[SOLVED] Proxmox querying Gmail/GSuite MX records 24/7

C

coldfire7

Member
Sep 28, 2020
11
6
23
40
127.0.0.0/8
Proxmox querying Gmail/GSuite MX records 24/7, is this normal?

LopcQTT.png
 
Last edited:
If the question is directed to a Proxmox VE installation - the most likely source of those requests is the e-mail address you've configured for the root-user (this address gets some notification from the system - and if the domain is hosted with gmail/google that would explain the lookups)

I hope this helps!
 
Mail queue was causing the issue, cleared it and the issue is gone.

Code: 
❯ mailq
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
D75CB361C16    11490 Fri Jan  8 00:48:23  root@pve.lan
(delivery temporarily suspended: connect to alt2.aspmx.l.google.com[2607:f8b0:4023:c03::1a]:25: Network is unreachable)
                                         removed@example.com

D31BE361274    11604 Thu Jan  7 21:59:46  root@pve.lan
(delivery temporarily suspended: connect to alt1.aspmx.l.google.com[74.125.28.26]:25: Connection refused)
                                         removed@example.com

D8F8836125B    11442 Thu Jan  7 19:57:11  root@pve.lan
(connect to alt1.aspmx.l.google.com[2607:f8b0:400e:c04::1a]:25: Network is unreachable)
                                         removed@example.com

DB378361ADF    11438 Fri Jan  8 00:07:42  root@pve.lan
     (connect to alt1.aspmx.l.google.com[74.125.28.26]:25: Connection refused)
                                         removed@example.com
 
the messages in the queue are status and "monitoring" messages from PVE - you might want to consider configuring the mail-system on your node so that they get delivered (there are quite a few threads in this forum about sending mails to gmail)
 
I did provide a valid email at the time of PVE installation, do I need to do anything else to receive messages/notification via email? I removed it from the log before posting.
 
coldfire7 said:
(delivery temporarily suspended: connect to alt2.aspmx.l.google.com[2607:f8b0:4023:c03::1a]:25: Network is unreachable)
Click to expand...
this line indicates that your system seems to have an IPv6 address configured, without having access to the public IPv6 internet...

coldfire7 said:
(delivery temporarily suspended: connect to alt1.aspmx.l.google.com[74.125.28.26]:25: Connection refused)
Click to expand...
this indicates that the system cannot connect to the public ipv4 internet (more specifically one IP from google's mailservices) on port 25 - this is something that some service providers block access to port 25 on the public internet - in order to prevent spam - an alternative explanation is that you have a firewall in place with a rule of blocking outbound connections to port 25

coldfire7 said:
do I need to do anything else to receive messages/notification via email?
Click to expand...
in the case where port 25 is blocked it is usually possible to connect with authentication to a mail-server via port 587 with starttls.
see e.g.
https://forum.proxmox.com/threads/how-to-properly-setup-postfix-email-notifications.79821/
https://forum.proxmox.com/threads/s...otifications-configuration.69003/#post-334128
 
  • Like
Reactions: coldfire7
Thanks! Issue fixed. One of my ISP seems to be blocking port 25 and 587, that was causing all the issues.

{1} https://www.reddit.com/r/homelab/comments/5nzmm3/setting_up_the_proxmox_email_alerts/dcfihdw/
{2} https://www.linode.com/docs/guides/...ng-gmail-and-google-apps-on-debian-or-ubuntu/
Code: 
root@hydra ~
❯ cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

myhostname=host.example.com

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
inet_interfaces = loopback-only
recipient_delimiter = +

compatibility_level = 2

# Gmail
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s

How to check if SMTP port 25 and port 587 are blocked:
Port 25
Code: 
❯ telnet smtp.google.com 25
Port 586
Code: 
❯ openssl s_client -starttls smtp -connect smtp.gmail.com:587 -crlf -ign_eof
 
Last edited:
  • Like
Reactions: Stoiko Ivanov
Glad that worked out :)

Please mark the thread as 'SOLVED' - this helps others who also run into this kind of problems.
Thanks!
 
You must log in or register to reply here.
Top Bottom