From a2643cd07df86454bccae09850e261a39e466850 Mon Sep 17 00:00:00 2001 From: Administrator Date: Sun, 15 Feb 2026 02:33:46 +0000 Subject: [PATCH] docs: update mxroute-mailcow --- mxroute-mailcow.md | 208 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 168 insertions(+), 40 deletions(-) diff --git a/mxroute-mailcow.md b/mxroute-mailcow.md index 311a468..e709004 100644 --- a/mxroute-mailcow.md +++ b/mxroute-mailcow.md @@ -2,7 +2,7 @@ title: Recieving Mail thru MXRoute description: Trusted receiver published: true -date: 2026-02-15T01:44:15.683Z +date: 2026-02-15T02:33:37.376Z tags: editor: markdown dateCreated: 2026-02-15T01:44:15.683Z @@ -18,10 +18,30 @@ Configuration guide for using MXroute to receive incoming mail for your domains ## Architecture ``` -Internet → MXroute (receives) → Mailcow (delivers) +Incoming: Internet → MXroute → Mailcow subdomain → Alias → Mailbox +Outgoing: Mailbox → Mailcow → MXroute relay → Internet ``` -This setup allows MXroute to handle incoming mail filtering, spam protection, and then forward clean mail to your Mailcow server. +This setup allows MXroute to handle incoming mail filtering, spam protection, and then forward clean mail to your Mailcow server. Users send and receive using clean `@yourdomain.com` addresses. + +### Address Structure Explained + +**What users see (clean addresses):** +- `john@yourdomain.com` +- `jane@yourdomain.com` + +**What happens behind the scenes:** +- Mailboxes actually exist as `john@mail.yourdomain.com` +- Aliases in Mailcow map `john@yourdomain.com` → `john@mail.yourdomain.com` +- MXroute forwards to `john@mail.yourdomain.com` +- Users send FROM `john@yourdomain.com` (configured as default sender) +- **Users login with `john@yourdomain.com`** (Dovecot auth configured to accept aliases) + +**Benefits:** +- **100% transparent to users** - they only ever see/use `@yourdomain.com` +- Clean, professional email addresses +- Easier for users to remember and communicate +- No confusion about which address to use --- @@ -33,19 +53,17 @@ This setup allows MXroute to handle incoming mail filtering, spam protection, an 2. Navigate to **Email Accounts** → **Email Domains** 3. Add your domain (e.g., `yourdomain.com`) -### 2. Create Forwarder Accounts - -For each mailbox you want to receive mail: +### 2. Create Catch-All Forwarder 1. Navigate to **Email Accounts** → **Forwarders** -2. Create forwarder: - - **Email Address:** user@yourdomain.com - - **Forward To:** user@mail.yourdomain.com (your Mailcow server) -3. Enable **Discard if no forwarders exist** (optional, prevents bounces) +2. Create catch-all forwarder: + - **Email Address:** `*@yourdomain.com` + - **Forward To:** `@mail.yourdomain.com` +3. This forwards all mail to your Mailcow server, preserving the username -**Alternative: Catch-all Forwarder** -- Create a catch-all forwarder: `*@yourdomain.com` → `@mail.yourdomain.com` -- This forwards all mail to Mailcow regardless of recipient +**How it works:** +- Mail to `john@yourdomain.com` → forwarded to `john@mail.yourdomain.com` +- Mail to `jane@yourdomain.com` → forwarded to `jane@mail.yourdomain.com` --- @@ -99,38 +117,112 @@ _dmarc.yourdomain.com → v=DMARC1; p=quarantine; rua=mailto:admin@yourdomain.co ## Mailcow Configuration -### 1. Allow MXroute IP Addresses +### 1. Add Domain -Add MXroute server IPs to Mailcow's trusted networks: +Add `mail.yourdomain.com` as a domain in Mailcow: + +1. Navigate to Mailcow admin → **Configuration** → **Mail setup** → **Domains** +2. Add domain: `mail.yourdomain.com` +3. Configure as needed + +### 2. Create Mailboxes + +Create mailboxes using the subdomain: + +1. Navigate to **Mailboxes** +2. Create mailbox: `john@mail.yourdomain.com` +3. Set password and quota +4. Repeat for each user + +### 3. Create Aliases for Clean Addresses + +For each mailbox, create an alias so users can use clean `@yourdomain.com` addresses: + +1. Navigate to **Configuration** → **Mail setup** → **Aliases** +2. Create alias: + - **Alias:** `john@yourdomain.com` + - **Destination:** `john@mail.yourdomain.com` +3. Repeat for each user + +**Alternative: Alias Domain (Easier for Multiple Users)** + +1. Navigate to **Configuration** → **Mail setup** → **Alias Domains** +2. Add alias domain: `yourdomain.com` → aliases to → `mail.yourdomain.com` +3. This automatically creates aliases for ALL mailboxes: + - `john@yourdomain.com` → `john@mail.yourdomain.com` + - `jane@yourdomain.com` → `jane@mail.yourdomain.com` + +### 4. Configure Default Sender Address + +Set users to send FROM their clean address by default: + +**Method 1: Per-Mailbox Settings** +1. Edit each mailbox in Mailcow +2. Under **Sender addresses**, add `john@yourdomain.com` +3. Set as default sender address + +**Method 2: SOGo Webmail** +Users can configure in SOGo: +1. Log into webmail +2. Settings → Mail → Accounts +3. Set "From" address to `john@yourdomain.com` + +**Method 3: