OK. I’ve just got MIAB running and sending and receiving emails on a couple of pretty much unused domains I have. But, as this is all new to me [though I have a fair bit of experience running webservers] I want to make sure that I’ve got everything locked down and correctly configured before I migrate my main domain mail accounts over from Google Workspaces.
So here’s the scenario:
I have several websites running on a Linode VPS, including one on my main domain. Let’s call it
maindomain.com. At the minute email for
maindomain.comis handled by Google Workspace.
On that VPS I also have a few less used domains [let’s call them
minordomain3.com. All those domains were using Yandex Mail for Domains [now rebranded Yandex 360] to handle their email.
I’ve set up MIAB on a separate fresh Linode VPS and I’m running my MIAB mailserver on that as the subdomain
Still with me? Good. Now, what I want to know is which of the configuration options listed on my MIAB servers ‘External DNS’ page are necessary for my setup?
For example, I get several config options given for things like A/AAAA records for
maindomin.com should point at MIAB IP… which obviously they shouldn’t, because I want those to remain pointing at the VPS which is serving the website for that domain. Only the A/AAAA records for
post.maindomain.com should be pointing at my MIAB VPS.
So, obviously some of the options given for external DNS config settings don’t apply to my particular setup. The trouble is, once I get beyond the ‘usual suspects’ like A/AAAA, MX, CNAME, TXT records etc. and into the more esoteric email specific ones, I’m a bit lost as to which ones are strictly necessary for my setup.
As I said at the top, I’m able to send emails back and forth from
minordomain3.com by setting their MX records to use
post.maindomain.com. So that much at least is working. But I’m wary of leaving something out in the more obscure config options that will either leave my server vulnerable, or will have my emails marked as spam and the server blacklisted.
So, any help would be appreciated with the following options. Given my setup, do I need to set any of the follwing or not on
post.maindomain.com [MIAB server] or
maindomain.com [webserver] or neither?
[At some stage, when I migrate from Google, I will be sending/receiving email from
@maindomain.com so I don’t want to set any config options that will effectively block that, when the time comes]
* autoconfig.maindomain.com TXT v=spf1 -all * autoconfig.maindomain.com MX 0 . * _dmarc.autoconfig.maindomain.com TXT v=DMARC1; p=reject * autodiscover.maindomain.com TXT v=spf1 -all * autodiscover.maindomain.com MX 0 . * _dmarc.autodiscover.maindomain.com TXT v=DMARC1; p=reject * mta-sts.maindomain.com TXT v=spf1 -all * mta-sts.maindomain.com MX 0 . * _dmarc.mta-sts.maindomain.com TXT v=DMARC1; p=reject * post.maindomain.com TXT v=spf1 mx -all * _dmarc.post.maindomain.com TXT v=DMARC1; p=quarantine * mail._domainkey.post.maindomain.com TXT v=DKIM1; h=sha256; k=rsa; s=email; p=<snip> * mta-sts.post.maindomain.com TXT v=spf1 -all * mta-sts.post.maindomain.com MX 0 . * _dmarc.mta-sts.post.maindomain.com TXT v=DMARC1; p=reject * www.maindomain.com TXT v=spf1 -all * www.maindomain.com MX 0 . * _dmarc.www.maindomain.com TXT v=DMARC1; p=reject
I’d also like to keep the config options as simple as possible [more chance of me remembering what they all mean!]. So anything that’s not strictly necessary, can go. Unless it’s important for security or not being blacklisted.
For example: I think I’ve read somewhere that the
autodiscover options are to allow email clients to automatically retrieve the correct IMAP/SMTP server settings. If that’s the case and that’s all they do, then I can live without them as I’ll only be setting up email accounts for myself and family members. So I can tell them what server settings to use. Like I say, the less options I can get away with having to configure, the better.