[TUTORIAL] Get Postfix to Send Notifications (Email) Externally

[Tommmii]

Thank you for the instructions. I followed step by step but my mail.info shows

connect to smtp.gmail.com[2607:f8b0:4023:c03::6c]:587: Network is unreachable

And mail.warn shows

warning: symlink leaves directory: /etc/postfix/./makedefs.out

Attached is my main.cf - any suggestions?

This : smtp.gmail.com[2607:f8b0:4023:c03::6c]:587 indicates that Postfix is using IPv6 to reach the relay.
Is your network/isp setup for IPv6 ?

If not, add this to main.cf :
inet_protocols = ipv4

and remove any other lines starting with inet_protocols

Then restart postfix
systemctl restart postfix.service

and flush the queue :
postfix -f

 

[SynCron]

Is your network/isp setup for IPv6 ?

If not, add this to main.cf :
inet_protocols = ipv4

YES! That did it - Thank you!

 

[Spirog]

Hello Just Read your Tutorial, Wanted to know If I need to have a Domain.com setup for Proxmox instead of just an IP address for the emails Tutorial to work?
Also do I need a SSL Cert for the domain https://myproxox.com as well for emails notifications to work?

if I can use just the IP Address the way I have it setup now to login to Proxmox would be great,

but if needing to use a domain and SSL Cert I will get that done as well before setting up the email as in your Tutorial

Just need to Clarify what I need to do
Thanks so much and Grateful for your Tutorial

Kind Regards,
Spiro

 

[bitsofzero]

Thanks. The tutorial was much appreciated. I've configured my servers to use a third party mail relay service.

I encountered one problem that was readily fixed:

postfix/smtp[1415]: SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger)

I merely had to add these two lines into the main.cf, restart postfix, and after that, things worked as expected.

smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

Thanks again.

 

[Spirog]

Had a quick question.

what alerts are setup by default to be sent for PVE Host. ? and or VM's
how can i manually test of those alerts will be emailed.

I have backups emailed and get those every night, but have not had any other alerts emailed from Proxmox ( which I'm sure is good news and hopefully no issues).

- But then again, not sure if they work.

So trying to figure out where I can find the alert setup and make sure to test each alert email or a alert email - just to make sure it works.

Thanks for anyone's help

 

[fmaione]

Had a quick question.

what alerts are setup by default to be sent for PVE Host. ? and or VM's

Not sure if I got your question, but if you check PVE admin guide, it says:

The email address is used to send notifications to the system administrator. For example:

• Information about available package updates.
• Error messages from periodic CRON jobs.

how can i manually test of those alerts will be emailed.

you can even use echo "This is a test" | mail -s "Test email" recipient-address@server.tld or, as explained by @Seed, echo "This is a test" | /usr/bin/pvemailforward

I have backups emailed and get those every night, but have not had any other alerts emailed from Proxmox ( which I'm sure is good news and hopefully no issues).

- But then again, not sure if they work.

So trying to figure out where I can find the alert setup and make sure to test each alert email or a alert email - just to make sure it works.

I think this is very difficult because you have to check every cron job... but maybe I'm wrong

Thanks for anyone's help

Hope it helps.

 

[fmaione]

I would like to thank @Seed and all of you guys for sharing this guide. I added also sender_canonical_maps because my relay smtp (a personal web server hosted on an hosting provider), would not route emails without canonical mapping.

So this is the whole thing. Assume that I created an email addres named my-email@my.own.hosted.server using cpanel on the hosting platform.

In main.cf:

relayhost = [my.own.hosted.server]:465
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps

In smtp_header_checks:

/^From:.*/ REPLACE From: HOSTNAME-alert <my-email@my.own.hosted.server>

In sender_canonical_maps:

/.+/    my-email@my.own.hosted.server

Obviously you need also to execute the sasl_passwd steps as explained by @Seed and install needed packages.

 

[lDemoNl]

Hello everyone!
I'm trying to setup mail notifications of backup process. I attached main.cf. I have Exchange as mail server withous tls. Am I right that I have to disable all tls parameters?
When I'm trying to send test mail I get error

root@pve01:~# echo "Test mail from postfix" | mail -s "Test Postfix" pve@mydomain.com
-bash: mail: command not found

Proxmox 7.1-10

 

[racitup]

For a locked down SMTP server using TLS, instead of the smtp_header_checks, I had to do:

# main.cf
smtp_generic_maps       = hash:/etc/postfix/login_map

# login_map
root@hostname.domain.tld    mailbox_user@domain.tld

mailbox_user@domain.tld would be the same as that used in sasl_passwd

edit:
Just noticed fmaione's sender_canonical_maps. That works too

 

[racitup]

So trying to figure out where I can find the alert setup and make sure to test each alert email or a alert email - just to make sure it works.

Use less /var/log/mail.info to see if there are any problems sending email

 

[gdaniel56]

Hi, i´m getting this error:

Aug 4 15:05:28 pve postfix/cleanup[1210048]: warning: pcre:/etc/postfix/header_checks.pcre is unavailable. unsupported dictionary type: pcre
Aug 4 15:05:28 pve postfix/cleanup[1210048]: warning: pcre:/etc/postfix/header_checks.pcre lookup error for "Received: by pvedps.domain.com (Postfix, from use
rid 0)??id 3BE68A158B; Thu, 4 Aug 2022 14:51:29 +0200 (CEST)"
Aug 4 15:05:28 pve postfix/cleanup[1210048]: warning: 3BE68A158B: header_checks map lookup problem -- message not accepted, try again later
Aug 4 15:05:28 pve postfix/pickup[1209969]: warning: maildrop/BB418A1581: error writing 3BE68A158B: queue file write error
Aug 4 15:05:28 pve postfix/cleanup[1257068]: warning: pcre:/etc/postfix/header_checks.pcre is unavailable. unsupported dictionary type: pcre
Aug 4 15:05:28 pve postfix/cleanup[1257068]: warning: pcre:/etc/postfix/header_checks.pcre lookup error for "Received: by pve.exampledomain.com (Postfix, from use
rid 0)??id 3BFE9A158B; Thu, 4 Aug 2022 14:57:25 +0200 (CEST)"
Aug 4 15:05:28 pve postfix/cleanup[1257068]: warning: 3BFE9A158B: header_checks map lookup problem -- message not accepted, try again later

and idk how to fix it, i´ve follow carefully this guide and nothing... i don´t know if is a 7.2 problem.

Thanks in advance

 

[Stoiko Ivanov]

Aug 4 15:05:28 pve postfix/cleanup[1210048]: warning: pcre:/etc/postfix/header_checks.pcre is unavailable. unsupported dictionary type: pcre

do you use header-checks?!

to quote from a few posts above:

For pcre support you'll need to install apt install postfix-pcre and restart postfix service

else I would really recommend to check the relevant documentation on postfix
https://www.postfix.org/postconf.5.html

to see what the config you're using actually does

I hope this helps!

 

[YamGZZ]

I want to add here that if you are experiencing authentication issues with your gmail account. You need to setup 2fa on your gmail account and configure "App Passwords" to allow Postfix to authenticate. More info here

 

[PeterAndersson]

For those of you using zoho as smtp server I managed to get it working with the following:
/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

myhostname=proxmox.domain.com

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain, localhost
# relayhost =
mynetworks = 127.0.0.0/8
inet_interfaces = loopback-only
recipient_delimiter = +

compatibility_level = 2

relayhost = smtp.zoho.com:465
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks

/etc/postfix/sasl_passwd
smtp.zoho.com user@domain.com:PASSWD

/etc/postfix/sender_canonical
/.+/ user@domain.com

/etc/postfix/smtp_header_checks
/^From:.*/ REPLACE From: Proxmox alert <user@domain.com>

/etc/postfix/tls_policy
smtp.zoho.com:465 encrypt

Then run the following to apply the changes

chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/tls_policy
apt-get install libsasl2-modules
postfix reload && systemctl restart postfix.service

 

[HardyBiscuit]

I'm not a big expert on postfix; however, although I'd like to get email alerts setup from Proxmox PVE, I think my configuration may be even simpler. As such, and as I overthink often, I need some direction.

I use ProtonMail and have an internal protonmail-bridge setup. On that same server, I already have postfix running as a listener/forwarder. It listens on 25, then forwards to localhost:1025, where protonmail-bridge is setup. It all works really well in this manner.

No auth is needed and on all of my other devices, all I need to configure is the To email address, the IP of my internal postfix relay (plus port) and that is it. It is a bit insecure but perfectly fine when used internal only.

What would be the best way to do this? If I handled it the way it is presented in the initial post, I think I'd be double relaying which I am not entirely sure would even work!

 

[jerryhopper]

Im using msmtp.

https://gist.github.com/movd/7a9e3db63d076f85d16c7dcde62fe401

 

[philv123]

Thanks for this guide! Everything worked well for me, except this one test below.

Test from PVE:

echo "test" | /usr/bin/pvemailforward

When I ran that, I get the error
-bash: /usr/bin/pvemailforward: No such file or directory

That doesn't seem to matter because I am getting mails from Proxmox about my automated backup jobs, which is what I needed.

 

[cwista]

When I ran that, I get the error
-bash: /usr/bin/pvemailforward: No such file or directory

Seems that in Proxmox 7 this have been renamed, so you can run that last test command like this now:

echo "Hello world from Proxmox" | /usr/bin/proxmox-mail-forward

But this guide was really good, and feel like it would be handy as part of the official post-setup guides.

 

[lonelytourist]

I would like to thank @Seed and all of you guys for sharing this guide. I added also sender_canonical_maps because my relay smtp (a personal web server hosted on an hosting provider), would not route emails without canonical mapping.

So this is the whole thing. Assume that I created an email addres named my-email@my.own.hosted.server using cpanel on the hosting platform.

In main.cf:

relayhost = [my.own.hosted.server]:465
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps

In smtp_header_checks:

/^From:.*/ REPLACE From: HOSTNAME-alert <my-email@my.own.hosted.server>

In sender_canonical_maps:

/.+/    my-email@my.own.hosted.server

Obviously you need also to execute the sasl_passwd steps as explained by @Seed and install needed packages.

Specifically, running pve-manager/7.3-4/d69b70d4 (running kernel: 5.15.83-1-pve) on Debian 11 , I needed to install postfix-pcre for the smtp_header_checks part.

I'm using gmail and I guess I had already installed the rest of the requirements (postfix, libsasl2-modules).

 

[lxiosjao]

Hi,
Thanks for the tuto.
I tried to test with

echo "Hello world from Proxmox" | /usr/bin/proxmox-mail-forward

and it works from my side.
I tried also to enable the zfs notification and it doesn't work.
For example, I made :

cd /tmp
dd if=/dev/zero of=sparse_file bs=1 count=0 seek=512M
zpool create test /tmp/sparse_file
zpool scrub test

It's supposed to send me a notification after the zfs scrub.
But it seems postfix use my hostname (root@myhostname) as the source email adress and not the email adress (gmail adress).

Error message :

sender address rejected: Domain not found (in reply to RCPT TO command)

Any idea how I can fix this ?

-------------------

EDIT : problem fixed with Postfix masquerading.
I didn't find the solution in the manual of proxmox.
https://www.cyberciti.biz/tips/howto-postfix-masquerade-change-email-mail-address.html