Search results

Thanks a lot Max, all good points. The logical grouping is already happening due to using docker compose, and yes, there's a reverse proxy (nginx) in play, but that one may move to OPNsense as part of this realignment. I got the management side (backups/updates/etc.) of the docker services and...

Good input, thanks! From an isolation point of view I think LXC would surely not be worse than today, because right now there is no isolation at all given that all 30 images are running on the same physical server.

I got a server which is currently running ~30 docker images. Services like Nextcloud, Akkoma, Grafana, Keycloak, etc. with their associated databases with 11TB BTRFS raid storage. Now, this server has got plenty of resources left so I am wondering if I should migrate the current setup to PVE for...

Thanks Stoiko. Got it working! I am a little uncertain if I need the CA/Intermediate certificates to be added or not. Right now, all that's in the pem is private key and certificate. Given that things are working I guess mail servers aren't checking the chain?

I need to update my tls certs, uploaded the new data via the UI and I can see it is stored in /etc/pmg/pmg-tls.pem But when I run openssl to test, I still get the old cert. After browsing around I noticed the following entries in /etc/pmg/templates/main.cf smtpd_tls_cert_file =...

Now that is very helpful, I will check ports and internal network settings right away! As far as the config dump is concerned, given that even IPs are potential sensitive data nowadays I'd rather send it to you directly. Need to check if this platform allows a direct message. I am unable to...

Not sure I am afraid, I have inherited this (undocumented) setup and I still discover things I wasn't aware of. In it's defense I'd say that it's been working unchanged without any hiccups for more than a year, and it's only this weekend when things went wrong. What's puzzling is that the...

Our servers are currently under a spam attack trying to use our mail gateways as open relay and for reasons yet unknown, quite a few got through. After a reboot (and update) the vast majority of connection requests get blocked with a relay access denied, as they should. But there are some which...

Thanks Stoiko, definitely did help! 'dhl-.*@*' seems to work! Put it in and will monitor my log…

I am trying to set up a blacklist entry for certain email addresses but don't seem to be able to find a regex which works. I understand that my regex should cover the whole address but struggle to come up with a string which covers all email addresses beginning with 'dhl-' Would really...

Indeed, exact same scenario as mine. Short term I should be ok with Proxy/Whitelist + Filter, but mid term it seems I will have to bite the bullet and make our mail servers accessible externally. Or maybe I can redirect at the OpnSense level… Thanks for sharing!

It does definitely help. That means the rule engine always kicks in before the Mail Proxy which is important to understand as in that case Proxy Whitelisting is very different from what I thought.

Thanks everyone, I now have the domains in question listed under Mail Proxy / Whitelist Type: Domain Direction: Receiver Value: WhitelistedDomain.com According to the documentation (All SMTP checks are disabled for those entries (e.g. Greylisting, SPF, DNSBL, …)) and the conversations higher up...

Thanks a lot Dominik, "going direct" would be mean a slightly more complicated setup, new DNS entries and public IP addresses. Having PMG do some of the basic sanity checks may actually be good in this scenario, because either 3rd party did it's job and nothing bad comes through or someone is...

We have the requirement to host a new email domain on our email servers, while this domain should follow the same email flow as the other domains, this new domain should effectively bypass PMG and hit our mail servers directly. Reason is that this domain gets it's SPAM/Virus checks done by a 3rd...

This looks like a perfect fit! Thanks for your swift response.

Our use case is such that a user might be waiting for an email to confirm a new account he's set up or something of that nature. If PMG keeps this email in quarantine a user will have to manually find one of the previous quarantine report emails and release the email. If such an email doesn't...

Thanks Stoiko, the settings I make in the UI are properly reflected in both config files: main.cf: default_transport = smtp:ciphermail2.pie.local:25 pmg.conf: smarthost ciphermail2.pie.local I can see from the OS logs that whenever I update the SMarthost setting in the UI, postfix is reloaded...

That is a very good question, but I didn't set it up, and that's my problem :) Right now I am trying to understand the moving parts. But from a message flow point of view it's these two : Internet -> Firewall -> Proxmox Mail Gateway -> Ciphermail -> O365/Google/etc and Internet ->...

Hi there, I recently have been handed over a cluster of Proxmox Mail Gateways, unfortunately without a proper handover, let alone documentation. And now I am trying to make sense of things, so apologies if some of my questions are obvious to someone experienced. My system is set up in a way...