Mailgateway as extra filter

S

scornelissen

Active Member
Jan 8, 2018
12
1
41
38
Hello,

Currently we have a mailserver running. Is it possible to use PMG as an extra layer of filtering whereby our mailserver still does the filtering and Proxmox Mail Gateway adds extra filtering we would apply? And how do I need to deploy this? I thought this would work:

Code: 
Internet --> <ext-ip> Firewall <internal-ip> --> Proxmox Mail Gateway <internal-ip> --> <internal-ip> Internal mailserver

Whereby PMG and the internal mailserver would apply both spam filtering, but when I PMG send the mail to the internal mailserver, this one handles it as internal traffic and bypasses spam filtering. If I use and external IP-address to forward mail from PMG to our internal mailserver, then SPF would fail in the internal mailserver.

Is this supposed to work?
 
Last edited:
scornelissen85 said:
Currently we have a mailserver running. Is it possible to use PMG as an extra layer of filtering whereby our mailserver still does the filtering and Proxmox Mail Gateway adds extra filtering we would apply?
Click to expand...
This is usually the way PMG is deployed (and it should not matter if the downstream server (Internal mailserver) does additional filtering)

scornelissen85 said:
Whereby PMG and the internal mailserver would apply both spam filtering, but when I PMG send the mail to the internal mailserver, this one handles it as internal traffic and bypasses spam filtering.
Click to expand...
This can usually be configured on the internal mail server (add PMG as trusted relay - but that depends on the mail software running on the internal server)

scornelissen85 said:
If I use and external IP-address to forward mail from PMG to our internal mailserver, then SPF would fail in the internal mailserver.
Click to expand...
yes it would - we recommend to either disable SPF checking on the internal mail-server - or at least accept mail from PMG without considering SPF

I'd suggest you just try it out (setting up PMG is a matter of a few minutes) and as long as you don't point your MX records to PMG it should not be in the way of your mail-flow

Check out the reference documentation on the topic:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#chapter_deployment

I hope this helps!
 
Stoiko Ivanov said:
This is usually the way PMG is deployed (and it should not matter if the downstream server (Internal mailserver) does additional filtering)


This can usually be configured on the internal mail server (add PMG as trusted relay - but that depends on the mail software running on the internal server)


yes it would - we recommend to either disable SPF checking on the internal mail-server - or at least accept mail from PMG without considering SPF

I'd suggest you just try it out (setting up PMG is a matter of a few minutes) and as long as you don't point your MX records to PMG it should not be in the way of your mail-flow

Check out the reference documentation on the topic:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#chapter_deployment

I hope this helps!
Click to expand...
Our mailserver has the only ability to set an internal IPv4 range as trusted network. PMG is in this trusted network and such our mailserver applies no filter anymore. The "solution" I have (and that seems to work) is dat PMG send the mail to our mailserver via an external IP-address. Then our internal mailserver handles it as "untrusted" and does the scanning. It's not very nice, but for our mailserver this looks the working solution. Even if I set PMG outside of our current IPv4 block, it still passes the filtering as it states that internal IP-addresses will bypass spam filtering.

Code: 
Internet <external-ip> -> Firewall <internal-ip> -> PMG -> Firewall <external-ip> -> Firewall <internal-ip> -> mailserver

I then have to disable the SPF checking on our internal mailserver. But one of the nice things in our current mailserver is that we can increase a spam score if the SPF check failed. In PMG it's quite hard blocking if SPF fails?
 
Last edited:
scornelissen85 said:
I then have to disable the SPF checking on our internal mailserver. But one of the nice things in our current mailserver is that we can increase a spam score if the SPF check failed. In PMG it's quite hard blocking if SPF fails?
Click to expand...
You can set custom SPF_FAIL score under Configuration -> Spam Detector -> Custom Scores.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back