Is the use of proxmox-mail-forward to handle mail on PVE?

[phep]

Hi,

By default /root/.foward is piping mail in /usr/bin/proxmox-mail-forward.

I failed to find any documentation for this program and while I found the source code this does not tell me if using this script is a requirement.

I'm new to Proxmox. Is there any compulsory reason to let this pipe-command in the .forward or may I feel free to configure the mail stack as I usually do on our Debian servers?

At least am I free to add some other destinations in the .forward file?

TIA,

phep

 

[Lukas Wagner]

For the sake of completeness I will briefly describe what the proxmox-mail-forward binary does: It looks up the mail address of the root@pam user (from /etc/pve/user.cfg, or /etc/proxmox-backup-server/user.cfg) and forwards the mail that it receives from Postfix via stdin to this address. This is done so that email notifications from various system daemons and PVE components which send their mail to the local 'root' user are forwarded to the email address for root@pam (this is the mail address that is entered during the installation of PVE).

If you edit .forward that will not happen any more. Apart from that there should be no side effects.

Soonish the proxmox-mail-forward binary will feed these mails into the new notification system (which offers multiple notification target endpoints, filtering, etc.), but this is not merged yet.

 

[phep]

OK. Thank you Lukas for this explanation. Looking at the source I had figured out what the script does but I was really not sure about the possible side effects.

Yet I think I'll keep the pipe in the .forward, I'll just add some local fluffiness.

 

[IamLunchbox]

For the sake of completeness I will briefly describe what the proxmox-mail-forward binary does: It looks up the mail address of the root@pam user (from /etc/pve/user.cfg, or /etc/proxmox-backup-server/user.cfg) and forwards the mail that it receives from Postfix via stdin to this address. This is done so that email notifications from various system daemons and PVE components which send their mail to the local 'root' user are forwarded to the email address for root@pam (this is the mail address that is entered during the installation of PVE).

If you edit .forward that will not happen any more. Apart from that there should be no side effects.

Soonish the proxmox-mail-forward binary will feed these mails into the new notification system (which offers multiple notification target endpoints, filtering, etc.), but this is not merged yet.

To attach to this question: The new notification system is live. But proxmox-mail-foward on fresh 8.2.1+ Nodes still tries to foward mails from root to the aforementioned mail address.
It uses the correct mail host from the notification system, but an incorrect sender address and destination port. I recognize this, because i get the bounced e-mail from the notification system delivered.

This is the notification.cfg:

root@node:~# cat /etc/pve/notifications.cfg
sendmail: mail-to-root
    comment Send mails to root@pam's email address
    disable true
    mailto-user root@pam

smtp: Mail
    from-address proxmox@test.de
    mailto admin@bsi-pt.de
    mailto-user root@pam
    mode tls
    server mail.test.de
    username proxmox@test.de

matcher: default-matcher
    comment Notify all warnings, error and unknown
    match-field exact:type=package-updates,fencing,replication,system-mail,vzdump
    match-severity warning,error,unknown
    mode all
    target Mail

matcher: Notify_all
    comment Notify all except backup
    match-field exact:type=package-updates,fencing,replication,system-mail
    match-severity info,notice,warning,error,unknown
    mode all
    target Mail

The E-Mail of successful backups bounce, because they try to reach the unavaiable port 25 (see above, tls mode is activated) with:

This is the mail system at host node.test.de

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<admin@test.de>: connect to mail.test.de[10.10.103.2]:25: Connection timed
    out

Syslog reports:

Feb 02 02:29:01 node postfix/smtp[1314503]: connect to mail.test.de[10.10.103.2]:25: Connection timed out
Feb 02 02:29:01 node postfix/smtp[1314503]: C6ADA2502E: to=<admin@test.de>, relay=none, delay=433100, delays=433070/0.05/30/0, dsn=4.4.1, status=deferred (connect to mail.bsi-pt.de[10.10.103.2]:25: Connection timed out)
Feb 02 02:29:01 node postfix/qmgr[1306319]: C6ADA2502E: from=<root@node.test.de>, status=expired, returned to sender
Feb 02 02:29:01 node postfix/cleanup[1315018]: 67C5228017: message-id=<20250202012901.67C5228017@node.test.de>
Feb 02 02:29:01 node postfix/bounce[1315017]: C6ADA2502E: sender non-delivery notification: 67C5228017
Feb 02 02:29:01 node postfix/qmgr[1306319]: 67C5228017: from=<>, size=2544, nrcpt=1 (queue active)
Feb 02 02:29:01 node postfix/qmgr[1306319]: C6ADA2502E: removed
Feb 02 02:29:06 node proxmox-mail-forward[1315020]: notified via target `Mail`
Feb 02 02:29:06 node postfix/local[1315019]: 67C5228017: to=<root@node.test.de>, relay=local, delay=4.6, delays=0.03/0.02/0/4.6, dsn=2.0.0, status=sent (delivered to command: /usr/bin/proxmox-mail-forward)

Can you confirm, that this is a bug? I think the forward should not happen or should use the correct config from the notification system. It seems, it does it halfway: It fowards the mail to root to the correct mail host, but with the wrong sender address and port.

 

[Lukas Wagner]

The E-Mail of successful backups bounce, because they try to reach the unavaiable port 25 (see above, tls mode is activated) with:

Set the "Notification Mode" setting for the backup job to "Notification System". If it is set to "Auto" and you have entered an email address as a recipient in the backup job, our notification stack will assume the 'legacy' mode, which is essentially just a 'sendmail' to the specified email address.

 

[IamLunchbox]

Ah, thankts for the heads up. Since legacy mode is considered, well, legacy, I assumed that auto would default to the new system!