Hi all,
Now I am in the secondary domain (VHOST) titi.org on the same server as toto.org.
I created a mail server for titi.org and the appropriate DNS and aliases.
I created a user-1@toto.org and an alias for him that points to user-1@titi.org.
At Webmail: https://www.titi.org/webmail, user-1 can connect without any problem.
In Webmail, I created a new user-1@titi.org identity and set it as the default identity.
I created an email with user-1@titi.org and the FROM: identity was correctly user-1@titi.org.
I sent the message to michelandre@toto.org and everything went well.
DKIM does indicate that it is from srv1.titi.org. Everything indicates that only titi.org exists and there is no mention of toto.org at all in the email received.
PROBLEM:
● In Thunderbird, I cannot create an account user-1@titi.org (cannot connect); I have to use user-1@toto.org.
● I cannot adjust the incoming/outgoing server to titi.org, only to toto.org.
I have looked at Markos DNS records and see that I don’t have CAA and TLSA records.
I googled around and the CAA record is linked to the certificate Authority.
Let’s Encrypt issued my 2 certificates (one for toto.org and another one for titi.org).
● The certificate for titi.org is a SAN in the sense that it is used for mail, srv1, www, etc.
● Configuring the CAA record, I have to use a flag [issue || issuewild || iodef]
.
https://support.dnsimple.com/articles/caa-record.
† issue: explicitly authorizes a single certificate authority to issue a certificate (any type) for the hostname.
† issuewild: explicitly authorizes a single certificate authority to issue a wildcard certificate (and only wildcard) for the hostname.
† iodef: specifies a URL to which a certificate authority may report policy violations.
QUESTION:
● Is the flag issue
the proper one to use ?
● Is that the solution to have Thunderbird working with user1@titi.org or there is another way to solve that ?
If I remember well, the SAN is for a multi-domains (meaning mail, srv1, www, etc, and possibly also including titi.org, titi.com, titi.net) and WILDCARD is for *.domain (here the [ * ] meaning mail, srv1, www, etc, but all from the same domain).
I am confused, but on a higher level than before…
The TLSA record will be for later if possible…
All comments and suggestions are highly appreciated,
Michel-André