Planning, Domain List, and System Baseline
Before adding five thousand domains to a single Postfix instance, it helps to map out the environment. The first step is to verify that the server’s IP is public, has a static address, and is not a shared hosting box that enforces outbound rate limits. You can test this with dig +short myip.opendns.com @resolver1.opendns.com and then ping that address from a different network. If the ping succeeds and the return time stays below a few hundred milliseconds, the IP is reachable enough for inbound mail.
Next, decide on a canonical hostname for the mail server. The hostname should resolve to the server’s public IP and appear in all certificates and reverse‑lookup records. Create it with sudo hostnamectl set-hostname mail.example.com and add a matching 127.0.0.1 mail.example.com line to /etc/hosts so that internal services can refer to it without DNS queries. The hostname will appear in Postfix logs, in bounce messages, and in the HELO or EHLO banner that remote servers see.
With the host ready, gather a list of all domains you plan to serve. Store them in a plain text file like /etc/postfix/virtual_domains, one domain per line. A shell loop can generate the file from an existing CSV or database: awk -F, '{print $1}' all_domains.csv > /etc/postfix/virtual_domains. Make sure the file is owned by root and readable only by root (chmod 640 /etc/postfix/virtual_domains). If you ever need to add or drop domains, you’ll simply edit that file and reload Postfix; no other configuration changes are required.
Because you’re dealing with thousands of domains, automation is essential. Write a small script that iterates over /etc/postfix/virtual_domains, checks that each domain has an MX record pointing to the mail server, and warns if any are missing. Use dig +short MX <domain> inside the loop. A missing MX record means that remote servers will reject mail for that domain outright, so catching those errors early saves a lot of troubleshooting later.
Another layer of safety is to prepare the filesystem layout. All virtual mailboxes will live under At this point you have a working server, a list of domains, and a folder structure. The next chapter focuses on telling Postfix how to route mail for those domains. With the foundation in place, configure Postfix to treat every domain in /var/mail/vhosts. Create the directory with sudo mkdir -p /var/mail/vhosts and set group ownership to the mail group: sudo chown root:mail /var/mail/vhosts. Give the group read‑write permissions and restrict others to read only with sudo chmod 750 /var/mail/vhosts. Each domain will receive a subdirectory named after it; the subdirectory will contain one Maildir per user. Keep this layout consistent, because Dovecot and Postfix will look for mail at /var/mail/vhosts/%d/%u
Postfix Virtual Domain Setup
/etc/postfix/virtual_domains as a virtual recipient. Begin by editing /etc/postfix/main.cf and adding or updating these entries:myhostname = mail.example.com
myorigin = $myhostname
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
smtpd_banner = $myhostname ESMTP $mail_name (Debian)
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.pem
smtpd_tls_key_file = /etc/ssl/private/mail.example.com.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
The mydestination line deliberately excludes all virtual domains; any domain not listed there will be routed to the virtual domain mechanism. The TLS settings point to a certificate that covers the mail host; for per‑domain certificates you’ll later map them via SNI tables.
Next, create the virtual domain tables. Copy the domain list into a Postfix hash map:
sudo postconf -e 'virtual_mailbox_domains = hash:/etc/postfix/virtual_mailbox_domains'
sudo cp /etc/postfix/virtual_domains /etc/postfix/virtual_mailbox_domains
sudo postmap /etc/postfix/virtual_mailbox_domains
Now map each domain to a mailbox root. For the default case, every user in every domain gets a Maildir under /var/mail/vhosts/$domain. Build the map with a loop:
while read d; do echo "$d /var/mail/vhosts/$d/" >> /etc/postfix/virtual_mailbox_maps; done
sudo postconf -e 'virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_maps'
sudo postmap /etc/postfix/virtual_mailbox_maps 
No comments yet. Be the first to comment!