Outgoing email rejecting from PMG

[powersupport]

We have configured a domain in PMG to filter the outgoing emails. but they are failing with the below error. Can anyone please advise? The erro message also shows an unknown hostname "news.og.com.sg"

2024-01-14T18:41:44.136861+08:00 pmg postfix/smtpd[65639]: warning: hostname news.og.com.sg does not resolve to address "IP address of mail server"
2024-01-14T18:41:44.137313+08:00 pmg postfix/smtpd[65639]: connect from unknown["IP address of mail server"]
2024-01-14T18:41:44.138822+08:00 pmg postfix/smtpd[65639]: NOQUEUE: reject: RCPT from unknown["IP address of mail server"]: 554 5.7.1 <team@gmail.com>: Relay access denied; from=<arun@domain.com> to=<team@gmail.com> proto=ESMTP helo=<mail.domain.com>
2024-01-14T18:41:44.139063+08:00 pmg postfix/smtpd[65639]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "team@gmail.com" from client "unknown["IP address of mail server"]"
2024-01-14T18:41:44.242425+08:00 pmg postfix/smtpd[65639]: disconnect from unknown["IP address of mail server"] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6

 

[Andrei9385]

Hello. By default proxmox(postfix) substitutes the local server name in the ehlo field. You need to change your configuration for ehlo as your PTR entry.

This is done by using a custom configuration.

mkdir /etc/pmg/templates
cp /var/lib/pmg/templates/main.cf.in /etc/pmg/templates/
nano /etc/pmg/templates/main.cf.in

Add these parameters and modify:

mydomain = smtp01.3l.ru
myhostname = smtp01.3l.ru
smtp_helo_name = smtp01.3l.ru

Read the configuration:

pmgconfig sync --restart 1

Documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

 

[powersupport]

Hi,

I tried but it seems not working, Does anyone know how to fix the issue, the main error is "Relay access denied" so it seems like the sending IP is not accepting, anyone can advice on this?

Thank you.

 

[Andrei9385]

Does your mail server accept incoming connections on port 25 ? You can check with telnet from pmg

 

[powersupport]

Yes, port connections are working, I have checked it, also, please note the issue is with outgoing.

Thank you

 

[powersupport]

Anyone can advise on this ? its been two weeks we are having this issue

 

[Andrei9385]

Hello. Try disabling these checks for the test:

 

[Stoiko Ivanov]

2024-01-14T18:41:44.136861+08:00 pmg postfix/smtpd[65639]: warning: hostname news.og.com.sg does not resolve to address "IP address of mail server"
2024-01-14T18:41:44.137313+08:00 pmg postfix/smtpd[65639]: connect from unknown["IP address of mail server"]

this is postfix telling you that the server that connects _to_ your PMG does not have a correct DNS setup (since your removed the ip address it's not possible to verify this)

2024-01-14T18:41:44.138822+08:00 pmg postfix/smtpd[65639]: NOQUEUE: reject: RCPT from unknown["IP address of mail server"]: 554 5.7.1 <team@gmail.com>: Relay access denied; from=<arun@domain.com> to=<team@gmail.com> proto=ESMTP helo=<mail.domain.com>

Does arun@domain.com (or rather the mailserver of domain.com) send the mail to the _internal_ port of PMG (26 in the default configuration)?
and is the mail-server's ip-address listed in the trusted networks? (both need to be true for outbound relaying...)

Hello. By default proxmox(postfix) substitutes the local server name in the ehlo field. You need to change your configuration for ehlo as your PTR entry.

This is done by using a custom configuration.

no this is not recommended in general - and the log-messages @powersupport shared do not point to an issue with DNS-records of the PMG.

In general - if you need guaranteed response-times for your requests I'd recommend getting a subscription of level Basic or higher and contact our enterprise support department (https://my.proxmox.com) - We try to help as good as possible in the Community forum as well, but sometimes our time is not enough, and we overlook threads - this does not happen in the Enterprise Support.

I hope this helps!

 

[powersupport]

Hi,

It is resolved now, may I know if we can use the same port 25 for external and internal

Thank you

 

[Andrei9385]

no this is not recommended in general

Could you explain in more detail ? HELO\EHLO must correspond to the PTR record. If the name of my virtual machine is pmg.domain.local, this name will be substituted by default. We're violating the RFC.

Tell me please, if I am from Russia, can we buy support ?

 

[Stoiko Ivanov]

It is resolved now, may I know if we can use the same port 25 for external and internal

no - these are 2 separate processes (postfix smtpd-listeners) - so they need to bind to different sockets.
(else if both listen to the same address+port - there is no way to distinguish which is the internal and which the external)

if you have 2 separate interfaces/IPs for internal and external - you can modify the master.cf.in template and use the 2 addresses with port 25 instead of int_port and ext_port

see:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
and the postfix documenation:
https://www.postfix.org/master.5.html (as one example of the docs)

 

[tom]

Tell me please, if I am from Russia, can we buy support ?

Based on my knowledge, we cannot sell to companies in Russia, but better contact sales@proxmox.com

 

[Stoiko Ivanov]

Could you explain in more detail ? HELO\EHLO must correspond to the PTR record. If the name of my virtual machine is pmg.domain.local, this name will be substituted by default. We're violating the RFC.

there is no hard requirement for this to be the case - and it's not a "violation of the RFC" - of course it makes sense and helps in getting your mails accepted to have forward->reverse and reverse->forward match (and also to have the ehlo name match this) - but there I would recommend to set the hostname of your PMG to the actual public name it has -
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_configuration_files_overview