PMG smtp behind nginx stream

b0xch

New Member
Jun 10, 2021
1
0
1
27
Dear community!

I am currently trying to install Proxmox Mail Gateway behind a load balancer. This is because I have limited availability of public IP addresses and want to combine things.

Loadbalancer Public IP (example) 1.2.3.4
Loadbalancer internal IP: 10.0.0.1
PMG: 10.0.0.10

I am using nginx as a loadbalancer for HTTP/HTTPS and now added a tcp stream to the config.


NGINX:
server {
    listen 25;
    
    proxy_pass 10.0.0.10:25;

    proxy_protocol on;
}

This works and PMG is answering on SMTP, however, it is now displaying the IP of the load balancer 10.0.0.1 instead of the real client/sender IP. This then causes SPF to fail.

Does anyone know if PMG supports the proxy_protocol to pass on the real IP? Do I need to change something in the config to make this work?

Thanks in advance,
Jan
 
Have never tried it - but see the postfix config reference:
http://www.postfix.org/postconf.5.html#smtpd_upstream_proxy_protocol
NOTE: To use the nginx proxy with smtpd(8), enable the XCLIENT protocol with smtpd_authorized_xclient_hosts. This supports SASL authentication in the proxy agent (Postfix 2.9 and later).

In order to adapt the postfix configuration on PMG you need to use the templateing system:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

One alternative option could be to simply use iptables to redirect/nat traffic to port 25 directly to PMG

I hope this helps!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!