pmg on an internet site (VM)

pf_bpd

New Member
Feb 21, 2022
2
0
1
49
Hello,

thank you in advance any advice.

Cannot run pmg on my local network (my ISP every 24 h change the IP & blocks port 25).
My setup:
-behind firewall on an public IP runs the mail gateway,
- mail server in local network.

How secure do you think this setup is?
What steps can I take for hardening this setup? Maybe an ssh tunnel between the mail server and the pmg?

Thank you,

p
 
Hm - if your downstream server is changing IP addresses every 24h ... it might work if you create a permanent VPN tunnel between PMG and your mailserver (I'd suggest wireguard for this) - then configure the VPN IPs as default relay/transport entries

Regarding security - I would suggest to limit the access to the web-api port to only those addresses that need it - using nftables/iptables

Else - check out:
* the reference documentation on the topic:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html
* the Getting started page on the PMG wiki:
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway

and also search here in the forum - quite a few users have similar setups and have shared their experiences!

I hope this helps!