PMG Suitability and recommendations for customer / prospect

stefanzman

Active Member
Jan 12, 2013
39
0
26
USA - Kansas City
www.ice-sys.com
Hello everyone,

I have open ticket with Support on this, but I also wanted to get some feedback from the PGM Community.

We have a customer that is considering using Proxmox Mail Gateway's for their monthly invoice batching. This is mission critical email that needs to go out without fail in and in a timely manner. They are concerned about resiliency, queues, tracking, etc and plan to setup a HA configuration.

Here the key numbers:

Internet Bandwidth = 400Mb/sec but bursts up to 1Gb if traffic hits 85% of the 400Mb
Number of Mails = 5,000 to 6,000 Mails per Hour at its peak
Size of Mails = Average about 30KB to 100KB

They will be purchasing at least a Basic or Standard subscription and would like guidance / recommendation on hardware requirements that will easily and smoothly address the mail flow referenced above. Can you assist? Specifically, we would like to get an idea of minimum CPU(s), RAM, Disk, etc. in an HA configuration.

Essentially, we are looking for something a bit more granular (beyond Recommended SysReqs) for the load referenced above.

Please let me know if you have had any experiences in this type of setup and provide additional insight.

Thanks and regards,

Stefan

---------------------------

Stefan Zauchenberger
ICE Systems, L.L.C.
www.ice-sys.com
stefan@useice.com
913.268.3250 x101

unknown.png
 

velocity08

Member
May 25, 2019
225
11
23
45
Hello everyone,

I have open ticket with Support on this, but I also wanted to get some feedback from the PGM Community.

We have a customer that is considering using Proxmox Mail Gateway's for their monthly invoice batching. This is mission critical email that needs to go out without fail in and in a timely manner. They are concerned about resiliency, queues, tracking, etc and plan to setup a HA configuration.

Here the key numbers:

Internet Bandwidth = 400Mb/sec but bursts up to 1Gb if traffic hits 85% of the 400Mb
Number of Mails = 5,000 to 6,000 Mails per Hour at its peak
Size of Mails = Average about 30KB to 100KB

They will be purchasing at least a Basic or Standard subscription and would like guidance / recommendation on hardware requirements that will easily and smoothly address the mail flow referenced above. Can you assist? Specifically, we would like to get an idea of minimum CPU(s), RAM, Disk, etc. in an HA configuration.

Essentially, we are looking for something a bit more granular (beyond Recommended SysReqs) for the load referenced above.

Please let me know if you have had any experiences in this type of setup and provide additional insight.

Thanks and regards,

Stefan

---------------------------

Stefan Zauchenberger
ICE Systems, L.L.C.
www.ice-sys.com
stefan@useice.com
913.268.3250 x101

View attachment 21275
Hey @stefanzman

did you ever get an answer to your question?

can only vouch for PMG being able to handle a lot of emails at a time, just last week we had seen over 6k emails hit our clients PMG with 5k of those being spam and viruses, all remaining emails quickly and cleanly filtered.

the remaining emails delivered to users mailboxes.

only running a small single PMG 2core 4 GB Ram.

would be interested in what support replied with if you add ok with sharing :) ?

””Cheers
G
 

velocity08

Member
May 25, 2019
225
11
23
45
PMG would only be a restriction if your filtering outgoing email. If you're sending your target email on a subdomain, don't route that for spam filtering. Only route your main domain for external spam filtering.
May I ask why ?

what’s the difference if you also send mail via subdomain ?

More info please to better understand the problem.

ta
 
As an email admin, I would never let any automated system send emails from my main domain. When you get blacklisted for sending mass mail your main domain will become useless and you will have a 48 to 72 hours headache trying to send legit non mass mail to your customers. So best use case is to use a sub domain for mass mailing. You can change them at any time, split emails up across multiple sub domains and ips based on the campaign your using. If you don't have an abundance of ips, you'll need to queue your outgoing email so the server only sends 25 messages at a time. Pauses for at least a minute and then repeat. If your sending out 6k emails this can take awhile so it really doesn't matter how fast pmg would scan your outgoing email. Plus you know what your emailing so it shouldn't need to be scanned. If your a msp and wanting to filter others email you will need multiple pmgs and you can add multiple outbound routes in your smtp severs to spread out the load and also the sending ip address.

