I cant understand what I need for hostname / hosts for email server

April 22, 2014 1.5k views
For an iredmail server. What should I name my droplet mydomain.us or mail.mydomain.us? What should then be the entry in ect/hosts? It says all kinds of different things all over the internet /etc/hosts. I think all the questions I have posted actually are due to the fact I can't figure this out.
3 Answers
You can give your droplet either name, and you shouldn't need to edit /etc/hosts. You just need to create a DNS A record for any subdomain to which you might want to point an MX record. (Yes, a CNAME will work, but technically, according to the RFC, it's supposed to resolve to an IP address.)
I'll give you a concrete example.
Just for purposes of managing my various servers (I run one for mail and one for nginx), I registered the domain subcritical.us. The first droplet I created, I called hydrogen.subcritical.us. That is the FQDN that gets used for dovecot and postfix. If I wanted to stop there, I could. I could point any MX records to hydrogen.subcritical.us and that would be fine. My mail users could use hydrogen.subcritical.us as their incoming and outgoing server addresses. (I actually could have stopped one step earlier with subcritical.us, but didn't because I was going to be managing multiple hosts under that single domain.)
I am hosting mail for three different domains on hydrogen.subcritical.us. They are all coming from a previous shared hosting environment where their incoming and outgoing servers were addressed as "mail." subdomains of their primary domain. One of those domains is fransson.us, so our mail servers were mail.fransson.us. Likewise for the other two domains. I pointed the fransson.us MX record to mail.fransson.us, and the mail.fransson.us A record to the IP address for hydrogen.subcritical.us, and similarly for the other two domains. The user names and passwords were all the same as the server they were being moved from, so when the changeover happened, the only thing anyone noticed was the SSL certificate name mismatch because I was using a self-signed certificate.
All of that was done entirely with DNS - no alteration of /etc/hosts.
Although using a mail. subdomain for each domain was convenient to the users because it didn't require them to change anything when the service moved, it does complicate things on my end somewhat when it comes to SSL. I can get a signed SSL certificate for my mail server, but to the best of my knowledge, it can use only one name. Dovecot will allow for different server names, but it looks to me like they must resolve to different IP addresses, and multiple IP addresses on a single instance is not something you can get with Digital Ocean. So either you can use a single domain for all users, secured by SSL, or you can use multiple mail. subdomains, also secured by SSL, but users will end up with name mismatch warnings.
How dose this look?

$TTL 1800
@ IN SOA ns1.digitalocean.com. hostmaster.stephenhenderson.us. (
1398242919 ; last update: 2014-04-23 08:48:39 UTC
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
IN NS ns1.digitalocean.com.
NS ns2.digitalocean.com.
NS ns3.digitalocean.com.
MX 0 mx.stephenhenderson.us.
@ TXT "v=spf1 ip4:IP_ADDRESS -all"
dkim_domainkey TXT "v=DKIM1; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBi..." #left out most
stevexxx.us. IN A 107.170.xxx.xxx
mx.stevexxx.us IN A 107.170.xxx.xxx


/etc/hosts mx.stevexxx.us stevexxx.us localhost localhost.localdomain

$hostname -f

xxx not actual values!
Have another answer? Share your knowledge.