PMG behind NPM not receiving any emails

Flosen · Jul 16, 2023

Hi,

went through severals searches already, but I can't find the reason for this issue.

My PMG does not receive any emails, behind the NGINX Reverse Proxy Manager.

Setup as follows

Draytek Modem -> Unifi UXG-Pro -> Portforward 25 to PMG ( also had a stream in NPM to PMG) -> Synology Mail Server Plus

Emails are arriving within Synology Mail Server.

Having a look into the logfile gives me following

Jul 16 10:33:42 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Scheduled restart job, restart counter is at 13.
Jul 16 10:33:42 lxcMailGateway systemd[1]: Stopped pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main.
Jul 16 10:33:42 lxcMailGateway systemd[1]: Starting pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main...
Jul 16 10:33:42 lxcMailGateway systemd[1]: Started pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main.
Jul 16 10:33:42 lxcMailGateway pg_backupcluster[1795]: pg_receivewal: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
Jul 16 10:33:42 lxcMailGateway pg_backupcluster[1793]: Error: pg_receivewal --cluster=15/main --slot pg_receivewal_service --create-slot --if-not-exists failed with exit code 256
Jul 16 10:33:42 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 10:33:42 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Failed with result 'exit-code'.
Jul 16 10:34:43 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Scheduled restart job, restart counter is at 14.
Jul 16 10:34:43 lxcMailGateway systemd[1]: Stopped pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main.
Jul 16 10:34:43 lxcMailGateway systemd[1]: Starting pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main...
Jul 16 10:34:43 lxcMailGateway systemd[1]: Started pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main.
Jul 16 10:34:43 lxcMailGateway pg_backupcluster[1845]: pg_receivewal: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
Jul 16 10:34:43 lxcMailGateway pg_backupcluster[1843]: Error: pg_receivewal --cluster=15/main --slot pg_receivewal_service --create-slot --if-not-exists failed with exit code 256
Jul 16 10:34:43 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 10:34:43 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Failed with result 'exit-code'.
Jul 16 10:35:24 lxcMailGateway pmg-smtp-filter[346]: starting database maintenance
Jul 16 10:35:24 lxcMailGateway pmg-smtp-filter[346]: end database maintenance (7 ms)
Jul 16 10:35:32 lxcMailGateway systemd[1]: Starting systemd-tmpfiles-clean.service - Cleanup of Temporary Directories...
Jul 16 10:35:32 lxcMailGateway systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
Jul 16 10:35:32 lxcMailGateway systemd[1]: Finished systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
Jul 16 10:35:32 lxcMailGateway systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
Jul 16 10:35:43 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Scheduled restart job, restart counter is at 15.
Jul 16 10:35:43 lxcMailGateway systemd[1]: Stopped pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main.
Jul 16 10:35:43 lxcMailGateway systemd[1]: Starting pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main...
Jul 16 10:35:43 lxcMailGateway systemd[1]: Started pg_receivewal@15-main.service - WAL archival of PostgreSQL Cluster 15-main.
Jul 16 10:35:43 lxcMailGateway pg_backupcluster[1902]: pg_receivewal: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
Jul 16 10:35:43 lxcMailGateway pg_backupcluster[1900]: Error: pg_receivewal --cluster=15/main --slot pg_receivewal_service --create-slot --if-not-exists failed with exit code 256
Jul 16 10:35:43 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 10:35:43 lxcMailGateway systemd[1]: pg_receivewal@15-main.service: Failed with result 'exit-code'.
Jul 16 10:35:46 lxcMailGateway pmgpolicy[335]: starting policy database maintenance (greylist, rbl)
Jul 16 10:35:46 lxcMailGateway pmgpolicy[335]: end policy database maintenance (12 ms, 2 ms)

It doesn't even a show a connection to the PMG

Any hints?

