Resolved one mailserver per IP on a dedicated server?

[mschenk]

Hi,

I have 3 IP's on a dedicated server and over 100 domains.

IP 1:
Shared IP, which includes the server name server1.mydomain.com and which i use also as mailserver "server1.mydomain.com" in the MX Records of all domains, independent if this domains use IP1, IP2, or IP3.
- I set an PRT record for "server1.mydomain.com" which points to IP 1.
- I set in Plesk the servername also to "server1.mydomain.com"
- I have set Let's Encrypt Certificate for server1.mydomain.com

I use this IP also for my own domain www.mydomain.com website.

IP 2:
Shared IP, which i user for some 100 domains/websites. But for all of then i put in the MX-Record of the DNS the "server1.mydomain.com", which has IP1.

IP 3:
Dedicated IP for one website. This website is using external mail server.

Question:
- Is it OK that is use only 1 mailserver (the one from IP1) for domains which use IP2? I want to use only secure mail (IMAP port 993, SSL/TLS and SMTP por 465 SSL/TLS)
- Is this solution the best one and why?
- Wich advantages/disadvantages has it, if i use one mailserver per IP? Why should i do that?
- Which Antispam Solution (can be paid) is actually the best one? I used Macig Spam the last years, but not supported on this new server/plesk version.


I red, that it is always best to use the servername also as mailserver name.
Want to point out, that the objective is that the mails from this server are "trusted" and there will not been send spam mails. (at least not permited and restricted in Plesk Ougoing Mails / period settings.

I use Plesk Onyx web host edition Version 17.8.11 Update #27 on a dedicated Debian 9.5 server.

Thanks for any help and recomendations, best regards from Madrid, Spain, Martin

 

[trialotto]

@mschenk

To be honest, it is recommended that you stick to the principle "same IP for the mail server as for the associated domain".

This is simply preventing a lot of problems with DNS settings, Let's Encrypt and many other hosting related things.

The golden rule here is: only use a separate IP (which is different from the default IP associated with a domain) if and only if you use an external (dedicated) mail server.

With respect to the question

Which Antispam Solution (can be paid) is actually the best one? I used Macig Spam the last years, but not supported on this new server/plesk version.

I have to say that the answer is a combination of solutions:

1) use Plesk Premium Antivirus: you have to purchase a license for this,
2) use SPF: go to "Tools & Settings > Mail Server settings > Tab:Settings > Switch on SPF spam protection (check the checkbox)" and add your SPF rules,
3) use SPF: add SPF records (which should be more stringent than the ones in step 2) in your DNS by just adding appropriate TXT files,
4) use DNSBL: go to "Tools & Settings > Mail Server settings > Tab:Settings > Switch on spam protection based on DNS blackhole list (check the checkbox)" and add the best and most effective DNSBL, being zen.spamhaus.org
5) use the Spam Filter: go to "Tools & Settings > Spam Filter > Tab: Settings" and switch on all checkboxes under "General"
6) use the Spam Filter: go to "Tools & Settings > Spam Filter > Tab: White list" and add the trusted domains (read: use wildcards like *@domain.com and *@*.domain.com)

and be aware of the fact that executing step 6 is a bit dangerous, in the sense that mail traffic not originating from domains on your white list is being blocked, even though it can be and often will be non-malicious mail traffic (read: only use step 6 if it is necessary or safe to do so).

By the way and for your information, MagicSpam was not a good extension: it did not add a lot of value in comparison to expected results of step 1 to 6 (read: the price for MagicSpam was just to high to justify it, given the fact that Spamassassin + Plesk Premium Antivirus do an excellent job together, leaving little space for MagicSpam to do good work and intercept the minimal amount of bad mail traffic that was not detected by Spamassassin and/or Plesk Premium Antivirus).

In conclusion, it is highly recommended that you use an antivirus AND antispam solution together, preferably the out-of-the-box solutions shipped with Plesk.

An excellent alternative is the use of SpamExperts, but it is NOT recommended to purchase that paid-for solution via Plesk (read: too expensive, can be cheaper!)

Hope the above helps a bit!

Regards.........

 

[mschenk]

Thank you very much @trialotto !

The principal "same IP for the mail server as for the associated domain"
and the golden rule "only use a separate IP (which is different from the default IP associated with a domain) if and only if you use an external (dedicated) mail server. " are helping me a lot.
I will try to go back to one domain and change step by step the other points.

But i have there still a question:
if a domain needs a own IP because of a SSL Certificate, how would you resolve the problem with the mailserver?

Thank you very much for you detailed and deep answer. It helps me really out!
Have a nice evening.

Regards ...