Postfix SSL issue with multiple domains

I am hosting 2 domains on my Linode. mydomain.club does NOT have a SSL certificate, myotherdomain.com has a certificate installed.

I followed this guide https://www.linode.com/docs/email/postf … n-centos-7">https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mariadb-on-centos-7 and successfully send emails using mutt.

Every example.com is replaced with myotherdomain.com and hostname of my machine is mydomain.club (If I change it, /etc/resolv.conf gets reset and I start sending mails as hostname.mydomain.club, so I left that as it is.). However, this emails I sent are not encrypted and email clients, such as google, are complaining about it. Error mydomain.club did not encrypt this message.

/etc/postfix/main.cf file contains:

smtpdusetls = yes

smtpdtlscertfile = /etc/pki/tls/certs/myotherdomaincom.crt

smtpdtlskey_file = /etc/pki/tls/certs/server.key

I got PositiveSSL certificate myotherdomain_com.crt from namecheap, when I registered a myotherdomain.com, server.key was generated when I issued

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

The certificate is working when I use https on myotherdomain.com.

When I send an email with mutt -f . command, while being in /home/vmail/myotherdomain.com/sales/Maildir the email is send from root@mydomain.club and gmail complains that it isn't encrypted. If I use EMAIL="sales@myotherdomain.com" mutt, gmail still complains that email isn't encrypted although in gmail, it appears that it came from sales@myotherdomain.com, which is what I want.

I have a feeling that MTA uses mydomain.club with the certificate, while it should use it with myotherdomain.com.

How can I resolve this issue?

1 Reply

This is what I do (which may not be what you want)

All my domains contain a MX record for their mail that points to server.example.org (replace example.org with one of your domains)

Run postfix on server.example.org

Use a certificate for server.example.org (I just re-used my webserver cert for server, but you should be able to use a letsencrypt cert for server)

All mail from all domains then originate from server.example.org and the RDNS and certificates match and everyone is happy.

This work fine if you are not trying to hide that all you domains are related to the one server. I'm just a person, not a hoster, so it works for me and is simple to setup.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct