Proxmox Mail Gateway 8.0 available

martin

Proxmox Staff Member
Staff member
Apr 28, 2005
754
1,741
223
Proxmox Mail Gateway 8.0 has been released! The new version of our email security solution is based on Debian 12 (Bookworm), uses the newer Linux kernel 6.2, as well as ZFS 2.1.12. The latest major version of Apache SpamAssassin 4.0.0 and PostgreSQL 15.3 are included.

Countless bugfixes and other smaller improvements are included as well, see the full release notes.

Thank you for supporting the Proxmox Mail Gateway project! Your contributions and feedback, tests, bug reports and patch submits are always welcome!

Release notes
https://pmg.proxmox.com/wiki/index.php/Roadmap

Press release
https://www.proxmox.com/en/news/press-releases/

Download
https://enterprise.proxmox.com/iso
https://www.proxmox.com/en/downloads

HELP & SUPPORT

Documentation
https://pmg.proxmox.com/pmg-docs/

Community Forum
https://forum.proxmox.com

Bugtracker
https://bugzilla.proxmox.com

Source code
https://git.proxmox.com

FAQ
Q: Can I upgrade Proxmox Mail Gateway 7 to 8?
A: Please follow the upgrade instructions on https://pmg.proxmox.com/wiki/index.php/Upgrade_from_7_to_8

Q: Can I install Proxmox Mail Gateway on top of Debian Bookworm?
A: Yes, see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_install_on_debian

Q: Can I install Proxmox Mail Gateway as a virtual machine on Proxmox Virtual Environment, VMware, or Hyper-V ?
A: Yes, just do the ISO install. If you install on Hyper-V as a generation 2 virtual machine, please disable secure boot.

Q: Can I install Proxmox Mail Gateway as LXC container on Proxmox Virtual Environment?
A: Yes, just download the template via the integrated template downloader.

__________________
Best regards,

Martin Maurer
Proxmox Mail Gateway project leader
 
What do i need to do If I have one master and one node, do i need to do......
systemctl stop pmgmirror pmgtunnel
systemctl mask pmgmirror pmgtunnel
....on both the master and node, or just one of them?
Do I then upgrade the master first? If I take the master and node offline at the same time, i will not receive any messages during this time, which I cannot do.

I'm just not sure of the procedure of a cluster upgrade, sorry

JD
 
I have read that many times, and I am still unsure when I should mask the node, do I upgrade the master with the node masked, or do I upgrade the master with the node attached as normal, then once the master is upgraded and rebooted etc, do I then mask the node from the cluster?
 
@JohnnyD

- If you have a cluster, stop and mask all cluster-daemons on all nodes before you start the upgrade of the first node.

systemctl stop pmgmirror pmgtunnel
systemctl mask pmgmirror pmgtunnel

- Then proceed by upgrading all nodes sequentially.
- The Mail Gateway service will be provided by the other nodes, which aren't currently being upgraded.
- Certain operations (for example config changes) will only work once all nodes have been upgraded.
Source: https://pmg.proxmox.com/wiki/index.php/Upgrade_from_7_to_8#For_clusters

You need to stop all cluster-daemons on all nodes before you do anything. After this you need to "Then proceed by upgrading all nodes sequentially." and then you can start all cluster-daemons again.

TL;DR first do step 3.2.2, then do steps 3.2.3 to 3.2.8 on all nodes sequentially, if you done then do step 3.3 as last.
 
So I need to stop all cluster-daemons on my one node before I upgrade the master yes? Does the node with the cluster damons stopped still work as a gateway and will accept and pass on mail? Thank you for your help .......
 
@JohnnyD did you really read the full instruction? Did you read my last post completely?

So I need to stop all cluster-daemons on my one node before I upgrade the master yes?
If you do not run a Cluster, then you do not need to do the Steps under 3.2.2. But i do not recommend to run a single node.
If you run a Cluster, then you need to pay attention for steps under 3.2.2. What you stop under 3.2.2 is only the cluster-daemons als often stated in step 3.2.2.

Does the node with the cluster damons stopped still work as a gateway and will accept and pass on mail?
No if you run a single node, as stated under step 3.2.4 "Stop postfix and all Proxmox Mail Gateway services (emails will be queued by the servers trying to contact the Proxmox Mail Gateway)". But this isn't a real problem. If a external Mailserver aren't unable to reach you PMG, then they will came back later and try again.
If you run a Cluster then see step 3.2.2. "The Mail Gateway service will be provided by the other nodes, which aren't currently being upgraded.".

As you can see, all of your questions are clearly answered in the instruction guide. Therefore it is really really important to read it completely, sentences by sentences and not with hustle.

So in short, if you run a Cluster:
First do step 3.2.2, then do steps 3.2.3 to 3.2.8 on all nodes sequentially, if you done then do step 3.3 as last.

