İçerik Tablosu
- PMG (Proxmox Mail Gateway) and Exchange Mail Server Integration – Internal and External SMTP Configuration
- Objective
- 1️⃣ Configuring Default Ports in PMG
- Check Listening Ports
- 2️⃣ PMG Web Interface Configuration
- ➤ Trusted Networks
- ➤ Relay Domains
- ➤ Transports
- 3️⃣ PMG Postfix Configuration (via SSH)
- 4️⃣ Smart Host Configuration on Mail Server (e.g., Exchange, Zimbra, Postfix)
- ➤ Smart Host Settings
- ➤ Port Configuration via PowerShell (Exchange Example)
- ➤ Retry Queued Emails
- 5️⃣ Log Analysis & Testing
- ➤ Example: Incoming Email via PMG
- ➤ Example: Outgoing Email via PMG
- ✅ Configuration Summary
- 🔐 Security Recommendations
PMG (Proxmox Mail Gateway) and Exchange Mail Server Integration – Internal and External SMTP Configuration
This document outlines the steps to configure PMG (Proxmox Mail Gateway) with an SMTP mail server (e.g., Exchange, Zimbra, Postfix) to manage incoming and outgoing email traffic.
Objective:
✅ Ensure incoming emails from external sources are routed through PMG before reaching the mail server
✅ Ensure outgoing emails from internal systems are delivered to the internet via PMG
1️⃣ Configuring Default Ports in PMG
| Port | Description |
|---|---|
25 | Incoming SMTP connections from the internet (external) |
26 | Relay connections from internal systems (e.g., mail server) |
8006 | PMG Web interface (should only be accessible from internal network) |
Check Listening Ports
ss -tuln | grep :25
ss -tuln | grep :262️⃣ PMG Web Interface Configuration
➤ Trusted Networks
(Configuration > Mail Proxy > Networks)
| IP/Subnet | Description |
|---|---|
192.168.1.0/24 | Internal network (optional) |
192.168.1.50/32 | Mail server IP address |
➤ Relay Domains
(Configuration > Mail Proxy > Relay Domains)
| Relay Domain |
|---|
example.com |
mail.example.com |
➤ Transports
(Configuration > Mail Proxy > Transports)
| Relay Domain | Host | Protocol | Port |
|---|---|---|---|
example.com | 192.168.1.50 | smtp | 25 |
3️⃣ PMG Postfix Configuration (via SSH)
Connect to PMG via SSH and run the following:
postconf -e "inet_interfaces = all"
postconf -e "mynetworks = 127.0.0.0/8 192.168.1.0/24 192.168.1.50/32 [::1]/128"
postconf -e "smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination"
systemctl restart postfixThis ensures that only the defined IPs can relay outbound emails.
4️⃣ Smart Host Configuration on Mail Server (e.g., Exchange, Zimbra, Postfix)
➤ Smart Host Settings
- Smart Host IP:
192.168.1.10(PMG IP) - Port:
26(Internal SMTP relay port on PMG)
PMG listens on port
25for incoming external emails. For internal relays, port26is commonly used.
➤ Port Configuration via PowerShell (Exchange Example)
Set-SendConnector "InternetMail" -Port 26➤ Retry Queued Emails
Retry-Queue -Filter {Status -eq "Retry"}On Postfix or similar systems, use
mailqorpostqueue -fto flush the queue.
5️⃣ Log Analysis & Testing
➤ Example: Incoming Email via PMG
connect from mail-xxx.google.com[209.x.x.x]
from=<user@gmail.com>
to=<user@example.com>
status=sent (250 ...)→ Indicates that an external email was successfully delivered to the internal mail server.
➤ Example: Outgoing Email via PMG
from=<user@example.com>
to=<recipient@hotmail.com>
relay=mx1.hotmail.com[65.x.x.x]:25
status=sent (250 ...)→ Shows that an internal email was successfully relayed to the external recipient.
✅ Configuration Summary
| Function | Status |
|---|---|
| Inbound mail | ✅ Delivered to internal mail server via PMG |
| Outbound mail | ✅ Routed to the internet via PMG |
| Internal/External ports | ✅ Port 25: external, Port 26: internal relay |
| Trusted IPs | ✅ Controlled via trusted networks |
🔐 Security Recommendations
- Restrict web interface access (
port 8006) to internal network or VPN only - Enhance Postfix security with fail2ban, RBL, SPF, DKIM, and DMARC rules
- Use Let’s Encrypt for automatic TLS certificate renewal
No Comment! Be the first one.