Regards

Stoiko Ivanov · Jul 24, 2023

Did you modify the postgresql configuration of your PMG-LXC in any way? (not sure I have seen the pg_receivewal service too often?

could you please post:
* /etc/pmg/templates/pg_hba.conf.in
* /etc/postgresql/15/main/pg_hba.conf
* /etc/postgresql/13/main/pg_hba.conf
* any relevant file in /var/log/postgresql

Is this a fresh setup on version 8 or did you upgrade from PMG 7?

pasdif · Jul 31, 2023

Hi

I have a lot of

Jul 31 07:34:12 mx pg_backupcluster[95582]: pg_receivewal: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
Jul 31 07:34:12 mx pg_backupcluster[95580]: Error: pg_receivewal --cluster=15/main --slot pg_receivewal_service --create-slot --if-not-exists failed with exit code 256

Is a fresh pmg 8 installation and a single node. I tried to create the cluster even though there is no need, but the error persists.

/etc/pmg/templates/pg_hba.conf.in
/etc/postgresql/13/main/pg_hba.conf
files does not exist

/etc/postgresql/15/main/pg_hba.conf


# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            md5
#host    replication     postgres        ::1/128                 md5

/var/log/postgresql/postgresql-15-main.log


2023-07-31 07:37:13.183 CEST [95891] postgres@[unknown] FATAL:  no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
2023-07-31 07:38:13.433 CEST [95917] postgres@[unknown] FATAL:  no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
2023-07-31 07:39:13.685 CEST [95932] postgres@[unknown] FATAL:  no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
2023-07-31 07:40:13.935 CEST [95973] postgres@[unknown] FATAL:  no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption
2023-07-31 07:41:14.183 CEST [95994] postgres@[unknown] FATAL:  no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption

I hope this is useful
Regards
Pasquale

Stoiko Ivanov · Jul 31, 2023

Hm -- still don't see where the issue actually is - because:

pasdif said:
2023-07-31 07:37:13.183 CEST [95891] postgres@[unknown] FATAL: no pg_hba.conf entry for replication connection from host "[local]", user "postgres", no encryption

seems to contradict the following line in your posted /etc/postgresql/15/main/pg_hba.conf:

pasdif said:
local all postgres peer

How did you setup the Proxmox Mail Gateway instance (from ISO, on bare-metal, in a VM, as LXC container, if VM/Container on what hypervisor)?
Did you do any modification to the PMG system?

Is postgresql running (check with `ps auxwf`)

pasdif · Jul 31, 2023

Hi,

I want to say again that the system works, the e-mails arrive, but I do not explain the error.

The only changes made are the freshclam templates to download additional signatures, and some spamassassin a custom.rules

Is an LXC container on PVE 7.4-16 and postgres is running

Bash:

root@mx:~# ps auxwf | fgrep postgres
postgres     163  0.0  0.2 219672 29904 ?        Ss   Jul29   0:07 /usr/lib/postgresql/15/bin/postgres -D /var/lib/postgresql/15/main -c config_file=/etc/postgresql/15/main/postgresql.conf
postgres     164  0.0  0.1 219816 19536 ?        Ss   Jul29   0:00  \_ postgres: 15/main: checkpointer
postgres     165  0.0  0.0 219816 10832 ?        Ss   Jul29   0:00  \_ postgres: 15/main: background writer
postgres     167  0.0  0.0 219672 10236 ?        Ss   Jul29   0:01  \_ postgres: 15/main: walwriter
postgres     168  0.0  0.0 221252  8832 ?        Ss   Jul29   0:00  \_ postgres: 15/main: autovacuum launcher
postgres     169  0.0  0.0 221244  7092 ?        Ss   Jul29   0:00  \_ postgres: 15/main: logical replication launcher
postgres  115161  0.0  0.1 222548 17908 ?        Ss   15:02   0:00  \_ postgres: 15/main: root Proxmox_ruledb [local] idle
postgres  115225  0.0  0.1 222548 19520 ?        Ss   15:03   0:00  \_ postgres: 15/main: root Proxmox_ruledb [local] idle
postgres  115683  0.0  0.1 222548 18040 ?        Ss   15:14   0:00  \_ postgres: 15/main: root Proxmox_ruledb [local] idle
postgres  115788  0.0  0.1 222548 18044 ?        Ss   15:16   0:00  \_ postgres: 15/main: root Proxmox_ruledb [local] idle
postgres  115794  0.0  0.1 222548 18040 ?        Ss   15:16   0:00  \_ postgres: 15/main: root Proxmox_ruledb [local] idle
postgres  116169  0.0  0.1 222548 18012 ?        Ss   15:26   0:00  \_ postgres: 15/main: root Proxmox_ruledb [local] idle
postgres  116172  0.0  0.1 222548 18024 ?        Ss   15:26   0:00  \_ postgres: 15/main: root Proxmox_ruledb [local] idle