If you not run a Cluster:
Do steps 3.2.3 to 3.2.8 on the Node.

@t.lamprecht or @martin
Maybe you could add the following to the guide, otherwise the monitoring could throw a warning:

Code:
sudo -u postgres psql -d Proxmox_ruledb
Proxmox_ruledb=# analyze;
ANALYZE

Proxmox_ruledb=# vacuum;
VACUUM

Proxmox_ruledb=# \q
 
Maybe you could add the following to the guide, otherwise the monitoring could throw a warning:

Code:
sudo -u postgres psql -d Proxmox_ruledb
Proxmox_ruledb=# analyze;
ANALYZE

Proxmox_ruledb=# vacuum;
VACUUM

Proxmox_ruledb=# \q
usually pmg-api does an analyze in the postinst part of the installation
so not sure if this is warranted in general
(out of curiosity - which monitoring complains? (and does it go away with `apt install --reinstall pmg-api`?)
 
Upgraded my cluster, thank you for the good guide.
I ran into an issue with one host (on a Xen hypervisor) where the interface changed from eth0 to enX0, but editing /etc/network/interfaces fixed this
 
  • Like
Reactions: Stoiko Ivanov
Upgraded my cluster, thank you for the good guide.
I ran into an issue with one host (on a Xen hypervisor) where the interface changed from eth0 to enX0, but editing /etc/network/interfaces fixed this
Thanks for the feedback - I added this particular case (Xen hypervisor) to the known issues in the upgrade guide - maybe it'll help other users with the same infrastructure :)
 
  • Like
Reactions: bpbp
Code:
The ClamAV antivirus daemon clamav-daemon now uses socket-activation
To disable the service you need to disable clamav-daemon.service and clamav-daemon.socket

Do I have to do above after upgrade? It is for those who need to completely disable clamav right?
 
Last edited:
I use "avast" as virus protection. Although it has caught 42 infected mails today, it does not show the reports in the "Statistics -> Virus Charts" section.
 
I use "avast" as virus protection. Although it has caught 42 infected mails today, it does not show the reports in the "Statistics -> Virus Charts" section.
make sure you have installed the latest updates for PMG 8.0 (there was a bug that affected the virus statistics in an earlier version).
If this does not help (you probably need to wait for new viruses to arrive) - please open a new thread (feel free to mention me with @Stoiko Ivanov )
and provide the journal of the system for one day.
 
Hey @martin

Small fix in your first post:
https://pmg.proxmox.com/pmg-docs -> https://pmg.proxmox.com/pmg-docs/
Without the Slash in the end, im getting an 404 Not found error xD

And something else, does the LXC Container needs to be Priviliged?
Because somehow the Unpriviliged Container Starts, but it doesn't starts, like it doesn't start busybox or tty inside the container, first time i seen something like that.
Means opening console, opens the console, but i don't get a login tty.
1690203810841.png
The memory usage doesn't look right to me either, as if nothing gets started inside the container.

I try now to redeploy, maybe the tar archive gets extracted with errors or it downloaded wrong or sth, gonna retry at least.
But there is no need to be privileged at least?

Thank you!
 
And something else, does the LXC Container needs to be Priviliged?
Because somehow the Unpriviliged Container Starts, but it doesn't starts, like it doesn't start busybox or tty inside the container, first time i seen something like that.
No - we strongly recommend using an unprivileged container.
On a hunch - make sure that `nesting` is enabled for your PMG container
If this does not help - please open a new thread with the logs from the container start and the complete container config.

Feel free to ping me with @Stoiko Ivanov - then I'll take a look
 
  • Like
Reactions: Ramalama
No - we strongly recommend using an unprivileged container.
On a hunch - make sure that `nesting` is enabled for your PMG container
If this does not help - please open a new thread with the logs from the container start and the complete container config.

Feel free to ping me with @Stoiko Ivanov - then I'll take a look
Thanks a lot, i started the same on a complete different Proxmox Cluster with complete different hardware, and exactly the same behaviour.

Im going to open a thread, maybe i search first if there is something about this already in the forums.
Thanks a lot for the fast response :)
 
No - we strongly recommend using an unprivileged container.
On a hunch - make sure that `nesting` is enabled for your PMG container
If this does not help - please open a new thread with the logs from the container start and the complete container config.

Feel free to ping me with @Stoiko Ivanov - then I'll take a look
Hey Stoiko, i was opening a thread about this very detaily etc...
However in the meantime during testing, i found out what the root cause is and im not sure if i still should open a thread about.

The issue is very simple, if i assign an static ip + static (for ipv6) to the container, it starts without any issues and works!
If i leave it on dhcp and slaac, it won't start, or cause the issue.

Pretty sure you can replicate it, (the dhcp server is from opnsense), if not i can still open a new thread? What do you think?
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!