Microsoft Exchange 2019 integration

[mohkhalifa]

Dear Guys,
Please note that I'm new here. I just installed PMG-VM and I'm looking for a best practice configuration to integrate my PMG with my MS Exchange Server for inbound and outbound e-Mails. Also, I did a registration in Barracuda and SpamHaus but I don't know also how can I use them with PMG ?
Thanks and looking forward to get your kind reply.

 

[aaron]

Have you taken a look at the Getting started section in the PMG wiki[0]?
Also check out the documentation [1].

If you also want to send outbound mails via the PMG make sure to send it from the Exchange server to the PMG on port 26!

Otherwise I think we need more specific questions

[0] https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
[1] https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html

 

[mohkhalifa]

Have you taken a look at the Getting started section in the PMG wiki[0]?
Also check out the documentation [1].

If you also want to send outbound mails via the PMG make sure to send it from the Exchange server to the PMG on port 26!

Otherwise I think we need more specific questions

[0] https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
[1] https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html

Dear aaron,
Thanks for your reply. that's what I did exactly,
Exchange Configuration:
1- Configured my MS Exchange receive connector with port 25
2- Configured my MS Exchange Send connector with port 26 and routing through PMG FQDN as a smart-host
PMG:
1- Relaying:
- Default replay: my Exchange server FQDN "mail.example.com"
- Relay Port: 25
- Disable MX lookup: No
- smarthost: none
2- Relay Domains:
- Relay Domain: my domain name "example.com"
3- Ports:
- External SMTP Port: 25
- Internal SMTP Port: 26
4- Options:
- DNSBL Sites: b.barracudacentral.org,zen.spamhaus.org - "How to confirm that they are working ?"
- Use SPF: Yes
5- Transport:
empty
6- Network:
- Trusted Network: My Exchange Server IP/32
7- TLS:
- Enable TLS: YEs
- TLS Destination Policy: empty
8- DKIM:
- Enable DKIM Signing: Yes - "Resolved from my public DNS"
- Sign Domains: My Domain name "example.com"
- Whitelist: empty

That's all the configuration I did in PMG. receiving e-Mails working good BUT I'm facing a problem is sending e-Mails. at the beginning I was receiving "Remote Server returned '554 5.7.1 <user@example.com>: Relay access denied" but after adding My Exchange IP address in the Network Trust I received another message "550 Access denied - Invalid HELO name (See RFC5321 4.1.1.1) (in reply to RCPT TO command)"

So, What is my problem and where am I mistaken ? also, is there any other configuration needed ?

Thanks,

 

[mohkhalifa]

Any Help ?

 

[hata_ph]

Pls show your PMG log for further checking...

 

[mohkhalifa]

while sending e-Mails that's the log message
"550 Access denied - Invalid HELO name (See RFC5321 4.1.1.1) (in reply to RCPT TO command)"
Also, I added smtp_helo_name = mymailserver FQDN to the main.cf.in file

 

[hata_ph]

show output of your main.cf and postconf

 

[Stoiko Ivanov]

Seems like an issue inside MS Exchange - short searching points to the configuration of the Send Connector:
https://social.technet.microsoft.co...helo-name-see-rfc2821-4111?forum=exchange2010
https://social.technet.microsoft.co...ed-invalid-helo-name?forum=exchangesvrgeneral

 

[mohkhalifa]

Exchange is not the problem because exchange is sending the messages to PMG via the smart host to handle it. Now the problem for some SMTP servers are rejecting my messages with "550 Access denied - Invalid HELO name (See RFC5321 4.1.1.1) (in replyto RCPT TO command)" .
So, I need to enable SMTP authentication and change the Helo message but there are not clear in the documentation.
Please Advise!

