Use Multiple Domains On an Ubuntu Postfix Email Server

If you have been following our series of articles on installing and managing a Postfix email server, you may want to use more than one domain name on your Postfix email server. Configuring multiple domains on Postfix is possible if you have installed Postfixadmin. We completed that in part 4 of this series. This is part 6. We are assuming you have followed, at minimum Parts 1, 2, 3, 4. So in this article, we will configure another domain in Postfixadmin, set up the correct DNS records and then apply SPF and DKIM to the new domain.

Articles In This Series

Configure DNS Records

Choose what subdomain you would like to use to connect to the domain and fetch mail. The default is usually Add the following DNS records. In the following examples, we are using the domain name

DNS Record TypeNameValue
AmailServer IP
v=spf1 mx ~all
Required DNS Records For Multiple Postfix Domain Names

Add Domain To Postfixadmin

Login to Postfixadmin and navigate to Domain List > New Domain. Just like the first time round add your additional domain name as usual.

Multiple email domains Postfixadmin

Configure DKIM

In part 3 of this series, we installed OpenDKIM on our Postfix VPS server. The process to sign a second domains email with DKIM is quicker this time around. So open the /etc/opendkim/signing.table

nano /etc/opendkim/signing.table
# Second Domain


Underneath the first domain we configured, add the new domain name. After the edits, the file will look like this.

And in the /etc/opendkim/key.table file. Do the same. Duplicate the original and edit it for the second domain name.

nano /etc/opendkim/key.table

After the edits that file will look like this.

# First Domain

# Second Domain

In the /etc/opendkim/trusted.hosts add the second domain.

nano /etc/opendkim/trusted.hosts

Generate Public & Private Keypair

Next, we need to generate a new public and private key pair for the second domain name we are adding. But first, create a directory to store the keys.

mkdir /etc/opendkim/keys/

And now generate the keypair with OpenDKIM.

opendkim-genkey -b 2048 -d -D /etc/opendkim/keys/ -s default -v

Just like in Part 3. The private key is located in the default.private file and the public key is stored in the default.txt file. Ensure OpenDKIM is the owner of the private key.

chown opendkim:opendkim /etc/opendkim/keys/

Now display the public key that was just created.

cat /etc/opendkim/keys/

Next, add the public key to your DNS manager for the second domain name. Remember that the public key is the string between the ” ” in the displayed file above. There are two sections. Copy BOTH strings and combine them into one long string.


Would become


So in your DNS Manager create a new TXT record with the name default._domainkey and in the value past the long string you just created including the p=. It will look similar to this.

Next test that the key is correct.

opendkim-testkey -d -s default -vvv

opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key ''
opendkim-testkey: key not secure
opendkim-testkey: key OK

Remember that it’s normal to see the message Key not secure. It means DNSSEC is not enabled for your domain name. Restart OpenDKIM.

systemctl restart opendkim

Configure OpenLiteSpeed Virtual Host

Next we are going to create a new virtual host in OLS. This will be called and its virtual host root will point to our existing RoundCube directory.

/bin/bash <( curl -sk ) -d

Once created log in to the OpenLiteSpeed control panel at https://IPv4:7080. Navigate to Virtual Hosts and select the virtual host you just created. In our previous article, we placed the Roundcube files in the directory /var/www/ Update the virtual host root for the new domain name to reflect the same path.

Multiple Domains Postfix email server

Restart OpenLiteSpeed.

systemctl restart lsws

Generate SSL Certificate

Use Certbot to generate a new SSL Certificate for the new domain name. However, this time you need to update the existing certificate on the server to contain the new domain names. You also need to ensure the certificate is named the same as in Part 2 of this series. This will save you from having to update the Dovecot and Postfix configuration with the new certificate name.

certbot certonly -d -d -d  --cert-name

Certbot will provide a warning in the console saying you are updating the existing certificate to include new domain names.

You are updating certificate to include new domain(s):

You are also removing previously included domain(s):

Did you intend to make this change?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate certificate/(C)ancel: u
Renewing an existing certificate for and 2 more domains

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/
Key is saved at:         /etc/letsencrypt/live/
This certificate expires on 2024-06-08.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Certbot is also telling us it’s configured itself to update the certificate when it’s up for renewal. Thanks Certbot! So now in the /etc/letsencrypt/live/ file, you have a certificate for multiple domain names. Ensure OLS can read the certificates by setting the correct permissions and restarting LiteSpeed Web Server, Postfix and Dovecot.

setfacl -R -m u:www-data:rx /etc/letsencrypt/live/ /etc/letsencrypt/archive/ && systemctl restart lsws postfix dovecot

At this point, if you are not using Cloudflare you can specify the location of the Certificate and Private key in the OLS control panel for ALL virtual hosts. The path to the certificate is the same for all our domains because they are contained in the same file. Magic!

And now you should be able to access RoundCube Webmail using the new domain name you just added. In our examples

Test New Configuration

To test the new domain name add a new mailbox in Postfixadmin. Access webmail and check if you can log in to the new mailbox. Send a test email to another email address using Gmail or Outlook. You can inspect the headers to ensure DKIM and SPF are configured correctly.

 Transport; Sun, 10 Mar 2024 14:03:51 +0000
Authentication-Results: spf=pass (sender IP is; dkim=pass (signature was verified);dmarc=pass action=none;compauth=pass
Received-SPF: Pass ( domain of designates as permitted sender);
 client-ip=;; pr=C
Received: from ( by ( with Microsoft SMTP
 Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7386.15 via
 Frontend Transport; Sun, 10 Mar 2024 14:03:51 +0000

Magic. We have now configured our Postfixadmin NVMe VPS server to provide email to multiple domain names with DKIM and SPF setup. You can repeat this process to add multiple domains to your Postfix server. In the next article, we will look at providing High Availability to our Postfix server.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button