Integrating PMG and Setting up Certificates & DNS Records

A

Astraea

Renowned Member
Aug 25, 2018
223
39
68
In the interest of full disclousre, I have been Proxmox VE and Proxmox MG for a while now but I defiantly am much more versed in the Virtual Environment than the Mail Gateway. While in the process of completely overhauling the hardware in my home data center and setting things up again from scratch I started to update my security and other practice. My plan is to have the mail gateway both receive and send all the emails for my 3 domains like I had before this overhaul but I want to have proper SSL, PTR, DMARC, STARTTLS, SPF and DIKM records, and this is where I get a little lost.

It is my understanding that I need to set up my domain DNS records so that the MX records point to the public IP of where my mail gateway, which is what I have done in the past. But should the other records (DMARC, STARTTLS, SPF and DIKM) point to the mail gateway or the mail server (Mailcow)? I believe if I am understanding this correctly the only certificate that my mail server needs are SSL for the IMAP and Incoming SMTP submissions from users and for its webUI. The rest of the DNS entries and certificates should be going to the gateway. Correct?

Also is it bad practice to have multiple servers get their own certificates? such as having my reverse proxy get its own wild card certificate and then have the mail server and the mail gateway also get their own certificates? or should I be using one server to get the required certificates and sending them out to the servers that need them over something like SCP or a samba share?
 
DMARC etc need to point to server, which is sending the mail, so mailservers. There is no cost to having PMG in those records too anyway.

For certificates, the right way is such that works in long run.
 
So I ended up getting things working by having a valid certificate on both my mail gateway and my mail server and have also setup all the appropriate supporting DNS entries as well the only part that I have not setup is DIKM.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back