Manual DNS setup

If enable_dns has not been selected and DNS is managed manually, the DNS records described in the following sections must be enabled.


  • Domain name:
  • IPv4 address: x.x.x.x
  • IPv6 address: xx::xx
  • Mail subdomain: {{ mail }}

Subdomains used

The following subdomains are used and should point to x.x.x.x and xx::xx:

{{ mail }}

MX records

Subdomain Mail provider
@ {{ mail }}

If domain.zyx is an extra domain added on the server for, then the above MX record should point to {{ mail }}

SRV records

SRV record Priority Weight Port Domain
_autodiscover._tcp 0 0 443
_submissions._tcp 0 1 465
_submission._tcp 0 1 587
_imaps._tcp 0 1 993
_pop3s._tcp 0 1 995
_carddav._tcp 5 1 80
_carddavs._tcp 0 1 443
_caldav._tcp 5 1 80
_caldavs._tcp 0 1 443
_ischedules._tcp 0 1 443
_imap._tcp 0 0 0 . (OPTIONAL, depending on DNS provider compatibility)
_pop3._tcp 0 0 0 . (OPTIONAL, depending on DNS provider compatibility)

TXT records

@ "v=spf1 -all"
_dmarc "v=DMARC1;p=reject;pct=100;"
_smtp._tls "v=TLSRPTv1;;"
_mta-sts "v=STSv1;id={MTA-STS-ID};"
excisionRSA._domainkey "v=DKIM1;k=rsa;p={EXCISIONKEY}"
davRSA._domainkey "k=rsa;t=s;p={DAVKEY}"

The {MTA-STS-ID} is an ID which should only increase over time. It represents the last time the MTA-STS information for a domain was changed. Realistically, this can be set to the date and time of creating (or modifying) this record, e.g. 20220114T165521.

{EXCISIONKEY} and {DAVKEY} are the keys stored in /etc/excision/dkim/ and /etc/excision/dkim/, respectively. The text records are created and stored in /etc/excision/dkim/ and /etc/excision/dkim/

Depending on the DNS provider the key generated by Excision is going to be too large to fit in one record. The DNS providers documentation should show how to fit a large key into a TXT record. The work around this is to store more than one string in a DNS record (yes, this is possible to do, but the implementation depends on the hosting providers UI).
Excision Mail breaks down the record into correct sizes and stores it in the text files above in the format:
( "v=DKIM1;k=rsa;p=oQWCm252..." "....NnsPq;" )