New Domain

From d00d3
Revision as of 21:47, 1 April 2012 by Andrenarchy (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The new domain is called DOMAIN.TLD in the following. Subdomains will be called SUB.DOMAIN.TLD.




If you are migrating DOMAIN.TLD it's a good idea to lower the TTL (time-to-live) of DOMAIN.TLD's DNS record in advance. A good value for the migration is 600 seconds. Wait with migration until the original TTL has expired, so all clients will fetch new data in 10 minute intervals.


This is how you can tell Postfix that it should accept mail for this domain:

  • In phpLDAPadmin, add or edit an organizationalUnit below ou=domains,dc=d00d3,dc=net.
  • Make sure you also add the objectClass domainRelatedObject.
  • Then add DOMAIN.TLD and/or SUB.DOMAIN.TLD to the attribute associatedDomain. Note: the associatedDomain attribute can hold multiple values!

Add users

This is the right time to add users! If you are migrating mailboxes, make sure that you switch the MX record shortly after copying the mailboxes. Otherwise mails still arrive at the old host (you can still manually copy mails then, however).

MX record

Add/change the MX record for DOMAIN.TLD:

IN MX 10

For subdomain SUB.DOMAIN.TLD use:


Attention: mind the dots!


Create a key for DOMAIN.TLD (change first line!):

mkdir /etc/mail/dkim/${DOM}
cd /etc/mail/dkim/${DOM}
dkim-genkey -b 1024 -d ${DOM} -s alpha
chown dkim-filter:dkim-filter alpha.private
chmod 600 alpha.private
echo "*@${DOM}:${DOM}:/etc/mail/dkim/${DOM}/alpha" >> /etc/dkim-keys.conf
echo "*@*.${DOM}:${DOM}:/etc/mail/dkim/${DOM}/alpha" >> /etc/dkim-keys.conf
/etc/init.d/dkim-filter restart

Add alpha key:

alpha._domainkey IN TXT "see alpha.txt"

Add ADSP record for domain DOMAIN.TLD:

_adsp._domainkey IN TXT "dkim=all"

Or for subdomain SUB.DOMAIN.TLD:

_adsp._domainkey.SUB IN TXT "dkim=all"


Add this for SPF:

 IN TXT "v=spf1"
* IN TXT "v=spf1"


Check that mail is working correctly (especially DKIM and SPF have to be checked, otherwise your users won't be able to send mail!).

Attention: Do not forget to raise the TTL for DOMAIN.TLD once everything works!


The following DNS records have to be added:

_jabber._tcp         IN SRV 0 0 5269
_xmpp-server._tcp    IN SRV 0 0 5269
_xmpp-client._tcp    IN SRV 0 0 5222
Personal tools