Multi-Domain Setup Question
Question asked by Jens Straten - 12/4/2015 at 12:35 PM
Unanswered
We are running three domains on three different IP addresses going into the SmarterMail server.  In a next step, we have created IP specific bindings for each domain (TLS, SSL, etc.)
Now, we are having one question:  What is the relevance of the host name in the General Settings?  Shouldn't there be one host name for each domain?

5 Replies

Reply to Thread
0
Bruce Barnes Replied
The FQDN (fully qualified domain name) of your PRIMARY SMARTERMAIL SERVER will be listed in GENERAL SETTINGS ====> HOSTNAME
 
FQDN for HOSTNAME SETTING in GENERAL SETTINGS
FQDN for HOSTNAME SETTING in GENERAL SETTINGS
 
It will also be tied to a HOSTNAME settings which is mapped to the IP ADDRESS used for that domain, and, in most cases, unless you have assigned unique, static, public IP addresses to each domain, in which case you will also have to map the ports, individually, to each IP address/DOMAIN, be mapped to the same FQDN for the SmarterMail server, in the following record:
HOSTNAME to IP ADDRESS Mapping for FQDN of SmarterMail Server
HOSTNAME to IP ADDRESS Mapping for FQDN of SmarterMail Server
 
Next, under SETTINGS ====> PROTOCOL SETTINGS ====> SMTP IN, configure the following for SMTP BANNER:
 
SMTP BANNER TEXT in SETTINGS => PROTOCOL SETTINGS => SMTP IN => SMTP BANNER
SMTP BANNER TEXT in SETTINGS => PROTOCOL SETTINGS => SMTP IN => SMTP BANNER
 
Here is the complete text and variable we use:
  • #HostName#  #TimeUTC# UTC | SmarterMail Enterprise 14.4.5802.27097 - SB
Explanation:
  • #HOSTNAME# sends the HOSTNAME with all connections
  • #TimeUTC# enters the UTC (ZULU) time in all logs - makes troubleshooting much easier when everything is standardized to UTC time
  • "| SmarterMail Enterprise and VERSION NUMBER" is for our reference only as we frequently run test versions and special builds, and helps with any troubleshooting as it is inserted in all logs 
Here is how our ports are setup:
 
PORT setup in SmarterMail Enterprise 14.4.5802.27097 - SB
PORT setup in SmarterMail Enterprise 14.4.5802.27097 - SB
 
 
 
Here is what our PORT MAPPINGs look like:
 
 
Remember, too, that you must map the IP ADDRESS of all of your domains which share the common IP address in the DOMAIN EDIT screen.

Our SmarterMail server's FQDN is "securemail.chicagonettech.com," and it uses 173.165.112.155 as the mapped, static, public, IP address, therefore, all of our domains are mapped to the IPV4 IP address of 173.165.112.155 and IPV6 is completely disabled:
 
Outbound IPV4 IP address mapped to same IP address as FQDN of SmarterMail server - "securemail.chicagonettech.com" on 173.165.112.155
Outbound IPV4 IP address mapped to same IP address as FQDN of SmarterMail server - "securemail.chicagonettech.com" on 173.165.112.155
and this is also bound to the same IP address in SETTINGS ====> PROTOCOL SETTINGS ====> SMTP OUT
 
IP ADDRESS which is mapped to FQDN of SmarterMail host, "securemail.chicagonettech.com" is mapped to IPV4 IP address of 173.165.112.155 in SETTINGS ===> PROTOCOL SETTINGS ====> SMTP OUT
IP ADDRESS which is mapped to FQDN of SmarterMail host, "securemail.chicagonettech.com"
is mapped to IPV4 IP address of 173.165.112.155 in
SETTINGS ===> PROTOCOL SETTINGS ====> SMTP OUT
Remember that you will also need to setup your rDNS to reflect the FQDN of your SmarterMail server's IP address.

You will also need to configure your SPF record, DKIM, and DMARC records accordingly - FOR EACH HOSTED DOMAIN - INDIVIDUALLY.

Additional information on these settings can be found in the following two documents, available at
https://portal.chicagonettech.com:
.Finally, you can test your settings by creating an account at https://unlocktheinbox.com and, once created, sending an e-mail, from the e-mail address associated with your unlocktheinbox.com account, to mailtest@unlocktheinbox.com.
 
The results of the test will be returned within about 15 minutes and will assist you with the resolution of any issues and/or problems.

If, after following these instructions, you still have problems, feel free to either open a ticket with SmarterTools or contact someone from these forums directly.
 
  - Bruce
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Jens Straten Replied
Hi Bruce,
I appreciate your detailed feedback. This is very helpful!

That said, our mail server is bound to three public IP addresses (one for each domain). This gives me the following DNS information:

mail.domain1.com = IP1 = Mail Domain 1
mail.domain2.com = IP2 = Mail Domain 2
mail.domain3.com = IP3 = Mail Domain 3
server.primary_domain.com = IP3 = Smarter Mail Server
(Windows seems to use the highest IP for the server by default)

So, in SmarterMail I put mail.domain1.com into the hostname under General Settings. I am also binding three IP addresses to three IPs under Bindings -> Hostnames. Furthermore, we use one SSL certificate for each domain resulting in about 5 ports per IP (or domain). Then we have TLS and SSL ports for IMAP and SMTP (no unsecured connection). Submission is allowed for TLS. POP3 is disabled. XMPP and LDAP are left unchanged.

I can see that email hosting providers want to reduce the use of IP addresses, but we don't see a need for that. Would there be any advantage to switch to a single IP setup?

I am also having trouble with auto discovery because I can only set this up for one domain. Shouldn't that be moved to domain level?

I also sent an email to mailtest@unlocktheinbox.com and everything looks OK (few minor issues).

Cheers,
Jens
0
Jens Straten Replied
So, do I use the best option for my scenario?  I mean, I can't be the only person using more than one domain with multiple IPs, can I?  I would just like to confirm that I am on the right track.
 
I would also like to hear more about people using multiple domains on one IP.  I understand Bruce's example above, but I am not sure on the following questions:
 
1. Wouldn't any authorized sender be allowed to send emails for all domains?
2. What about the certificates for SSL and TLS for each domain?
 
Thanks!
2
Bruce Barnes Replied
SSL and TLS will require that multiple port mapping is done, per IP ADDRESS and HOSTNAME, to a UNIQUE SSL CERT for each domain.

Unless you have a solid grasp on SSL certs, the SmarterMail port and host mapping, and do a good job of advance planning, using a network mapping software, or drawing out your specific network/port/certificate /IP address sutuation, prior to starting, this can become a very confusing situation.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Stephen Smith Replied
Bruce,  this was incredibly helpful.  Thank you.

Reply to Thread