Mailgateway on LXC, proper DNS settings

U

Urbaman

Member
Jan 1, 2022
138
12
23
49
Anzola dell'Emilia, Bologna, Italy
www.dreamlord.it
Hi,

I'm trying to install and setup PMG for my personal hosting, and I need a little help with DNS settings

Actual: a VPS with Virtualmin, DNS on cloudflare.
Wanted: PMG lxc on PVE, Vitrtualmin VM on PVE.

Now I have all of the cloudflare (external) DNS pointing to the VPS:
mail
smtp
imap
www
...


If I want to setup PMG lxc on PVE, Vitrtualmin VM on PVE, I will need to point all of the external DNS to my external IP, then port-forward them to
mail -> pmg
smtp, imap, www, ... -> virtualmin

Then, on the internal DNS server, I'll point like pmg1 to pgm for the GUI.

Am I right?

What should be the hostname for pmg? mail or pmg1? I think mail if it will be recognizable from other mailservers?

Thank you very much!
 
Hi,

using mostly such a setup myself (without cloudflare), may be I can point some things out.

Perhaps you've got only one external IP and only internal IPs for the lxc? Then portforwarding is the way to go, right.
But dont confuse smtp with ssmtp, seems unclear:

> mail -> pmg
> smtp, imap, www, ... -> virtualmin

mail here means port 25 i.e. smtp
smtp should include ports 465 ssmtp for SSL/TLS and submission 587 Start TLS.
imap 143/993, maybe pop3 110/995, too.

PMG will give you an internal port 26 which will be the port where all outgoing mails from virtualmin should go.
Make sure to protect all but the really needed ports using PVE firewall. Especially port 26 should not be reachable from outside.

Make sure you can create the (letsencrypt) certificates according to your DNS names. If PMG and Virtualmin are on the same IP,
the port 80/443 letsencrypt validation will get in conflict for http-01 validation. If Virtualmin is your DNS, too - setting up dns-01 validation may be an option.

Your reflection about DNS names should include the reverse DNS resolution, too. So the vps IP should perhaps best resolve to your mx DNS name, whatever it is (mail.., mx.., etc.) - don't know it this is handled by cloudflare.

Just ask if something is unclear, maybe I can help.
 
Last edited:
Hi,

Thank you very much for your insight!

I think ports 465 and 587 should point directly to the mailserver, not pmg, or I can't send from clients (pmg only listens to 25 and does not manage auth?)

I have quite a good setting now, I think, with also a double redirection.

MAIL(25): router->pfsense->pmg1->virtualmin
MAIL(465,587,IMAPS,POPS): router->pfsense->virtualmin

I do have only one IP, but do port-forwarding to the right internal IPs.

Thank you very much!
 
Urbaman said:
I think ports 465 and 587 should point directly to the mailserver, not pmg, or I can't send from clients (pmg only listens to 25 and does not manage auth?)
Click to expand...

Yes, sure, that's what I wrote/meant :)

Urbaman said:
MAIL(25): router->pfsense->pmg1->virtualmin
MAIL(465,587,IMAPS,POPS): router->pfsense->virtualmin
Click to expand...

Ok, pfsense (or OPNsense) is a way, too. If it is really needed on a VPS, if you could use PVE firewall ... don't know.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom