Correct DKIM, Reverse DNS configuration to send from 2 different domains?

John Moore asked:

I have set up Postfix on an Ubuntu 18.04, with a view to sending emails from two different domains, which I will refer to here as abc.com and xyz.com. I’m trying to configure everything so that emails are not rejected. I have created the SPF record OK in the control panels for both domains, so that is not a problem.

What I’m having difficulty with is a seeming conflict between DKIM and Reverse DNS. If I set up Reverse DNS for my server to be ‘mail.abc.com’, I can send out mail from ‘xyz.com’, correctly signed with the right DKIM key, and when I check with a verification address like ‘[email protected]’, it passes the DKIM validation fine but fails an ‘iprev’ check because the Reverse DNS is wrong (it resolves to mail.abc.com). But when I set the from address of my ‘xyz.com’ mail to ‘abc.com’, it passes the iprev check OK, but doesn’t get a DKIM signature (and potentially has a misleading From address in the email).

So is it possible to set things up on this single server so that I can send out emails from 2 different domains and have iprev and DKIM checks work OK? If so, how do I configure this?

My answer:


Of course you can do this. The things that must match are: the name Postfix announces itself as to other mail servers, and the forward and reverse DNS records for that name. The domains used in messages are completely irrelevant to this check.

If you configure Postfix to say it is mail.example.com then the hostname mail.example.com must resolve to the same IP address as the server, and the reverse DNS (PTR record) for that IP address must also resolve to mail.example.com.

You need to configure:

  • In Postfix main.cf set myhostname= to the fully qualified domain name of the mail server. Do not use a naked domain name as this can break mail delivery in some circumstances.
  • In DNS, set the AAAA and A records of that fully qualified domain name to the IPv6 and IPv4 addresses of the server.
  • In DNS, set the PTR records of the server’s IPv6 and IPv4 addresses to that fully qualified domain name.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.