- Edited
I need advice configuring my mailcow instance with another mail domain, which is not the mailserver domain.
I currently have a setup that is working fine, sending and receiving mails on all domains with no problems so far. The problem comes when trying to add a mailbox in Mozilla Thunderbird. The settings for mailserver only get correctly automatically configured for the mailservers domain (example.org). For other mail domains (like second.org), wrong server settings are getting configured automatically (Thunderbird thinks second.org is the mailserver). However, if I manually type in the correct server settings and hit apply, I get a warning, because the TLS certificate issued for srv.example.org does not match second.org, although I typed srv.example.org as servername. I read that you need to have one single TLS certificate with the other domains as SAN to solve this.
My question: how to configure the system properly without the need of having a said TLS certificate with all other registered domains as SANs? I don’t want to “expose” all my registered domains in that certificate. How are the big mail hosting providers doing this: if you buy a domain with mail hosting included, the mailhoster also does not have a single TLS certificate for his or her mailserver including every single domain on it.
I am hosting a mailcow instance on a server with FQDN srv.example.org. My DNS setup is the following (IPs and domains are exemplary):
For domain example.org
example.org A 1.2.3.4
example.org AAAA 2a00::1234
example.org MX 10 srv.example.org
example.org TXT v=spf1 mx a -all
_dmarc.example.org TXT v=DMARC1;p=reject;rua=mailto:reports@example.org
dkim.example.org TXT v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkq[...]
autoconfig.example.org CNAME srv.example.org
autodiscover srv.example.org CNAME srv.example.org
srv.example.org A 1.2.3.4 [1.2.3.4 PTR srv.example.org]
srv.example.org AAAA 2a00::1234 [2a00::1234 PTR srv.example.org]
For second mail domain second.org
second.org A 1.2.3.4
second.org AAAA 2a00::1234
second.org MX 10 srv.example.org
second.org TXT v=spf1 mx a -all
_dmarc.second.org TXT v=DMARC1;p=reject;rua=mailto:reports@second.org
dkim.second.org TXT v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkq[...]
autoconfig.second.org CNAME srv.example.org
autodiscover srv.second.org CNAME srv.example.org
_autodiscover._tcp SRV 0 1 443 srv.example.org
I am thankful in advance for any ideas or approaches to solve this!