Recent content by Stoiko Ivanov

GUI->Configuration->Mail Proxy->DKIM->Selector->view DNS-record - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_mailproxy_dkim else - to query DNS for your record you just need the <selector> and your <domain> (and to install bind9-dnsutils for the `dig` command): `dig txt...

This is the way to go - certificates for PMG are per-node I hope this helps!

siehe: https://pmg.proxmox.com/wiki/index.php/Upgrade_from_7_to_8#Stop_and_mask_services_before_upgrade Die services vor dem upgrade stoppen und masken verhindert, dass mails angenommen werden und potentiell nicht zugestellt werden können (nach dem erfolgreichen upgrade klarerweise wieder...

as said - please post logs (as text in code tags) - and your configuration (/etc/pmg/pmg.conf, and the dkim/relay domains) - also make sure you send mails to the internal port of PMG...

I don't think I understand your request 100% - please share some logs - or headers - of mails that are not signed, but you want them to be signed - maybe this will help me get a picture! thanks!

are you sending the mails to the internal port? are the mails coming from a domain that you have configured in DKIM domains? plaese share the logs of such a mail...

As the rule is called blocked 'Outgoing" Spam - I'd take a good look if you have configured the internal and external ports properly! on the internal port mails to everywhere can be relayed, but they have to come from an IP listed in your trusted networks. In general - the Tracking Center (and...

can you reach the Let's encrypt URL from the node? curl -v https://acme-staging-v02.api.letsencrypt.org/directory (for the staging API) I hope this helps!

see the reference-documentation for using DKIM with PMG: https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_mailproxy_dkim I hope this helps!

I sent a patch to add the date-header to the generated mails inside our stack - so that they can be covered by the DKIM signature: https://lore.proxmox.com/pmg-devel/20250310180612.21877-1-s.ivanov@proxmox.com/T/#t once this or an improved version is applied the warnings should vanish.

Who Objekte im Regelsystem gehen auf die envelope addressen, wenn auf den From-header gematched werden soll muss ein What Objekt (Match Field, Field 'From') verwendet werden. und wenn saemtliche subdomains gematched werden sollen ist eine WhoRegex korrekt. Beide Sachen können theoretisch...

the difference I see is that WL-recipients-RT (group 37) had 'and=1' in your backup, while at the moment it's 'and=0' These flags (match any, match all) were introduced in PMG 8.1 - if you have Match all then you get 'and=1, invert=0' - and in this case an empty who-object matches all addresses...

From the screenshots you post it seems that your PMG simply does not get any e-mails - my guess would be that maybe the MX-record for your domain was changed - and does not point to PMG anymore? (or the firewall in front of PMG does not forward traffic on port 25 to PMG's external port anymore)...

how does the rule look like? (pmgdb dump) - how did the rule look like before the reboot? In general I don't think that a reboot should change much in processing of mails by the rule-system?

with a POST/create request you can set the 'top-part-only' flag - but you need to read through all object-groups and find the objects which are affected and then adapt those - this is what I meant with - it's not really straight-forward no this is stored with each object and not a global flag...