Using MIAB for Mail ONLY

Hello MIAB community,

First, Thank you for providing this application!!!

I have completed in setting up my MIAB server and is working great for my primary domain (status is all green). I have other domains, which I do not want to point to MIAB for DNS, but for mail hosting only. I have updated my registrar to point the MX record for my other domain to MIAB and I am able to send and receive email for that domain without any issues. BUT, looking at the MIAB status, I have a few warnings (red and light green (DNSSEC DS)).

Warnings:
The nameservers set on this domain are incorrect: I believe this warning is because the domain name is not resolving using MIAB DNS.

This domain should resolve to your box’s IP address: which I believe is the same reason as the domain warning.

This domain’s DNSSEC DS record is not set: the registrar for my other domain has very basic DNS and no DNSSEC DS record can be set.

Is there an option in MIAB to disable DNS hosting for domains that I do not want to be hosted by MIAB? Seeing the warning makes me think that there is something wrong. I am presuming the DNSSEC DS is optional and not setting the DNSSEC DS, as I have no option to set this, will not cause any issues with in sending and receiving email from the domain that lacks this entry?

Any advice is appreciated!!!

Thank you!!!

Your assumptions are all correct. The warnings all can be ignored. There is no option within MiaB to suppress the warnings or the settings that the box does internally for DNS. As long as you do not change the glue records for the other domains, there will be no issues as DNS will happily continue on as it was before.

Do make sure that you set the other records for things like DKIM, DMARC and SPF on your other domain(s) in their DNS as they can and likely will affect delivery of mail if not set. You can find all the necessary details under External DNS in the System dropdown menu of the admin area.

Thank you for your reply alento.

The registrar that I am using does not provide those features that your mention (DKIM, DMARC and SPF). Really vanilla. I can just set the bare necessities A, CNAME, MX, and NS records. I am going to take the leap and use MIAB as my DNS. I was hesitating, for one, I am unfamiliar with NGINX and as I have read in the forum, restricting directories seems pain and Joshua Tauberer stated to not do any customization. I would like to not have anyone be able to access the admin login page without having proper credentials to view that page. Just one extra layer of protection, in my view. Second, what happens when 16.04 is EOL next year? YIKES!!! Well, I guess live and learn.

Thank you again alento!!!

Sorry to hear about your registrar … you could always transfer the registration to a different registrar if you really wanted to.

Though my organization does not use MiaB for our DNS, I would not hesitate to.

You mention an unfamiliarity with NginX, however as the project focus is relatively narrow and I presume that you do NOT plan to host your other website(s) here, but rather continue to host them where they are there is no real need to be overly familiar with it. And besides, as you noted customization ‘voids the warranty’.

There was discussion on the git site for the project concerning the /admin page being visible, but no real consensus was reached regarding it. A STRONG password can be more beneficial than ‘security through obscurity’ I agree that an argument could be made for having it behind something along the line of HTTP Authentication though - which is something that is easily set up. But again, that would ‘void the warranty’ and would have to be recreated each and every time that MiaB was upgraded or migrated to another server. But, I am venturing into ‘Unsupported Modification’ territory.

And lastly, some of the folks working on the development of this project have already begun with making the project compatible with Ubuntu 18.04 but major work on it will not begin until later in the summer after 18.04 has been out a while and the kinks are worked out. I would imagine that MiaB for Ubuntu 18.04 will be released long before the end of the year allowing a few months for people to upgrade their Ubuntu OS.

I am glad to hear that I am not alone on the concerns of the upgrade and securing the admin page. As you stated, a STRONG password can be more beneficial. MIAB has a strong recommendation in protecting SSH by creating a key rather than a password, yet the admin page is open for attacks (I did not see limiting incorrect logins). I read in the forum, that maybe a firewall rule would be better in protecting the admin page, but that is beyond my knowledge base.

Looking forward to the next version and upgrade to 18.04.

I really like MIAB, for letting a novice, such as myself, to manage my domains and emails.

Again alento, Thank you!!!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.