Bash:

root@mx:~# systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
     Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; preset: enabled)
     Active: active (exited) since Mon 2023-07-31 15:40:42 CEST; 2s ago
    Process: 116928 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 116928 (code=exited, status=0/SUCCESS)
        CPU: 520us

Jul 31 15:40:42 mx systemd[1]: Starting postgresql.service - PostgreSQL RDBMS...
Jul 31 15:40:42 mx systemd[1]: Finished postgresql.service - PostgreSQL RDBMS.

Stoiko Ivanov · Jul 31, 2023

pasdif said:
Is an LXC container on PVE 7.4-16 and postgres is running

did you use the PMG template or install proxmox-mailgateway-container on a debian template?

the postgres processes look ok at first sight

pasdif said:
systemctl status postgresql

this is a meta-service that pulls in the relevant versioned postgresql service - please check:
* systemctl -a |grep -i postgres
* systemctl status postgresql@15-main.service
* journalctl -b -u postgresql@15-main.service

pasdif · Jul 31, 2023

Is the PVE lxc template proxmox-mailgateway-8.0-standard_8.0-1_amd64.tar.zst

Bash:

root@mx:~# systemctl -a |grep -i postgres
● pg_basebackup@15-main.service                                     loaded    failed     failed             Basebackup of PostgreSQL Cluster 15-main
  pg_compresswal@15-main.service                                    loaded    inactive   dead               Compress WAL of PostgreSQL Cluster 15-main
  pg_dump@15-main.service                                           loaded    inactive   dead               Dump of PostgreSQL Cluster 15-main
  pg_receivewal@15-main.service                                     loaded    activating auto-restart       WAL archival of PostgreSQL Cluster 15-main
  postgresql.service                                                loaded    active     exited             PostgreSQL RDBMS
  postgresql@15-main.service                                        loaded    active     running            PostgreSQL Cluster 15-main
  system-postgresql.slice                                           loaded    active     active             Slice /system/postgresql
  pg_basebackup@15-main.timer                                       loaded    active     waiting            Weekly Basebackup of PostgreSQL Cluster 15-main
  pg_compresswal@15-main.timer                                      loaded    active     waiting            Daily Compress WAL of PostgreSQL Cluster 15-main
  pg_dump@15-main.timer                                             loaded    active     waiting            Weekly Dump of PostgreSQL Cluster 15-main

Only pg_basebackup@15-main.service fail to start

Bash:

