How to allow an external website to send emails on my behalf

4

4ge78f3ff

New Member
Proxmox Subscriber
Dec 17, 2025
2
0
1
Dear community, dear developers,

I have to allow an external website to send emails on my behalf. This site (Typo3) can only reliably send emails via SMTP (authentication) port 587 – port 25 unfortunately doesn't work.

Is this technically possible with the Proxmox mail gateway, or is it not recommended?
 
You could use it as outgoing filter for your typo3 instance, I'd say this is a reasonnable usecase for PMG, heh!
You'd need to setup 587 port either using the firewall, or by tweaking postfix conf (setting up "submission" protocol the same way smtp is done in master.conf, for example..)
 
Is this the right way?


mkdir -p /etc/pmg/templates
cp /var/lib/pmg/templates/master.cf.in /etc/pmg/templates/master.cf.in

nano /etc/pmg/templates/master.cf.in

submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

systemctl reload postfix


ss -lntp | grep 587

LISTEN 0 100 *:587

In the firewall rules, I will set just one IP adress to allow to connect via 587 to the PMG
 
Last edited:
4ge78f3ff said:
Is this the right way?


mkdir -p /etc/pmg/templates
cp /var/lib/pmg/templates/master.cf.in /etc/pmg/templates/master.cf.in

nano /etc/pmg/templates/master.cf.in

submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

systemctl reload postfix


ss -lntp | grep 587

LISTEN 0 100 *:587

In the firewall rules, I will set just one IP adress to allow to connect via 587 to the PMG
Click to expand...
Typical setup is

INTERNET/WAN <-----> Firewall <----> PMG <----> Mail server

So with your firewall just create a NAT rule that routes port 587 to your Mail Server, not your PMG. This makes sense anyways because PMG just checks incoming and outgoing mail, 465, 587, 143, 993 are ports used for IMAP/SMTP authentication against a mailserver.
So if your Mail Server is 192.168.1.3 for example, setup a NAT rule that when someone requests port 587 on your PUBLIC IP, the firewall sends the request to your mail server at 192.168.1.3.

But it looks like you're also using your PMG as a Mail Server? I've personally never done this and don't think PMG was designed in mind to act as a mail-server. I'm sure it can be done, but I think you'd be better off having a dedicated mail server that sits behind PMG and receives and sends mails THROUGH PMG.

Here is a basic graphic and explanation on the main website: https://www.proxmox.com/en/products/proxmox-mail-gateway/features
 
Last edited:
You must log in or register to reply here.
Top Bottom
Back