Configuration/Mail Proxy/Relaying/Smarthost not showing effect

Jan 20, 2022
5
1
3
22
Hi there, I recently have been handed over a cluster of Proxmox Mail Gateways, unfortunately without a proper handover, let alone documentation.
And now I am trying to make sense of things, so apologies if some of my questions are obvious to someone experienced.

My system is set up in a way that all incoming emails are passed over to an internal encryption/decryption gateway which is working fine.

After reading up on things I think Configuration/Mail Proxy/Relaying/Smarthost is the setting which is in charge to define the relay destination. And the current value of that setting matches what I see in the logs. Also supported by the manual: "When set, all outgoing mails are deliverd to the specified smarthost.".

> postfix/smtp[1455]: 4340DDC066B: to=<thomas@mydomain.com>, relay=ciphermail.mydomain.local[192.168.1.5]:25,…

Now, I'd like to point to a different FQDN, to test a new set of servers.
So I went ahead and changed Smarthost to "ciphermail2.mydomain.local", expecting that the Mail Gateway will now route to the new address, but for some reason it's still the old address which is used. Even after a reboot of the Gateway.
Pinging the new FQDN ciphermail2 from the Gateway console works fine.

So my question is, is this indeed the setting I need? If yes, and given the fact that my change does not show any effect, is there a possibility that this setting is overruled somewhere else?

Thanks
Thomas
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,217
1,135
164
Now, I'd like to point to a different FQDN, to test a new set of servers.
So I went ahead and changed Smarthost to "ciphermail2.mydomain.local", expecting that the Mail Gateway will now route to the new address, but for some reason it's still the old address which is used. Even after a reboot of the Gateway.
Pinging the new FQDN ciphermail2 from the Gateway console works fine.
Hmm - two things come to my mind:
* for mails which were already in the queue on PMG the relay will remain unchanged - maybe the logs only showed mails which were already queued?
* else verify that the newly set smarthost setting is actually reflected in the postfix configuration (/etc/postfix/main.cf) - the config is rendered from the configuration template [0] and the smart host set in the gui (and stored in /etc/pmg/pmg.conf) should be set as `default_transport` in main.cf

In general - the reference documentation should contain all necessary information:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html
(although in quite a terse form - so do feel free to ask questions here as well)

I hope this helps!

[0] https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
 
  • Like
Reactions: t0mz

treloskilo

Member
Aug 12, 2021
58
4
8
46
I would like to ask you, what configuration have you done in order the ciphermail to work with proxmox mail gateway?
Right now the configuration i have and working is
Code:
Internet -> Firewall -> Proxmox Mail Gateway -> Exchange
 
Jan 20, 2022
5
1
3
22
That is a very good question, but I didn't set it up, and that's my problem :)
Right now I am trying to understand the moving parts.
But from a message flow point of view it's these two :

Internet -> Firewall -> Proxmox Mail Gateway -> Ciphermail -> O365/Google/etc
and
Internet -> Firewall -> Proxmox Mail Gateway -> Ciphermail -> Proxmox Mail Gateway -> O365/Google/etc
 
Jan 20, 2022
5
1
3
22
Hmm - two things come to my mind:
* for mails which were already in the queue on PMG the relay will remain unchanged - maybe the logs only showed mails which were already queued?
* else verify that the newly set smarthost setting is actually reflected in the postfix configuration (/etc/postfix/main.cf) - the config is rendered from the configuration template [0] and the smart host set in the gui (and stored in /etc/pmg/pmg.conf) should be set as `default_transport` in main.cf

In general - the reference documentation should contain all necessary information:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html
(although in quite a terse form - so do feel free to ask questions here as well)

I hope this helps!

[0] https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
Thanks Stoiko, the settings I make in the UI are properly reflected in both config files:

main.cf: default_transport = smtp:ciphermail2.pie.local:25 pmg.conf: smarthost ciphermail2.pie.local

I can see from the OS logs that whenever I update the SMarthost setting in the UI, postfix is reloaded, so that's taken care of as well.
And yes, the reference document is what I keep at hand all week to find my way around.

There's got to be something else in play which is interfering, or I haven't fully grasped my setup. In any case more digging required :)

Edit: One thing I noticed just now, while PMG still sends all incoming emails to ciphermail.domain.local, automatically generated error responses, such as after an email bounce go to ciphermail2.domain.local.
Not sure what the explanation for this is, outbound is outbound, no matter if a proper email to Ciphermail or a error message to the original sender?
Anyway, enough for today…

Thanks for getting back!
Thomas
 
Last edited:

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,217
1,135
164
There's got to be something else in play which is interfering, or I haven't fully grasped my setup. In any case more digging required
On a hunch - maybe your systems are sending mail to the wrong port of PMG?
the mail flow outbound is:
downstream server -> PMG internal port -> smart_host (if present) -> internet
inbound is:
internet-> PMG external port -> default_relay (or domain specific relay set in Transports in the GUI)

else - if you provide some complete (or at least as little redacted as possible) logs we might be able to see what's at play here
(also `pmgconfig dump` would help)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!