I have my MIAB set up and running really well on box.example.com and have multiple other domains added to the MIAB server. I have the A records for the main domains pointing to external servers with no problems. DNSSEC is set up and running perfectly. All in all a really good set up.
So why would I want to change anything?
I have a special requirement for an external mail filtering service for some of my domains. It’s not that I want to…especially since my setup is working so well. The filtering service requires:
To stop direct delivery of emails to your mail server, we recommend that you alter and configure your Firewall or mail servers to accept SMTP connections on port 25 us with the range listed
(IP’s listed are not actually one’s used just examples and the Mailscrub domain is ficticious)
Subnet IP - 21.100.65.0
Subnet Mask -255.255.255.0
Net Mask -24
IP Range -21.100.65.0 - 21.100.65.255
Subnet IP - 52.100.65.0
Subnet Mask -255.255.255.255
Net Mask -32
IP Range -52.100.65.0
Then change the DNS MX records for the domains you added to our system to
Priority 10: mx71.mailscrub.dev
Priority 20: mx72.mailscrub.dev
Priority 30: mx73.mailscrub.dev
If you intend to send outbound through our service you must construct an SPF/TXT record
SPF/TXT record format
If you currently have a TXT record in place, you should alter it, by adding an additional statement is: ‘include:’ statement. Mailscrub include ‘include:spf.mailscrub.dev’
Is all this possible without breaking MIAB? or am I just wishful thinking and should look at other alternatives. I have experimented with multiple other server setups (10+) for an alternative mail system but none work as good as MIAB regards ease of setup, security, DKIM, SPF, DNSSEC, Backups etc.
MIAB is an amazing piece of kit. Any assistance appreciated on this one.