docs: update mxroute-mailcow

mxroute-mailcow.md

@@ -2,7 +2,7 @@
 title: Recieving Mail thru MXRoute
 description: Trusted receiver
 published: true
-date: 2026-02-15T01:44:15.683Z
+date: 2026-02-15T02:33:37.376Z
 tags: 
 editor: markdown
 dateCreated: 2026-02-15T01:44:15.683Z
@@ -18,10 +18,30 @@ Configuration guide for using MXroute to receive incoming mail for your domains
 ## Architecture
 
 ```
-Internet → MXroute (receives) → Mailcow (delivers)
+Incoming: Internet → MXroute → Mailcow subdomain → Alias → Mailbox
+Outgoing: Mailbox → Mailcow → MXroute relay → Internet
 ```
 
-This setup allows MXroute to handle incoming mail filtering, spam protection, and then forward clean mail to your Mailcow server.
+This setup allows MXroute to handle incoming mail filtering, spam protection, and then forward clean mail to your Mailcow server. Users send and receive using clean `@yourdomain.com` addresses.
+
+### Address Structure Explained
+
+**What users see (clean addresses):**
+- `john@yourdomain.com`
+- `jane@yourdomain.com`
+
+**What happens behind the scenes:**
+- Mailboxes actually exist as `john@mail.yourdomain.com`
+- Aliases in Mailcow map `john@yourdomain.com` → `john@mail.yourdomain.com`
+- MXroute forwards to `john@mail.yourdomain.com`
+- Users send FROM `john@yourdomain.com` (configured as default sender)
+- **Users login with `john@yourdomain.com`** (Dovecot auth configured to accept aliases)
+
+**Benefits:**
+- **100% transparent to users** - they only ever see/use `@yourdomain.com`
+- Clean, professional email addresses
+- Easier for users to remember and communicate
+- No confusion about which address to use
 
 ---
 
@@ -33,19 +53,17 @@ This setup allows MXroute to handle incoming mail filtering, spam protection, an
 2. Navigate to **Email Accounts** → **Email Domains**
 3. Add your domain (e.g., `yourdomain.com`)
 
-### 2. Create Forwarder Accounts
+### 2. Create Catch-All Forwarder
-
-For each mailbox you want to receive mail:
 
 1. Navigate to **Email Accounts** → **Forwarders**
-2. Create forwarder:
+2. Create catch-all forwarder:
-   - **Email Address:** user@yourdomain.com
+   - **Email Address:** `*@yourdomain.com`
-   - **Forward To:** user@mail.yourdomain.com (your Mailcow server)
+   - **Forward To:** `@mail.yourdomain.com`
-3. Enable **Discard if no forwarders exist** (optional, prevents bounces)
+3. This forwards all mail to your Mailcow server, preserving the username
 
-**Alternative: Catch-all Forwarder**
+**How it works:**
-- Create a catch-all forwarder: `*@yourdomain.com` → `@mail.yourdomain.com`
+- Mail to `john@yourdomain.com` → forwarded to `john@mail.yourdomain.com`
-- This forwards all mail to Mailcow regardless of recipient
+- Mail to `jane@yourdomain.com` → forwarded to `jane@mail.yourdomain.com`
 
 ---
 
@@ -99,38 +117,112 @@ _dmarc.yourdomain.com → v=DMARC1; p=quarantine; rua=mailto:admin@yourdomain.co
 
