How should my end-users connect to my e-mail services?

Discussion in 'Tips/Tricks/Mods' started by Th0m, Feb 20, 2022.

Thread Status:
Not open for further replies.
  1. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Note: This is my personal advice/preference.

    Many admins let their users connect to or even (when website and e-mail are on the same server). In my opinion this is bad practice and I often tell users on this forum to use a different approach, so I decided to write this post to give you some insight into the bad/good practice (in my opinion).

    In the below text is the name of your (company) domain, and is a client domain.

    It is bad practice to use because:
    • These DNS records will have to be updated when moving your e-mail services to a new IP, which can be quite a hassle, especially when the DNS zones for (some of) your domains are hosted with someone else.
    • Having a valid SSL certificate set up for these hostnames on your e-mail server is complicated and takes extra time to maintain.
    • When there is no valid SSL certificate, the connection to your e-mail server is less secure.
    • Plus the reasons listed below:
    It is bad practice to use because:
    • If you want to separate your SMTP and IMAP/POP3 server later on, the only way to keep working is setting up a load balancer that sends traffic on the SMTP ports to the SMTP server, and traffic on the IMAP/POP3 ports to the IMAP/POP3 server. Using and will save you from this dirty solution.
    • I think it looks more professional to have and instead of :)
    So how would the "perfect" setup look like?
    • The hostname of the mailserver can be anything. I prefer to use,, etc. Make sure you set the same hostname in your rDNS (PTR) record for the IP('s) you use for sending out e-mail.
    • Your mail services are best off being on a separate server (or at least a separate IP) than your webserver, so clients can't reach the e-mail server on, as some e-mail clients will automatically try to use this.
    • The hostname(s) to reach the mailserver should be and ( is optional if you want to clearly support pop3).
    • A valid certificate for the used hostnames can be set up following this guide (given you are using ISPConfig):
Thread Status:
Not open for further replies.

Share This Page