[SOLVED] LDAP receiver verification / individual and groups forwards


Active Member
Sep 26, 2019
St Louis
In a perfect world, PMG would use the LDAP directory for:
- receiver verification
- receiver forwards (sally@bigcompany.com ==> sallyworksfromhome@aol.com)
- group forwards (tech@bigcompany.com==> joe@bigcompany.com, sam@bigcompany.com, sally@bigcompany.com)
- provide quarantine interface credentials

Currently, we have this information in various text files. We are implementing PMG on a PVE host, is there a preferred LDAP implementation?

I have a few hundred email addresses, approximately 20 groups and another 20 individual forwards. Email lives on a mixture of Google Apps, Office 365 and Dovecot.
Is this a good idea, would it be better to keep this information in various Postfix configuration files?
IMO part of the requested functionality is not in the scope of PMG (which acts as a proxy for spam and virus scanning, less as final e-mail delivery hub).

- receiver verification
In PMG you can use the postfix-builtin receiver verification, which works by trying to deliver a mail to a receiver and caches both positive (200) and negative (4xx and 5xx) results. This has the advantage, that it also detects conditions which are not only based on whether the e-mail address exists (e.g. some setups use quotas and reply with a 4xx if the mailbox is over quota). Another upside is that it is quite robust, should the downstream server be down ... (it just sends a tempfail 4xx and the initial sender tries again later) - see http://www.postfix.org/ADDRESS_VERIFICATION_README.html . In PMG it can be enabled in Configuration -> Mail Proxy -> Options.

- provide quarantine interface credentials
This already works: Configuration -> Spam Detector -> Quarantine -> Authentication Mode

The other 2 Points I would rather implement in the downstream server (you can also use a GroupWare solution like Zimbra, which brings those features (and AFAIR an LDAP-server))

Is this a good idea, would it be better to keep this information in various Postfix configuration files?
With 20-40 entries this is a good question - for 4-5 I'd say keep it in config-files - for 100 I'd definitely chose LDAP - in-between it depends on whether they change quite often, or if you plan to add more entries.
* LDAP makes it simpler for the users to change their settings by themselves (and it is easier to get setup in a fault-tolerant setup)
* config-files are simpler as a concept and for singe-node setups probably more robusst

I hope this helps!
  • Like
Reactions: KatyComputer
My primary concern is the elimination of backscatter. I don't want PMG to accept a message for joeblow@bigcompany.com, forward that message to Office365, then have that message returned to sender in a separate transaction.

It seems PMG handles this situation brilliantly. The first time Joe gets an email PMG replies with:
SERVER -> CLIENT: 450 4.7.1 <joeblow@bigcompany.com>: Recipient address rejected: Service is unavailable (try later)
SMTP ERROR: RCPT TO command failed: 450 4.7.1 <joeblow@bigcompany.com>: Recipient address rejected: Service is unavailable (try later)

The second attempt looks like this:
SERVER -> CLIENT: 250 2.0.0 Ok: queued as D742E4217B
SERVER -> CLIENT: 221 2.0.0 Bye
Connection: closed
Message completed successfully.

BTW: Wormly provides a nice SMTP diagnostic tool, I used it to test PMG's handling of incoming mail. https://www.wormly.com/test-smtp-server

Nice job Proxmox & Postfix!
Thanks for sharing the tip with wormly!

So Recepient Verification works for you? - If yes please mark the thread as 'SOLVED' - it might help others!
  • Like
Reactions: KatyComputer
How do I mark the thread "Solved"? I spent a bit of time on the Xenforo site -no joy...
On top (above the first post) -> klick on the 3 dots (... ) -> Edit thread -> select prefix SOLVED :) (I changed it for you).

I am looking forward to getting my "Proxmox Subscriber" trophy :)
Click on your account -> Account Details (where your email is shown) -> Proxmox Subscription Key (there you enter your Subscription Key :)
  • Like
Reactions: KatyComputer


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!