IMAP for recipient verification?

C

Chris L.

Member
May 26, 2017
12
0
6
48
We have a mixed environment of mail servers that support LDAP and others that don't.
Does PMG support IMAP for recipient authentication?

Another product we use, uses IMAP to:
  1. Check that the recipient exists when receiving an email
  2. Authenticate the user when he/she is asked to visit the quarantine
Can those two be done with PMG and if not how do you handle non-LDAP environments?

Any help is much appreciated
 
I had already done that before asking the question.
I did not see any reference to authenticating the recipient via IMAP (when AD/LDAP is not an option).
From my experience the Proxmox guides are not always documenting things that can be done under the hood (i.e not via the GUI). I am thinking therefore if IMAP is an option but is not documented.

If it doesn't support IMAP then I find it quite restrictive since many mailservers out-there don't use AD or LDAP.
There is therefore no-way to support those servers.
Am I right in this assumption or I'm missing something here?

Can someone from Proxmox Server Solutions GmbH please contact us?
We have sent an enquiry to office@proxmox.com but we're still waiting for a reply.
We are looking to replace an existing commercial solution we have, at the earliest possible.



ljety said:
Please check online documentation: https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html for user management and authentication mode to access the quarantine interface.
Click to expand...
 
Recipient verification is done via SMTP. The LDAP integration is used for other niceties such as filter rules or authentication to the GUI of quarantines.

1.2 Features
Receiver Verification
Many of the junk messages reaching your network are emails to non-existent users. Proxmox Mail Gateway detects these emails on SMTP level, which means before they are transferred to your networks. This reduces the traffic to be analyzed for spam and viruses up to 90% and reduces the working load on your mail servers and scanners.
Click to expand...

1.2.8. LDAP integration
It is possible to query user and group data from LDAP servers. This may be used to build special filter rules, or just to provide authentication services for the Spam quarantine GUI.
Click to expand...
 
Recipient Verification:
"Recipient verification is done via SMTP"
I watched live logs and when a new incoming email comes it will ask the destination (internal) server for the user. If existent it accept the message.
If not existent it will forward to the sender the internal server's response "user does not exist.."
That's fine.
Q1: What if the internal server is NOT online? Will it keep the message?
I could not test the latter as our "internal" server is on production.

LDAP:
"The LDAP integration is used for other niceties such as filter rules or authentication to the GUI of quarantines"
Q2: What happens if the internal server does not have LDAP?

Take for example a postfix+dovecot server with no LDAP.
How will PMG authenticate those users to give them access to their Quarantine?

Moreover:
If the user is created manually in the PMG GUI then yes the quarantine is accessible.
If we need to migrate an existing 500-users non-ldap enabled mail server from the current commercial antispam gateway to PMG, are we supposed to create those user logins manually in PMG?!?!
This also assumes that the user does not have a single-sign-on facility anymore.
(The current antispam solution we have only requires the user's login credentials on the mail server and via IMAP authenticates the user in their Quarantine. It also caches those after their first login.)
 
Chris L. said:
Q1: What if the internal server is NOT online? Will it keep the message?
Click to expand...
AFAIR the users available will be cached. Somebody correct me if I am wrong.

Chris L. said:
Q2: What happens if the internal server does not have LDAP?
Click to expand...
Then you will not be able to use them for filter rules for example.
Chris L. said:
How will PMG authenticate those users to give them access to their Quarantine?
Click to expand...
The default setting is a token that is part of the link of the spam digest/report. LDAP needs to be specifically enabled if ti should be used as auth method to the quarantine.

So you don't need to have those users created / made available in the PMG unless you want your users to sign in to the Spam Quarantine instead of using the token created and sent in the Spam Digest.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back