Filtering outgoing mails from KVM guest

B

babiypetr

New Member
May 5, 2020
3
0
1
46
Hello, I have two vps nodes and I want protect against outgoing spam.

I plan to do this:

1) Setup Proxmox Mail Gateway on the VDS servers placed another data center
2) Over iptables forwarding outgoing mail traffic from my vps nodes to the Proxmox Mail Gateway

Please tell me if this can work? Perhaps there are instructions on how to make such a decision?
 
babiypetr said:
Over iptables forwarding outgoing mail traffic from my vps nodes to the Proxmox Mail Gateway
Click to expand...
depends on how you want to implement this:
You can redirect traffic inbound to your VPS on port 25 (and other related ports) to PMG - but the sending servers will see that they are talking with PMG

* usually you should configure your servers to relay mail via PMG (set the smart-host to pmg's address)
* once this works you can probably add a firewall rule to block outgoing connections from your VPS to port 25 (apart from the ones going to PMG)

I hope this helps!
 
  • Like
Reactions: babiypetr
Stoiko Ivanov said:
depends on how you want to implement this:
You can redirect traffic inbound to your VPS on port 25 (and other related ports) to PMG - but the sending servers will see that they are talking with PMG

* usually you should configure your servers to relay mail via PMG (set the smart-host to pmg's address)
* once this works you can probably add a firewall rule to block outgoing connections from your VPS to port 25 (apart from the ones going to PMG)

I hope this helps!
Click to expand...
I want use PMG only outgoing mail traffic, ingoing traffic going directly on the client vps, but outgoing over PMG - Is it possible?
 
babiypetr said:
I want use PMG only outgoing mail traffic, ingoing traffic going directly on the client vps, but outgoing over PMG - Is it possible?
Click to expand...
yes as written - add pmg as smart-host to your vps and block all outgoing connections to port 25 (i.e. the ones with the syn bit set) to all ips apart from pmgs
 
  • Like
Reactions: babiypetr
Many Thank's , this is a good decision.

But this clients VPS, and I want use PMG as transparent mail proxy, Is it possible to process mail traffic without configure a smarthost inside the VDS?

I think that asking customers to make additional settings is not very good. Or am I mistaken and is this normal practice?
 
PMG is not a transparent proxy (and I would not see how it could be made into one easily) .

babiypetr said:
Or am I mistaken and is this normal practice?
Click to expand...
depends on the setup and use case, but I think quite a few hosting providers offer outbound e-mail only via smart-host
 
You must log in or register to reply here.
Top Bottom