 

[Stoiko Ivanov]

Please post the complete log of a message, which gets rejected with Invalid HELO name - otherwise it's not really possible to see which system answers to which system with 550

If you need to anonymize the logs - do so in a way that there is still a clear distinction between the different sytems

 

[mohkhalifa]

Dec 16 19:21:35 proxmox postfix/smtpd[1113]: connect from mail.MyDomainName.com[10.10.100.15]
Dec 16 19:21:35 proxmox postfix/smtpd[1113]: 78D8080154: client=mail.MyDomainName.com[10.10.100.15]
Dec 16 19:21:35 proxmox postfix/cleanup[1119]: 78D8080154: message-id=<155ce65cb86d47b787f5df1830afa113@MyDomainName.com>
Dec 16 19:21:35 proxmox postfix/qmgr[973]: 78D8080154: from=<user@MyDomainName.com>, size=2900, nrcpt=1 (queue active)
Dec 16 19:21:35 proxmox pmg-smtp-filter[1013]: 2020/12/16-19:21:35 CONNECT TCP Peer: "[127.0.0.1]:38894" Local: "[127.0.0.1]:10023"
Dec 16 19:21:35 proxmox pmg-smtp-filter[1013]: 810585FDA421F99E68: new mail message-id=<155ce65cb86d47b787f5df1830afa113@MyDomainName.com>
Dec 16 19:21:35 proxmox postfix/smtpd[1125]: connect from localhost.localdomain[127.0.0.1]
Dec 16 19:21:35 proxmox postfix/smtpd[1125]: D98E781061: client=localhost.localdomain[127.0.0.1], orig_client=mail.MyDomainName.com[10.10.100.15]
Dec 16 19:21:35 proxmox postfix/cleanup[1119]: D98E781061: message-id=<155ce65cb86d47b787f5df1830afa113@MyDomainName.com>
Dec 16 19:21:35 proxmox postfix/qmgr[973]: D98E781061: from=<user@MyDomainName.com>, size=3748, nrcpt=1 (queue active)
Dec 16 19:21:35 proxmox postfix/smtpd[1125]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Dec 16 19:21:35 proxmox pmg-smtp-filter[1013]: 810585FDA421F99E68: accept mail to <user@OtherDomainName.com> (D98E781061) (rule: default-accept)
Dec 16 19:21:35 proxmox pmg-smtp-filter[1013]: 810585FDA421F99E68: processing time: 0.266 seconds (0, 0.097, 0)
Dec 16 19:21:35 proxmox postfix/lmtp[1120]: 78D8080154: to=<user@OtherDomainName.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.48, delays=0.09/0.07/0/0.32, dsn=2.5.0, status=sent (250 2.5.0 OK (810585FDA421F99E68))
Dec 16 19:21:35 proxmox postfix/qmgr[973]: 78D8080154: removed
Dec 16 19:21:35 proxmox postfix/smtpd[1113]: disconnect from mail.MyDomainName.com[10.10.100.15] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Dec 16 19:21:37 proxmox postfix/smtp[1126]: D98E781061: to=<user@OtherDomainName.com>, relay=mx.spamexperts.com[130.117.54.106]:25, delay=1.5, delays=0.01/0.03/0.72/0.69, dsn=5.0.0, status=bounced (host mx.spamexperts.com[130.117.54.106] said: 550 Access denied - Invalid HELO name (See RFC5321 4.1.1.1) (in reply to RCPT TO command))

 

[Stoiko Ivanov]

Seems there is a mismatch between what your PMG sends as helo_name, and what your IP-address resolves to in DNS:
please post the output of:

postconf -d |grep -E 'helo|myhostnam'
dig -x your.pmg.public.ip
dig $(hostname -f)

(replace your.pmg.public.ip by the IP your PMG uses for outbound communication (the public IP of your PMG, or the one it's outbound traffic gets NATed to)
for dig you might need to install dnsutils

I hope this helps!

 

[khoipham]

Hi guy i want to ask about external port smtp can we config authen on that port.
I'm using exchange 2019 can send email from internal but can not send email from external port, i also config ldap for authen but it didn't work.

 

[Mike_9494]

I’m interested in this question as well. Could you point out which specific section in the documentation I should read?