Email Client** +Configure email client (Thunderbird, Outlook, etc.): +- Identity name: `john@yourdomain.com` +- Reply-to: `john@yourdomain.com` +- SMTP still authenticates as `john@mail.yourdomain.com` + +### 5. Enable Login with Alias Addresses (Make Transparent to Users) + +Allow users to login with `john@yourdomain.com` instead of `john@mail.yourdomain.com`: 1. SSH into your Mailcow server -2. Edit `mailcow.conf`: +2. Edit the Dovecot configuration: ```bash - nano /opt/mailcow-dockerized/mailcow.conf + cd /opt/mailcow-dockerized + nano data/conf/dovecot/extra.cf ``` -3. Add MXroute IPs to `SKIP_CLAMD` or trusted networks -4. Restart Mailcow: - ```bash - docker-compose down - docker-compose up -d +3. Add the following line: + ``` + auth_username_format = %Ln@%Ld ``` -### 2. Configure Mailboxes +4. Restart Dovecot: + ```bash + docker-compose restart dovecot-mailcow + ``` -Create mailboxes in Mailcow for each user: +**Alternative method - Edit via Mailcow UI:** +1. Navigate to **System** → **Configuration** → **Configuration & Details** +2. Under **Dovecot**, add custom config +3. Add: `auth_username_format = %Ln@%Ld` -1. Navigate to Mailcow admin → **Mailboxes** -2. Create mailbox: `user@yourdomain.com` -3. Set password and quota +**Result:** Users can now login with EITHER address: +- `john@yourdomain.com` ✓ +- `john@mail.yourdomain.com` ✓ -### 3. Disable Greylisting (Optional) +Both will work for IMAP, SMTP, and webmail authentication. + +### 6. Allow MXroute IP Addresses + +Add MXroute server IPs to Mailcow's trusted networks to skip spam filtering: + +1. Navigate to **Configuration** → **Configuration & Details** → **Options** +2. Under **mynetworks**, add MXroute IPs +3. Or edit via command line in `data/conf/postfix/extra.cf`: + ``` + mynetworks = 127.0.0.0/8 [::1]/128 192.168.0.0/16 [MXroute IPs] + ``` + +### 7. Disable Greylisting for MXroute (Optional) If you experience delays: 1. Navigate to **Configuration** → **Configuration & Details** 2. Find your domain -3. Disable greylisting for MXroute IPs +3. Under **Greylisting**, add MXroute IPs to whitelist --- @@ -141,18 +233,30 @@ If you experience delays: Send test email from external provider (Gmail, Outlook): ``` From: test@gmail.com -To: user@yourdomain.com +To: john@yourdomain.com ``` **Expected Flow:** -1. Mail arrives at MXroute -2. MXroute forwards to Mailcow -3. Mail appears in Mailcow inbox +1. Mail arrives at MXroute for `john@yourdomain.com` +2. MXroute forwards to `john@mail.yourdomain.com` +3. Mailcow receives at `john@mail.yourdomain.com` +4. Mailcow alias delivers to `john@mail.yourdomain.com` mailbox +5. Mail appears in John's inbox -### 2. Check Headers +### 2. Test Reply + +Have John reply to a message: + +**Expected behavior:** +- Reply FROM: `john@yourdomain.com` (clean address) +- Reply goes through Mailcow → MXroute relay → Internet + +### 3. Check Headers Review email headers in Mailcow to verify: - `Received:` headers show MXroute server +- `To:` shows `john@yourdomain.com` +- `Delivered-To:` shows `john@mail.yourdomain.com` - SPF, DKIM, DMARC all pass - No spam flags @@ -173,12 +277,27 @@ Look for incoming connections from MXroute IPs. ## Example Configuration: gnarlypandaproductions.com -### MXroute Forwarders -| MXroute Address | Forwards To | -|-----------------|-------------| -| admin@gnarlypandaproductions.com | admin@mail.gnarlypandaproductions.com | -| contact@gnarlypandaproductions.com | contact@mail.gnarlypandaproductions.com | -| *@gnarlypandaproductions.com | @mail.gnarlypandaproductions.com | +### Mailcow Setup +**Domain:** `mail.gnarlypandaproductions.com` + +**Mailboxes:** +- `admin@mail.gnarlypandaproductions.com` +- `contact@mail.gnarlypandaproductions.com` +- `info@mail.gnarlypandaproductions.com` + +**Alias Domain:** +`gnarlypandaproductions.com` → aliases to → `mail.gnarlypandaproductions.com` + +This automatically creates: +- `admin@gnarlypandaproductions.com` → `admin@mail.gnarlypandaproductions.com` +- `contact@gnarlypandaproductions.com` → `contact@mail.gnarlypandaproductions.com` +- `info@gnarlypandaproductions.com` → `info@mail.gnarlypandaproductions.com` + +### MXroute Setup +**Catch-all Forwarder:** +``` +*@gnarlypandaproductions.com → @mail.gnarlypandaproductions.com +``` ### DNS Records | Record Type | Name | Value | @@ -190,6 +309,15 @@ Look for incoming connections from MXroute IPs. | TXT | _dmarc | v=DMARC1; p=reject; rua=mailto:admin@gnarlypandaproductions.com | | TXT | default._domainkey | [MXroute DKIM key] | +### User Experience +**Users use clean addresses for EVERYTHING (completely transparent):** +- Send FROM: `admin@gnarlypandaproductions.com` +- Receive AT: `admin@gnarlypandaproductions.com` +- Login with: `admin@gnarlypandaproductions.com` (and password) +- SMTP/IMAP Server: `mail.gnarlypandaproductions.com` + +**Users never need to know about the `mail.` subdomain!** + --- ## Troubleshooting