root@mx:~# systemctl status postgresql@15-main.service
● postgresql@15-main.service - PostgreSQL Cluster 15-main
     Loaded: loaded (/lib/systemd/system/postgresql@.service; enabled-runtime; preset: enabled)
     Active: active (running) since Mon 2023-07-31 15:40:42 CEST; 20min ago
    Process: 116904 ExecStart=/usr/bin/pg_ctlcluster --skip-systemctl-redirect 15-main start (code=exited, status=0/SUCCESS)
   Main PID: 116909 (postgres)
      Tasks: 16 (limit: 154397)
     Memory: 39.9M
        CPU: 568ms
     CGroup: /system.slice/system-postgresql.slice/postgresql@15-main.service
             ├─116909 /usr/lib/postgresql/15/bin/postgres -D /var/lib/postgresql/15/main -c config_file=/etc/postgresql/15/main/postgresql.conf
             ├─116910 "postgres: 15/main: checkpointer "
             ├─116911 "postgres: 15/main: background writer "
             ├─116913 "postgres: 15/main: walwriter "
             ├─116914 "postgres: 15/main: autovacuum launcher "
             ├─116915 "postgres: 15/main: logical replication launcher "
             ├─116921 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117482 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117707 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117708 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117709 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117710 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117711 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117731 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             ├─117734 "postgres: 15/main: root Proxmox_ruledb [local] idle"
             └─117737 "postgres: 15/main: root Proxmox_ruledb [local] idle"

Jul 31 15:40:40 mx systemd[1]: Starting postgresql@15-main.service - PostgreSQL Cluster 15-main...
Jul 31 15:40:42 mx systemd[1]: Started postgresql@15-main.service - PostgreSQL Cluster 15-main.

Bash:

root@mx:~# journalctl -b -u postgresql@15-main.service
Jul 29 16:36:21 mx systemd[1]: Starting postgresql@15-main.service - PostgreSQL Cluster 15-main...
Jul 29 16:36:31 mx systemd[1]: Started postgresql@15-main.service - PostgreSQL Cluster 15-main.
Jul 31 15:40:31 mx systemd[1]: Stopping postgresql@15-main.service - PostgreSQL Cluster 15-main...
Jul 31 15:40:31 mx systemd[1]: postgresql@15-main.service: Deactivated successfully.
Jul 31 15:40:31 mx systemd[1]: Stopped postgresql@15-main.service - PostgreSQL Cluster 15-main.
Jul 31 15:40:31 mx systemd[1]: postgresql@15-main.service: Consumed 1min 1.817s CPU time.
Jul 31 15:40:40 mx systemd[1]: Starting postgresql@15-main.service - PostgreSQL Cluster 15-main...
Jul 31 15:40:42 mx systemd[1]: Started postgresql@15-main.service - PostgreSQL Cluster 15-main.

I stopped and started sometime to see if solve the problem.

Stoiko Ivanov · Jul 31, 2023

Thanks for your cooperation and providing all the information.

I now tried installing a PMG with the template provided by us and can confirm an issue with it.

From what I currently think:
* the `proxmox-mailgateway-8.0-standard_8.0-1_amd64.tar.zst` template seems to enable some postgresql services for replication, which are not used by PMG and it should be safe to just disable them and reboot - The services are:
** pg_basebackup@15-main.service (and timer)
** pg_compresswal@15-main.service (and timer)
** pg_dump@15-main.service (and timer)
** pg_receivewal@15-main.service

The issue is not present in:
* Systems upgraded from 7.
* Systems installed on top of debian (in an LXC container)
* Systems installed from ISO

I'll look into the issue of why they are enabled in our current template
Thanks again!

pasdif · Jul 31, 2023

Hi,

I will disable the services mentioned.

Thank you
Pasquale

jasonschell · Aug 22, 2023

Hey Stoiko,
are there any updates regarding these services enabled in the latest pmg-template?
I disabled those services as I have exactly the same error messages in the syslog, but after a reboot, the errors still show up in the syslog.
Will there maybe be a new template available soon?

pasdif · Aug 22, 2023

Pay attention on timers.

jasonschell · Aug 23, 2023

pasdif said:
Pay attention on timers.

They are disabled too. I can see that pg_receivewal@15-main.service is causing these errors. There's an auto-start triggering somewhere to start the pg_receivewal@15-main.service again upon server restart:

Stoiko Ivanov · Aug 23, 2023

sorry for not replying - the following patch got applied and will be present in the next pmg-container template.
For now just disable the services - they are not used/needed on PMG
https://git.proxmox.com/?p=dab-pve-...it;h=e04b41eb953969cf5d4d654a082fe3f72316eb83

please post `journalctl -b` after a fresh restart - maybe we can see where the start comes from ...