I wouldn't bother to scan outgoing email and I would load a /24 into postfix and have it alternate sending on each ip in a round robin. This is mass mailing 101.
 

velocity08

Member
May 25, 2019
225
11
23
45
As an email admin, I would never let any automated system send emails from my main domain. When you get blacklisted for sending mass mail your main domain will become useless and you will have a 48 to 72 hours headache trying to send legit non mass mail to your customers. So best use case is to use a sub domain for mass mailing. You can change them at any time, split emails up across multiple sub domains and ips based on the campaign your using. If you don't have an abundance of ips, you'll need to queue your outgoing email so the server only sends 25 messages at a time. Pauses for at least a minute and then repeat. If your sending out 6k emails this can take awhile so it really doesn't matter how fast pmg would scan your outgoing email. Plus you know what your emailing so it shouldn't need to be scanned. If your a msp and wanting to filter others email you will need multiple pmgs and you can add multiple outbound routes in your smtp severs to spread out the load and also the sending ip address.

I wouldn't bother to scan outgoing email and I would load a /24 into postfix and have it alternate sending on each ip in a round robin. This is mass mailing 101.
some good points there @mmidgett

is PMG able to be configured to send out via multiple IP's?

haven't explored this yet would be great to be able to manually make this change if there is a block issue due to spamming.

""Cheers
G
 
PMG doesn't have this option currently, it has been brought up multiple times before but isn't on the road map as far as I know.

If Proxmox is listening.

1. Each transport map for a domain have the ability to use a different sending IP.
2. The ability to use a range of IP's on the transport map for round robbin sending.

You can add a simple VM or HA pair in front of PMG and run postfix on it to take domains and sort them into sending on different IP's. This adds another layer of complexity and cost but is completely doable.
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
5,812
794
148
PMG doesn't have this option currently, it has been brought up multiple times before but isn't on the road map as far as I know.

If Proxmox is listening.

1. Each transport map for a domain have the ability to use a different sending IP.
2. The ability to use a range of IP's on the transport map for round robbin sending.
Yes we are :)

I do remember a few threads here in the forum, but never considered this a feature, which was needed/wanted by many users (could have been wrong though :)
Keeping in mind that PMG's core functionality is to provide a mail-proxy for one/a small set of domains run by one (team of) administrators, and that most advanced setups can be done by overriding the configuration templates (https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine).

for round-robin outbound sending I do not see where this makes sense in PMG - if the mails are all legit, why not send them out via one single IP-Address? (in case you sent out spam due to a hacked account/misconfiguration it makes more sense to change the IP once after cleaning up)?

regarding the sender_dependent_transport_map - why not simply setup one PMG for each domain?

In any case if there is a point I miss - please open an enhancement request over at https://bugzilla.proxmox.com , detailing what you need (if possible with sample configurations)

I hope this helps!
 
Here is my example company.

It's an apartment management company that has 500 employees. 400 of them are leasing agents that constantly respond to issues from residents that live at their various locations. With everyone using one of the shared email services (Gmail, Yahoo, Outlook...etc.) you send a lot of messages into their system. Sometimes the leasing agents may want to email blast their apartment complex that has 300 residents. When you bcc 300 recipients and most of them are on these shared email services you can easily deliver more email that the shared hosters will accept at once and in a time frame. I realize that you should use a contact management service for this, but not all companies do.

When your a MSP like me and have over 50 domains that I filter email for it would be nice to sort these domains by a separate public IP in the event that one company does a mass mail and wreaks havoc on the other 49 sending domains.

If I can find the time I will submit a feature enhancement.
 

velocity08

Member
May 25, 2019
225
11
23
45
Yes we are :)

I do remember a few threads here in the forum, but never considered this a feature, which was needed/wanted by many users (could have been wrong though :)
Keeping in mind that PMG's core functionality is to provide a mail-proxy for one/a small set of domains run by one (team of) administrators, and that most advanced setups can be done by overriding the configuration templates (https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine).

for round-robin outbound sending I do not see where this makes sense in PMG - if the mails are all legit, why not send them out via one single IP-Address? (in case you sent out spam due to a hacked account/misconfiguration it makes more sense to change the IP once after cleaning up)?

regarding the sender_dependent_transport_map - why not simply setup one PMG for each domain?

In any case if there is a point I miss - please open an enhancement request over at https://bugzilla.proxmox.com , detailing what you need (if possible with sample configurations)

I hope this helps!
Hi @Stoiko Ivanov

thanks for jumping in and answering some questions.

for one/a small set of domain

I think PMG has outgrown this setup/ design there are MSP's and reseller that are or would like to use it in a more robust way, the product it self is capable of managing mas amounts of emails as in @mmidgett 's example screen shot has demonstarted with only 50 small domains.

there is a wider audience for PMG and needing to manage many single instance deployments becomes inefficient for msp's and service providers.

I would be happy to pay more in licensing/ support subscription for PMG that is tailored more to MSP's, service providers and resellers than small business single domain.

there are no other open source products on the market that i have seen catering to this audience, hence why most of the close source providers like Sophos etc have moved to a cloud model to pull in the MSP market.

any hoo i'm sure the ProxMox team already have things worked out where PMG is going, just my 2 cents.

""Cheers
G
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!