Cloudron email Server - multiple domains

LoudLemur

@Kubernetes said in Cloudron email Server - multiple domains:

Yes, this is a possible setup. What exactly are your concerns?

Hey, kubernetes! Thank you for looking at my post. (I hope I am not distracting you from packaging applications!)

One concern would be whether the example.com would start appearing in the email headers for mail sent by alice, bob and charlie.
Another concern would be how to allocate a, b and c an email passphrase.

Also, what would be the situation with the idea.com domain name provider? For example, if one wanted a "backup" paid email account with the provider (in this case porkbun) would it conflict with having a, b and c hosting their emails on the cloudron?

Actually, if you had a paid email box for that idea.com domain with porkbun, would you be able to use that to provide all the a, b, c email boxes you need? e.g.

• porkbun paid mailbox: everything@idea.com
• everything.alice@idea.com
• everything.bob@idea.com
• everything.charlie@idea.com

Kubernetes

I did a test and created a fresh mailbox on my cloudron for one of my existing domains to check the headers when sending an e-mail. Here is the header result:

Authentication-Results: RECEIVERMAILSERVERHOSTNAME (dis=neutral; info=dmarc domain policy);
	dmarc=pass (dis=neutral p=reject; aspf=r; adkim=r; pSrc=dns) header.from=IDEA.COM;
	dkim=pass header.d=IDEA.COM header.s=cloudron-2f6807 header.b=F+cRmQ1r
Received: from RECEIVERMAILSERVERHOSTNAME ([fd:ac:0:0:0:0:e:13])
        by RECEIVERMAILSERVERHOSTNAME
        with SMTP (SubEthaSMTP 3.1.7) id M4CRBUTJ
        for RECEIPIENT@SOMEWHERE.COM;
        Fri, 06 Dec 2024 14:04:18 +0100 (CET)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=IP_OF_CLOUDRON_SERVER; helo=MY.EXAMPLE.COM; envelope-from=SENDER@IDEA.COM; receiver=SOMEWHERE.COM 
Received: from MY.EXAMPLE.COM (MY.EXAMPLE.COM [XX.XX.XX.XX])
	by RECEIVERMAILSERVERHOSTNAME (Postfix) with ESMTPS id 35F3543CDFB8
	for <SOMEONE@SOMEWHERE.COM>; Fri,  6 Dec 2024 14:04:18 +0100 (CET)
Received: (Haraka outbound); Fri, 06 Dec 2024 13:04:17 +0000
Authentication-Results: MY.EXAMPLE.COM;
	auth=pass (plain)
From: "test user" <SENER@IDEA.COM>
To: "SOMEONE@SOMEWHERE.COM" <SOMEONE@SOMEWHERE.COM>
Subject: test email
Date: Fri, 06 Dec 2024 13:04:17 +0000
Message-Id: <em10edd919-xxxx-4789-xxxx-db21f7b92ff5@584dbbfc.com>
Reply-To: "test user" <SOMEONE@SOMEWHERE.COM>
User-Agent: mailClient/10.1.4828.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
	d=IDEA.COM; s=cloudron-12345;
	h=from:reply-to:subject:date:message-id:to:mime-version;
	bh=7Yyzn....*

So at least for the sending server hostname the my.example.com domain will leak.

humptydumpty

@Kubernetes Spot on. This has been my set up since I hopped on board with Cloudron. The mail server is shown in the headers when sending from other domains. @LoudLemur I have my @domain.com, @domain1.com, @domain2.com emails forwarded to my idea.com mailbox to centralize it all. Works well! The only drawback is that on iOS using the native mail app, you can't reply using the original receiver address (@domain.com). You would need to link each mailbox individually in iOS (no alias support) for that. Otherwise, just checking all your mail in one inbox is possible. You can add the aliases in roundcube/snappy on the web ui and use that if needed.