 ## Mailcow Configuration
 
-### 1. Allow MXroute IP Addresses
+### 1. Add Domain
 
-Add MXroute server IPs to Mailcow's trusted networks:
+Add `mail.yourdomain.com` as a domain in Mailcow:
+
+1. Navigate to Mailcow admin → **Configuration** → **Mail setup** → **Domains**
+2. Add domain: `mail.yourdomain.com`
+3. Configure as needed
+
+### 2. Create Mailboxes
+
+Create mailboxes using the subdomain:
+
+1. Navigate to **Mailboxes**
+2. Create mailbox: `john@mail.yourdomain.com`
+3. Set password and quota
+4. Repeat for each user
+
+### 3. Create Aliases for Clean Addresses
+
+For each mailbox, create an alias so users can use clean `@yourdomain.com` addresses:
+
+1. Navigate to **Configuration** → **Mail setup** → **Aliases**
+2. Create alias:
+   - **Alias:** `john@yourdomain.com`
+   - **Destination:** `john@mail.yourdomain.com`
+3. Repeat for each user
+
+**Alternative: Alias Domain (Easier for Multiple Users)**
+
+1. Navigate to **Configuration** → **Mail setup** → **Alias Domains**
+2. Add alias domain: `yourdomain.com` → aliases to → `mail.yourdomain.com`
+3. This automatically creates aliases for ALL mailboxes:
+   - `john@yourdomain.com` → `john@mail.yourdomain.com`
+   - `jane@yourdomain.com` → `jane@mail.yourdomain.com`
+
+### 4. Configure Default Sender Address
+
+Set users to send FROM their clean address by default:
+
+**Method 1: Per-Mailbox Settings**
+1. Edit each mailbox in Mailcow
+2. Under **Sender addresses**, add `john@yourdomain.com`
+3. Set as default sender address
+
+**Method 2: SOGo Webmail**
+Users can configure in SOGo:
+1. Log into webmail
+2. Settings → Mail → Accounts
+3. Set "From" address to `john@yourdomain.com`
+
+**Method 3: Email Client**
+Configure email client (Thunderbird, Outlook, etc.):
+- Identity name: `john@yourdomain.com`
+- Reply-to: `john@yourdomain.com`
+- SMTP still authenticates as `john@mail.yourdomain.com`
+
+### 5. Enable Login with Alias Addresses (Make Transparent to Users)
+
+Allow users to login with `john@yourdomain.com` instead of `john@mail.yourdomain.com`:
 
 1. SSH into your Mailcow server
-2. Edit `mailcow.conf`:
+2. Edit the Dovecot configuration:
    ```bash
-   nano /opt/mailcow-dockerized/mailcow.conf
+   cd /opt/mailcow-dockerized
+   nano data/conf/dovecot/extra.cf
    ```
 
-3. Add MXroute IPs to `SKIP_CLAMD` or trusted networks
+3. Add the following line:
-4. Restart Mailcow:
+   ```
-   ```bash
+   auth_username_format = %Ln@%Ld
-   docker-compose down
-   docker-compose up -d
    ```
 
-### 2. Configure Mailboxes
+4. Restart Dovecot:
+   ```bash
+   docker-compose restart dovecot-mailcow
+   ```
 
-Create mailboxes in Mailcow for each user:
+**Alternative method - Edit via Mailcow UI:**
+1. Navigate to **System** → **Configuration** → **Configuration & Details**
+2. Under **Dovecot**, add custom config
+3. Add: `auth_username_format = %Ln@%Ld`
 
-1. Navigate to Mailcow admin → **Mailboxes**
+**Result:** Users can now login with EITHER address:
-2. Create mailbox: `user@yourdomain.com`
+- `john@yourdomain.com` ✓
-3. Set password and quota
+- `john@mail.yourdomain.com` ✓
 
-### 3. Disable Greylisting (Optional)
+Both will work for IMAP, SMTP, and webmail authentication.
+
+### 6. Allow MXroute IP Addresses
+
+Add MXroute server IPs to Mailcow's trusted networks to skip spam filtering:
+
+1. Navigate to **Configuration** → **Configuration & Details** → **Options**
+2. Under **mynetworks**, add MXroute IPs
+3. Or edit via command line in `data/conf/postfix/extra.cf`:
+   ```
+   mynetworks = 127.0.0.0/8 [::1]/128 192.168.0.0/16 [MXroute IPs]
+   ```
+
+### 7. Disable Greylisting for MXroute (Optional)
 
