Outgoing email to smarthost

Feb 21, 2023
32
0
6
1693243698178.png

Is this the setting to enable sending all outgoing emails to a specifict mailserver (smarhost)? Will it support autoification aswell? where do I enter username and password for this?
 
PMG is usually deployed as a proxy for the public internet - and has no built-in support for SMTPAUTH with the smarthost - you can always edit the postfix configuration using the templating system:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

and enable this (there are quite a few threads in this forum, which describe the setup).
additionally guessing from the port 465 - I assume that this is SMTPS (meaning using TLS without STARTTLS ) - you need to adapt the configuration for this as well - see:
https://www.postfix.org/TLS_README.html#client_smtps

I hope this helps!
 
this is an sample of the log from current setup to deliver email to this smarthost. I would like to use PMG for this.

2023-08-01T15:12:13.905Z,Bahnhof,08DB87AF0EA761BC,1,,79.136.2.55:587,*,,attempting to connect
2023-08-01T15:12:13.907Z,Bahnhof,08DB87AF0EA761BC,2,192.168.1.4:37430,79.136.2.55:587,+,,
2023-08-01T15:12:13.962Z,Bahnhof,08DB87AF0EA761BC,3,192.168.1.4:37430,79.136.2.55:587,<,220 pio-pvt-msa3.bahnhof.se,
2023-08-01T15:12:13.962Z,Bahnhof,08DB87AF0EA761BC,4,192.168.1.4:37430,79.136.2.55:587,>,EHLO dmz.se,
2023-08-01T15:12:13.964Z,Bahnhof,08DB87AF0EA761BC,5,192.168.1.4:37430,79.136.2.55:587,<,250 pio-pvt-msa3.bahnhof.se PIPELINING SIZE 52428800 ETRN AUTH PLAIN LOGIN ENHANCEDSTATUSCODES 8BITMIME DSN CHUNKING STARTTLS,
2023-08-01T15:12:13.964Z,Bahnhof,08DB87AF0EA761BC,6,192.168.1.4:37430,79.136.2.55:587,>,STARTTLS,
2023-08-01T15:12:13.965Z,Bahnhof,08DB87AF0EA761BC,7,192.168.1.4:37430,79.136.2.55:587,<,220 Ready to start TLS,
2023-08-01T15:12:13.974Z,Bahnhof,08DB87AF0EA761BC,8,192.168.1.4:37430,79.136.2.55:587,*," CN=bahnhof.se CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB 5B2E51E13A5D6F0CE0B4D5BF00906981 D521060B26968E180DD9720FCEA24A2591874254 2023-01-03T01:00:00.000Z 2024-01-04T00:59:59.000Z bahnhof.se;*.foretag.bahnhof.se;*.privat.bahnhof.se",Remote certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2023-08-01T15:12:13.974Z,Bahnhof,08DB87AF0EA761BC,9,192.168.1.4:37430,79.136.2.55:587,*,,"TLS protocol SP_PROT_TLS1_2_CLIENT negotiation succeeded using bulk encryption algorithm CALG_AES_256 with strength 256 bits, MAC hash algorithm CALG_SHA_384 with strength 0 bits and key exchange algorithm CALG_RSA_KEYX with strength 2048 bits"
2023-08-01T15:12:13.974Z,Bahnhof,08DB87AF0EA761BC,10,192.168.1.4:37430,79.136.2.55:587,*,D521060B26968E180DD9720FCEA24A2591874254,Received certificate Thumbprint
2023-08-01T15:12:13.976Z,Bahnhof,08DB87AF0EA761BC,11,192.168.1.4:37430,79.136.2.55:587,*,Valid,Chain validation status