As for having multiple MX records/providers, I have limited experience with that. Off the top of my head, I think it's possible since Stripe did require me to add some records to have my domain show up instead of theirs when creating invoices directly from their platform. I'll need to check how I have it all set up again.

humptydumpty

@LoudLemur The Stripe records I have are TXT and CNAME records, not MX records.

crazybrad

What if you configured other domains to send mail via an SMTP service like Postmark? Probably the server IP address would leak, but perhaps not the domain.

humptydumpty

I use mailgun smtp. The mail server domain is visible in the email header. Also, I have two other cloudrons pointing to the main Cloudron mail server. This setup has been working flawlessly.

crazybrad

@humptydumpty Thanks for saving me some testing time.

robi

FYI: There is another local sending IP leak that happens with most mobile/desktop clients but not web clients, like snappy.

So keep that in mind if you don't care to have your current local IP be sent in plain text via the email headers.

humptydumpty

@robi another reason to use a VPN!

robi

@humptydumpty it may not help as the email client doesn't care what your VPN interface is, only the local native interface. Always validate, even then, safer to use the web interface of the sending SMTP server.

humptydumpty

@robi said in Cloudron email Server - multiple domains:

local native interface.

Just to make sure i understood you correctly, you’re referring to the ipv4 address that i get from my ISP, right?

If so, how can an app sneak behind my VPN client?

robi

@humptydumpty Yes.

It's not that it sneaks behind or doesn't use your VPN, it's that is has access to your actual IP when the headers are generated before it sends it over the VPN.

Last time I tried there was no way to configure the client to avoid that. Hard coded.

fbartels

Yes, every server that the mail passes through gets documented with a received header in the message.

https://www.thesslstore.com/blog/how-to-read-an-email-header/

The client can not influence this, but the mail server could remove this information. https://serverfault.com/questions/413533/remove-hide-client-sender-ip-from-postfix

LoudLemur

I really am amazed at you all. You are quite awesome in your ability to keep these complexities clear in your mind. I find it difficult to even phrase the issues let alone understand them.

Let me try this and hopefully somebody will be able to help me:

There is one server over there (not a Cloudron) doing its own thing, but without individual mailboxes for people, because of the costs. Lets call it cheapo.com

Purely (initially anyway) to help solve cheapo's lack of emails problem, we have this idea: setup a new server on a completely different VPS, a cloudron, on a sub-domain of cheapo.com, for example mail.cheapo.com

Would we be able to do that? Once it was up and running, then setup snappy and give everybody in cheapo.com email addresses? e.g.

alice@cheapo.com
bob@cheapo.com
charlie@cheapo.com

or would the email addresses need to have some "ugly" appearance, like:
alice@mail.cheapo.com
or something like that.

humptydumpty

No ugly. Set up the Cloudron. Use mail.cheapo.com as the mail server. Add the domain cheapo.com in CR dash under domains. Create mailboxes like Alice@cheapo.com and have folks access it through snappy.

If manual dns, don’t forget to set up records for spf, dkim, and dmarc.

LoudLemur

@humptydumpty said in Cloudron email Server - multiple domains:

No ugly. Set up the Cloudron. Use mail.cheapo.com as the mail server. Add the domain cheapo.com in CR dash under domains. Create mailboxes like Alice@cheapo.com and have folks access it through snappy.

If manual dns, don’t forget to set up records for spf, dkim, and dmarc.

Hey, thank you! Would it matter what domain was used for the registration of the cloudron in this case? For example, could I setup the cloudron with the name e.g. anythingwilldo.com (rather than as I had originally suggested using a subdomain of cheapo.com), register that with cloudron.io and then do the important part of configuring the mail server for anythingwilldo.com to be (in this case) mail.cheapo.com and in the cloudron dashboard add cheapo.com as domain?

humptydumpty

@LoudLemur You could do that. No problem. You can specify the mail server location to be any SUB and pick any of the domains you have set up in Cloudron. To make things even wackier, you could use multiple subdomains like sub.sub.domain.com as the mail server.