[SOLVED] Outgoing email IP (SMTP at pmg) different from incoming mail IP (public IP at haproxy) - fail of ptr test

Fra

Renowned Member
Dec 10, 2011
141
10
83
In our setup the email outgoing IP (the Pmg, latest version) is different from the incoming mail IP (which is haproxy, that then has the Pmg as backend).

I guess it is not an issue to have two different IPs since so many email server work this way, but we see our outgoing mail failing the x-ptr=fail , so we are not setting up things properly:

This is what the recipient see when we send an email:

Code:
Authentication-Results:
    x-csa=none;
    x-me-sender=none;
    x-ptr=fail smtp.helo=pmg.incoming.example.com
      policy.ptr=pmg.outgoing.example.com

* the outgoing IP (the Pmg) has Reverse DNS on pmg.outgoing.example.com

* the incoming IP (haproxy) has Reverse DNS on pmg.incoming.example.com

The HELO on the Pmg, as you can see, is set to pmg.incoming.example.com

The MX record of the domain (e.g. example.com) is set to pmg.incoming.example.com

The SPF record is of course set to allow pmg.outgoing.example.com, no issue with that.

Well, in the haproxy server we could just install a Postfix and set the Pmg to use it as a smarthost (this way we have the same IP for incoming and outgoing mail), should we?

Any advice is more then welcome: we are just approaching the Pmg and realize we really need it, so we are ready to take time to understand it
 
Last edited:
maybe we should just route outgoing internet traffic of the Pmg to haproxy, so to have the same IP for incoming and outgoing mail traffic?
 
The HELO on the Pmg, as you can see, is set to pmg.incoming.example.com
I guess this is the issue - quite some SMTP servers expect there to be a match between helo-name and ptr record (in addition to forward and ptr) to match each other.

(you should be able to set the helo banner and the helo-name used independent of each other - look for smtp_helo_name in the postfix docs)

to adapt the config in pmg you need to use the templateing system:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
 
  • Like
Reactions: Fra
I guess this is the issue - quite some SMTP servers expect there to be a match between helo-name and ptr record (in addition to forward and ptr) to match each other.

(you should be able to set the helo banner and the helo-name used independent of each other - look for smtp_helo_name in the postfix docs)

to adapt the config in pmg you need to use the templateing system:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

Omg, thank you so much!

Problem solved, I've added in the template /etc/pmg/templates/main.cf.in

Code:
smtp_helo_name = pmg.incoming.example.com

and now everything works!

thanks also for tips in https://forum.proxmox.com/threads/change-smtp-banner-and-ehlo-response.57183/post-263590
 
Last edited:
  • Like
Reactions: Stoiko Ivanov

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!