2023-08-01T15:12:13.976Z,Bahnhof,08DB87AF0EA761BC,12,192.168.1.4:37430,79.136.2.55:587,*," CN=bahnhof.se CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB 5B2E51E13A5D6F0CE0B4D5BF00906981 D521060B26968E180DD9720FCEA24A2591874254 2023-01-03T01:00:00.000Z 2024-01-04T00:59:59.000Z bahnhof.se;*.foretag.bahnhof.se;*.privat.bahnhof.se",SmartHost certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2023-08-01T15:12:13.976Z,Bahnhof,08DB87AF0EA761BC,13,192.168.1.4:37430,79.136.2.55:587,>,EHLO dmz.se,
2023-08-01T15:12:13.978Z,Bahnhof,08DB87AF0EA761BC,14,192.168.1.4:37430,79.136.2.55:587,<,250 pio-pvt-msa3.bahnhof.se PIPELINING SIZE 52428800 ETRN AUTH PLAIN LOGIN ENHANCEDSTATUSCODES 8BITMIME DSN CHUNKING,
2023-08-01T15:12:13.978Z,Bahnhof,08DB87AF0EA761BC,15,192.168.1.4:37430,79.136.2.55:587,>,AUTH LOGIN,
2023-08-01T15:12:13.981Z,Bahnhof,08DB87AF0EA761BC,16,192.168.1.4:37430,79.136.2.55:587,<,334 <authentication information>,
2023-08-01T15:12:13.981Z,Bahnhof,08DB87AF0EA761BC,17,192.168.1.4:37430,79.136.2.55:587,>,<Binary Data>,
2023-08-01T15:12:13.983Z,Bahnhof,08DB87AF0EA761BC,18,192.168.1.4:37430,79.136.2.55:587,<,334 <authentication information>,
2023-08-01T15:12:13.983Z,Bahnhof,08DB87AF0EA761BC,19,192.168.1.4:37430,79.136.2.55:587,>,<Binary Data>,
2023-08-01T15:12:13.990Z,Bahnhof,08DB87AF0EA761BC,20,192.168.1.4:37430,79.136.2.55:587,<,235 2.7.0 Authentication successful,
2023-08-01T15:12:13.991Z,Bahnhof,08DB87AF0EA761BC,21,192.168.1.4:37430,79.136.2.55:587,*,,sending message with RecordId 13859859464202 and InternetMessageId <2115f5964d264e2697cf064fceb75250@MUSTANG.dmz.se>
2023-08-01T15:12:13.991Z,Bahnhof,08DB87AF0EA761BC,22,192.168.1.4:37430,79.136.2.55:587,>,MAIL FROM:<> SIZE=6259,
2023-08-01T15:12:13.991Z,Bahnhof,08DB87AF0EA761BC,23,192.168.1.4:37430,79.136.2.55:587,>,RCPT TO:<no-reply@msg.flysas.com> NOTIFY=NEVER,
2023-08-01T15:12:13.998Z,Bahnhof,08DB87AF0EA761BC,24,192.168.1.4:37430,79.136.2.55:587,<,250 2.1.0 Ok,
2023-08-01T15:12:13.998Z,Bahnhof,08DB87AF0EA761BC,25,192.168.1.4:37430,79.136.2.55:587,<,554 5.7.1 <>: Sender address rejected: Null sender not allowed here,
2023-08-01T15:12:13.999Z,Bahnhof,08DB87AF0EA761BC,26,192.168.1.4:37430,79.136.2.55:587,>,QUIT,
2023-08-01T15:12:14.001Z,Bahnhof,08DB87AF0EA761BC,27,192.168.1.4:37430,79.136.2.55:587,<,221 2.0.0 Bye,
 
see this post (and the linked articles) for how to configure SMTP-AUTH to your smarthost ....:
https://forum.proxmox.com/threads/p...ynamic-ip-how-to-configure.105889/post-456059

else - the posted logs only refer to port 587 (mail submission), which does not need any special treatment w.r.t. TLS (as long as you've enabled TLS in the PMG GUI it will try to STARTTLS everywhere)

one issue in the log is:
554 5.7.1 <>: Sender address rejected: Null sender not allowed here,
your ISPs mail-out host (pio-pvt-msa3.bahnhof.se ) does not seem to accept mails with empty envelope-from - PMG does send out quite a few mails with empty envelope from (the quarantine and admin reports to name a few) you need to speak with your ISP how to send such mails.

I hope this helps!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!