PMG on VPS, mailcow at home - What to do with IMAPS and SMTPS?

R

RockNLol

Member
Sep 13, 2020
45
2
13
hi,
I'm running a mailcow server on my homeserver and PMG on a small VPS, which works great for relaying mails. Ideally I'd want clients on the internet connecting to mailcow via IMAPS and SMTPS to use PMGs public IP, so I don't have a DNS record to my home IP directly in my mail address though. Whats the best approach to achieve this? I tried haproxy without any luck, as well as forwarding 993 and 587 through the wireguard tunnel between the two.

best regards,
RockNLol
 
Ideally I want one domain, for example `mail.mydomain.com`, pointing to the vps, that is used for incoming external mail to PMG as well as the url that client devices connect to via STMPS/IMAPS for sending and receiving.
At the moment I have my mx-record pointing to the VPS where PMG runs, while clients connect to another domain that points to my home IP-address, where the actual mail server sits. By querying autoconfig.mydomain.com everybody who knows my mail address can find my home IP address, which is not ideal from a privacy standpoint.
After fiddling around with haproxy on the vps for hours, it seems I have figured it out now though. I can now reach mailcow in the backend via the vps's external IP. I'll test some more, but it seems like its working. <- wrong, not working.
 
Last edited:
Why would that not be a smart idea? This is standard practice if you host the whole mailserver on a vps.
As I explained, I want to avoid having my home IP address exposed in i.e. autoconfig DNS records, which is why I want to route everything over the vps.

*edit: Maybe this helps explaining: I pretty much want to do, what is explained in this tutorial here: https://www.linuxbabe.com/mail-server/smtp-imap-proxy-with-haproxy-debian-ubuntu-centos
...only with PMG and mailcow.
 
Last edited:
I understand now but still think it is not a good idea. So you already have a wireguard tunnel directly between those two or is there something in between?
 
There is an existing wireguardtunnel between the vps and my opnsense firewall at home, which works fine.

I don't expect firewall/haproxy/mailcow-support on the proxmox forums, I was just curious how others solved this. But I guess the standard setup is having PMG as its own seperate thing on a different server with its own external IP and domain name.
 
RockNLol said:
hi,
I'm running a mailcow server on my homeserver and PMG on a small VPS, which works great for relaying mails. Ideally I'd want clients on the internet connecting to mailcow via IMAPS and SMTPS to use PMGs public IP, so I don't have a DNS record to my home IP directly in my mail address though. Whats the best approach to achieve this? I tried haproxy without any luck, as well as forwarding 993 and 587 through the wireguard tunnel between the two.

best regards,
RockNLol
Click to expand...
Never used PMG, though I run Mailcow in a Promox VM with Wireguard without any issues whatsoever, works a treat, and all domain/IP termination point to VPN tunnel
 
Last edited:
I run a PMG & mailcow setup. Both are behind different subdomains + matching PTR record for PMG.
E.g.:
Code: 
pmg.{domain}
webmail.{domain}

The setup is slightly different in as such as they are behind a business internet connection with a handful of public IPv4s. The one with the PTR is used for the pmg.{domain} and the other is used for webmail.{domain}. The firewall in front of both only lets through traffic that is needed. SMTP in for the PMG. 80, 443, SMTPS + IMAPS for webmail.{domain}. The mailcow docs are very detailed which ports are needed for what.

If I would need to switch to a similar setup like you with a VPS in front, I would probably keep the two subdomains, and set up some proxy to forward any mailcow traffic via the VPN. Every reverse proxy should have no problem forwarding other protocols than http as well.
 
Last edited:
  • Like
Reactions: RockNLol and DerDanilo
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom