error 400 (Bad Request) in https://mail.domain2.com/
Thanks for the great tutorial.
It is very useful.
Can you please share some info, if it is possible to have custom webmail instances (nginx confs) for the virtual domains as well? and if so, how to do it?