If enable_dns has not been selected and DNS is managed manually, the DNS records described in the following sections must be enabled.
x.x.x.xxx::xx{{ mail }}The following subdomains are used and should point to x.x.x.x and xx::xx:
{{ mail }}
autoconfig
autodiscover
dav
imap
mta-sts
openpgpkey
pop3
rspamd
smtp
webmail
wkd
| Subdomain | Mail provider |
|---|---|
@ |
{{ mail }}.domain.xyz. |
If domain.zyx is an extra domain added on the server for primary_domain.abc, then the above MX record should point to {{ mail }}.primary_domain.abc.
| SRV record | Priority | Weight | Port | Domain |
|---|---|---|---|---|
_autodiscover._tcp |
0 |
0 |
443 |
autodiscover.domain.xyz. |
_submissions._tcp |
0 |
1 |
465 |
smtp.domain.xyz. |
_submission._tcp |
0 |
1 |
587 |
smtp.domain.xyz. |
_imaps._tcp |
0 |
1 |
993 |
imap.domain.xyz. |
_pop3s._tcp |
0 |
1 |
995 |
pop3.domain.xyz. |
_carddav._tcp |
5 |
1 |
80 |
dav.domain.xyz. |
_carddavs._tcp |
0 |
1 |
443 |
dav.domain.xyz. |
_caldav._tcp |
5 |
1 |
80 |
dav.domain.xyz. |
_caldavs._tcp |
0 |
1 |
443 |
dav.domain.xyz. |
_ischedules._tcp |
0 |
1 |
443 |
dav.domain.xyz. |
_imap._tcp |
0 |
0 |
0 |
. (OPTIONAL, depending on DNS provider compatibility) |
_pop3._tcp |
0 |
0 |
0 |
. (OPTIONAL, depending on DNS provider compatibility) |
| ID | TEXT |
|---|---|
@ |
"v=spf1 mx:pdomain.abc -all" |
_dmarc |
"v=DMARC1;p=reject;pct=100;rua=mailto:dmarcreports@domain.xyz" |
_smtp._tls |
"v=TLSRPTv1;rua=mailto:tlsreports@domain.xyz;" |
_mta-sts |
"v=STSv1;id={MTA-STS-ID};" |
excisionRSA._domainkey |
"v=DKIM1;k=rsa;p={EXCISIONKEY}" |
davRSA._domainkey |
"k=rsa;t=s;p={DAVKEY}" |
The {MTA-STS-ID} is an ID which should only increase over time. It represents the last time the MTA-STS information for a domain was changed. Realistically, this can be set to the date and time of creating (or modifying) this record, e.g. 20220114T165521.
{EXCISIONKEY} and {DAVKEY} are the keys stored in /etc/excision/dkim/excisionRSA.domain.xyz.pub and /etc/excision/dkim/davRSA.domain.xyz.pub, respectively. The text records are created and stored in /etc/excision/dkim/excisionRSA.domain.xyz.txt and /etc/excision/dkim/davRSA.domain.xyz.txt.
Depending on the DNS provider the key generated by Excision is going to be too
large to fit in one record. The DNS providers documentation should show how
to fit a large key into a TXT record. The work around this is to store more than one string
in a DNS record (yes, this is possible to do, but the implementation depends on the hosting providers UI).
Excision Mail breaks down the record into correct sizes and stores it in the text files above in the format:
( "v=DKIM1;k=rsa;p=oQWCm252..." "....NnsPq;" )