 If you experience delays:
 
 1. Navigate to **Configuration** → **Configuration & Details**
 2. Find your domain
-3. Disable greylisting for MXroute IPs
+3. Under **Greylisting**, add MXroute IPs to whitelist
 
 ---
 
@@ -141,18 +233,30 @@ If you experience delays:
 Send test email from external provider (Gmail, Outlook):
 ```
 From: test@gmail.com
-To: user@yourdomain.com
+To: john@yourdomain.com
 ```
 
 **Expected Flow:**
-1. Mail arrives at MXroute
+1. Mail arrives at MXroute for `john@yourdomain.com`
-2. MXroute forwards to Mailcow
+2. MXroute forwards to `john@mail.yourdomain.com`
-3. Mail appears in Mailcow inbox
+3. Mailcow receives at `john@mail.yourdomain.com`
+4. Mailcow alias delivers to `john@mail.yourdomain.com` mailbox
+5. Mail appears in John's inbox
 
-### 2. Check Headers
+### 2. Test Reply
+
+Have John reply to a message:
+
+**Expected behavior:**
+- Reply FROM: `john@yourdomain.com` (clean address)
+- Reply goes through Mailcow → MXroute relay → Internet
+
+### 3. Check Headers
 
 Review email headers in Mailcow to verify:
 - `Received:` headers show MXroute server
+- `To:` shows `john@yourdomain.com`
+- `Delivered-To:` shows `john@mail.yourdomain.com`
 - SPF, DKIM, DMARC all pass
 - No spam flags
 
@@ -173,12 +277,27 @@ Look for incoming connections from MXroute IPs.
 
 ## Example Configuration: gnarlypandaproductions.com
 
-### MXroute Forwarders
+### Mailcow Setup
-| MXroute Address | Forwards To |
+**Domain:** `mail.gnarlypandaproductions.com`
-|-----------------|-------------|
+
-| admin@gnarlypandaproductions.com | admin@mail.gnarlypandaproductions.com |
+**Mailboxes:**
-| contact@gnarlypandaproductions.com | contact@mail.gnarlypandaproductions.com |
+- `admin@mail.gnarlypandaproductions.com`
-| *@gnarlypandaproductions.com | @mail.gnarlypandaproductions.com |
+- `contact@mail.gnarlypandaproductions.com`
+- `info@mail.gnarlypandaproductions.com`
+
+**Alias Domain:**
+`gnarlypandaproductions.com` → aliases to → `mail.gnarlypandaproductions.com`
+
+This automatically creates:
+- `admin@gnarlypandaproductions.com` → `admin@mail.gnarlypandaproductions.com`
+- `contact@gnarlypandaproductions.com` → `contact@mail.gnarlypandaproductions.com`
+- `info@gnarlypandaproductions.com` → `info@mail.gnarlypandaproductions.com`
+
+### MXroute Setup
+**Catch-all Forwarder:**
+```
+*@gnarlypandaproductions.com → @mail.gnarlypandaproductions.com
+```
 
 ### DNS Records
 | Record Type | Name | Value |
@@ -190,6 +309,15 @@ Look for incoming connections from MXroute IPs.
 | TXT | _dmarc | v=DMARC1; p=reject; rua=mailto:admin@gnarlypandaproductions.com |
 | TXT | default._domainkey | [MXroute DKIM key] |
 
+### User Experience
+**Users use clean addresses for EVERYTHING (completely transparent):**
+- Send FROM: `admin@gnarlypandaproductions.com`
+- Receive AT: `admin@gnarlypandaproductions.com`
+- Login with: `admin@gnarlypandaproductions.com` (and password)
+- SMTP/IMAP Server: `mail.gnarlypandaproductions.com`
+
+**Users never need to know about the `mail.` subdomain!**
+
 ---
 
 ## Troubleshooting