I have an email server (mail) that currently hosts one domain example1.com. The server is behind NAT and I have split-dns configured on the LAN.

The time has come to host additional domains on the same email server and after many hours of googling I have read conflicting information on how to create the public (external) and internal DNS records. There seems to be two approaches to configuring the MX and A records which I will demonstrate below.

APPROACH 1

External DNS for example1.com

example1.com      7200 MX 10 mail.example1.com.
mail.example1.com 3600 A  213.xx.xx.xx

External DNS for example2.com

example2.com      7200 MX 10 mail.example1.com.
mail.example1.com 3600 A  213.xx.xx.xx

In the first approach the MX record for example2.com points to the first domain, e.g. example1.com.

This seems to be how email hosting companies like Google Apps and ISPs work.

The problem with this method for my situation is that I don't want emails from example2.com to show that they originate from example1.com. The "solution" to this would be that I purchase a third domain let's say mail.myemailserver.com which would be used as the default (or first) domain for the email server.

APPROACH 2

External DNS for example1.com

example1.com      7200 MX 10 mail.example1.com.
mail.example1.com 3600 A  213.xx.xx.xx

External DNS for example2.com

example2.com      7200 MX 10 mail.example2.com.
mail.example2.com 3600 A  213.xx.xx.xx

In the second approach the MX record for the second domain points to its own domain, e.g. example2.com.

What I'm asking for is have I understood the configuration of multiple domains hosted on a single server and is there a best practice or advice on which approach I should implement in my own environment.

You mentioned TLS. Are you referring to webmail via SSL? If so then yes that is already configured for the first domain. Regarding the origin of the mail won't the headers contain example1.com if I use approach 1?

thanks for your explanation. Are there any advantages or disadvantages of either approach?

Well the better approach is to use an MX record, the reason for this is that it might be you want to split your mail server from your webserver for example. Then you can configure MX records for multiple mail servers while your A record still points at the correct webserver.

@yonatan No, the received header only contains mailservers that are passed, the content is their IP and the reverse dns of that IP, not the MX record.

Just so I've understood when you say "an MX record" you are referring to approach 1, right? ;)

No, I'm referring to encrypted SMTP. I'm not sure if this is a problem, but when you use this, you typically have one certificate installed (e.g. containing the common name mail.example1.com). If a server connects to mail.example2.com and is presented with the certificate mail.example1.com, this might cause a problem. As for the mail headers: at some point you will certainly have a mention of example1.com in the headers, no matter how you do it. Why waste your time to work around this?

Actually to both approaches :p. An MX record is configured to point to a mailserver for a domain. In the end it just goes looking for an IP and connects to that IP, it doesn't care about what MX record is configured as long as the A record that goes with the MX record (so mail.example1.com and mail.example2.com ) point to an IP.

@oliver the two domains are for two independent companies that's why I want it to look as if the domains are hosted on two separate email servers even though they are not.

Cool I understand. One final thing. I might have overlooked this in my question, but for approach 2 I would need to add a new zone for example2.com, yes (not necessary in approach 1)?

If this is an absolute must for you, you should go with approach 2 then. As said, this is perfectly valid.

You would need to do that anyway because you have 2 different domains to manage. Every domain has its own zonefile. Since example2 is also present in approach 1, you would still need to add a zonefile for it.

sorry I should have explicitly said add a new zone to the internal DNS, e.g. "for approach 2 I would need to add a new zone internal DNS for example2.com, yes (not necessary in approach 1)?

of course, it works the same, it doesn't matter if it's internal or external, the protocol stays the same :)

I'm very grateful for you patience and help! I'll try to setup the second domain tomorrow. Thanks again.

Glad to help :)