Postfix 2 instances? Why?

May 12, 2022
1
0
1
Hello,

we have now set up a proxmox mail gateway at our company. Unfortunately we noticed only after the installation that apparently 2 instances of Postfix are used. Once port 25 and once port 26. The Exchange must then be converted accordingly once to port 26. Why was this done? Postfix can normally send and receive over port 25?
It works like this, no question, but why is this not solved more elegantly, if Postfix allows it? All printers and other devices in the network can then no longer send via port 25 and must be switched to port 26. Alternatively, this can be changed in the firewall or a router can be set up specifically for this purpose. Nevertheless somehow stupid, if Postfix can do that in principle also differently. Is there a plan to change this in the future?
 
Not quite sure if I understand the request correctly
The two instance are not for 'sending+receiving' but rather for inside (receiving from your internal network and sending to the external network/internet) and outside (receiving from the internet and sending to your internal hosts).
these two 'directions' have quite different requirements from an access control point of view - put shortly:
* on the internal port all your trusted networks can send mails to anyone
* on the external port only mails to your relay domains are accepted

I think this is quite a common pattern with postfix

You can use iptables to do some port-forwarding (port 25 from your internal IPs to port 26 on the PMG), or the same in your firewall in front of PMG

or you can modify the master.cf.in template https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine - to for example have both listen on different IPs instead of different ports

I hope this explains it
 
Hi, I have a similar question.
I need a simpler configuration: if email come from trusted network, postfix can relay. if email come from untrusted network, postfix receive only email for relayed domain.
in the trusted network I can insert local network, local ip or public ip (example remote server i want send email through mail gateway).
All other ip can send only to relayed domain.
All with a single postfix instance and a single port.
 
I need a simpler configuration:
why?

as said - the 2 listeners are as simple as it gets to my knowledge.

you can change the different ports to different IPs or play around with portforwarding rules
 
because I need to change my actual mail gateway that work in this way. single ip address/single port.
and Im not able to change all configured system to use different ip or port
 
as said - use an iptables redirect rule based on the source-ips of your internal systems
 
what happen if i use only internal port also for external side? if email come from trusted network (internal or external ip) are relayed regardless destination domain. if email come from untrusted network and domain destination into the relayed domain? accepted?
 
  • Like
Reactions: Stoiko Ivanov

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!