Mail routed to an internal mailserver from an external IP is getting blocked. Relay access is being denied.

S

SamenICT

New Member
Feb 9, 2024
7
0
1
Hi,

We currently use this installation of PMG for one thing:
Relaying mail to another smarthost to end up in a different mailbox.

However, now we want to send mail to one specific domain to an internal mailserver.
I've got the transports set up as follows:
1707472935346.png

And this works just fine if we're sending the mail from an internal IP, since those are whitelisted under Networks.

The issue I'm running into is that the mailserver rejects the e-mails if it's coming from an external IP address that isn't whitelisted in networks, even though I have the whitelist set up as follows in the "Mail filter" section:
1707473077263.png

And the domain is whitelisted under "Who objects".
What can I do to accept all mail, from all IPs directed to this domain (but keep the rest of the configuration in place)?

Kind regards,
Rody
 
To add onto this: all mail not directed to this domain should still be whitelisted under "Networks", we do want to keep that in place.
 
I think you misunderstood @Bob.Dig all traffic from external IPs should be allowed to send mails to this particular domain.
The routing part works, I've tested sending mail from an internal server to that domain and everything gets routed correctly.

However, the relay access gets denied when an external IP tries to send mail to this particular domain because it's not whitelisted under 'Networks'.

All IPs sending traffic directed towards other domains should still have to be whitelisted under 'Networks', just this particular domain always needs to be let through.
 
That's odd, either someone before me changed something or I changed something subconsciously. But as far as I can remember that was never the case for us.

Alongside that, hypothetically speaking if I were to do that, how would I make it so that every IP address on earth can still send e-mails to that domain, and all mail directed towards another domain would still need to be on an IP whitelist? I don't want our mailserver to get abused.
 
Last edited:
SamenICT said:
That's odd, either someone before me changed something or I changed something subconsciously. But as far as I can remember that was never the case for us.

Alongside that, hypothetically speaking if I were to do that, how would I make it so that every IP address on earth can still send e-mails to that domain, and all mail directed towards another domain would still need to be on an IP whitelist? I don't want our mailserver to get abused.
Click to expand...
Don't open it to the public in the first place? But if you do it anyway, there is a mail filter rule system with blocklists and whitelists, to and from and so on, so you will be able to do this there.
 
That's what I tried to use, but it didn't work. That's what I stated in my initial post right? Or am I missing something?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back