JohnnyD · Sep 5, 2023

How do i disable those services?

JD

Stoiko Ivanov · Sep 5, 2023

JohnnyD said:
How do i disable those services?

Just run:

Code:

systemctl disable pg_basebackup@.timer
systemctl disable pg_basebackup@.timer
systemctl disable pg_dump@.timer
systemctl disable pg_receivewal@.service

and reboot

JohnnyD · Sep 5, 2023

TY

Would this be safe to add to an existing cluster with those services disabled?

Bob.Dig · Sep 12, 2023

I am having problems with that template too. Not only this log-entries but sometimes also cpu and ram utilization and the LXC is not usable anymore.
Will the upcoming update made available via the apt repositories in PVE or is there a different path to LXC-Template updates? I am a homeuser just started with Proxmox in general.

Stoiko Ivanov · Sep 12, 2023

Bob.Dig said:
I am having problems with that template too. Not only this log-antries but sometimes also cpu and ram utilization and the LXC is not usable anymore.
Will the upcoming update made available via the apt repositories in PVE or is there a different path to LXC-Template updates? I am a homeuser just started with Proxmox in general.

The container templates are updated via `pveam` (see `man pveam`) or the GUI.
You'll need to install a fresh container with a new template - but in most cases updating the packages (as you should do anyways) is enough

As for the resources - how is your container configured? (`pct config <VMID>`)

Bob.Dig · Sep 12, 2023

Stoiko Ivanov said:
or the GUI.

So you mean in updates via the apt repositories (for me pve-no-subscription)?

Stoiko Ivanov said:
As for the resources - how is your container configured? (`pct config <VMID>`)

The resource-problem I even had right from the start, when I was "deploying" the LXC, 100% CPU and RAM usage. It helped to stop the LXC and then starting it. But I saw it happening again, although I had disabled those services you had mentioned before.

Now to your question, after deploying it (and already having this resource-problems before) I disabled ClamAV (in the config and by "masking") because I don't need AV and want to free up RAM. Now it looks like this:

Code:

root@prox1:~# pct config 103
arch: amd64
cores: 1
features: nesting=1
hostname: ***
memory: 1024
nameserver: 172.16.17.1
net0: name=eth0,bridge=vmbr2,gw=172.16.17.1,hwaddr=5E:53:FF:DF:1B:8F,ip=172.16.17.12/24,tag=17,type=veth
onboot: 1
ostype: debian
rootfs: local-lvm:vm-103-disk-0,size=8G
searchdomain: ***.de
startup: order=3
swap: 0
unprivileged: 1
root@prox1:~#

Before (for deploying and testing), I gave it 2 GB RAM and 2 CPU Cores. When I encountered the resource-problems (100% utilization of RAM and CPU) it was the same for both configurations. Btw it is only for my private emails, less than 10 a day. Also a pfsense is blocking most of the trash beforehand.
Next time I will write in the german section if you don't mind. Or is it better to stay in this topic? I will do what you say.

Stoiko Ivanov · Sep 12, 2023

Bob.Dig said:
So you mean in updates via the apt repositories (for me pve-no-subscription)?

No - as said - via `pveam` - this fetches the templates from the template repository (which is also served by our CDN, but this is not an apt repository)

ClamAV needs quite al ot of memory - so I'd say try with 4 G (and at least 2 cores)

Bob.Dig said:
Next time I will write in the german section if you don't mind. Or is it better to stay in this topic? I will do what you say.

I'd suggest to open a new thread (if you prefer German - then of course in the German subforum) - as this is leaving the original topic of the thread

PMG behind NPM not receiving any emails

New Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Member

Member

Member

Attachments

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member