[SOLVED] Proxmox querying Gmail/GSuite MX records 24/7

coldfire7

Member
Sep 28, 2020
11
5
8
39
127.0.0.0/8
Proxmox querying Gmail/GSuite MX records 24/7, is this normal?

LopcQTT.png
 
Last edited:
If the question is directed to a Proxmox VE installation - the most likely source of those requests is the e-mail address you've configured for the root-user (this address gets some notification from the system - and if the domain is hosted with gmail/google that would explain the lookups)

I hope this helps!
 
Mail queue was causing the issue, cleared it and the issue is gone.

Code:
❯ mailq
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
D75CB361C16    11490 Fri Jan  8 00:48:23  root@pve.lan
(delivery temporarily suspended: connect to alt2.aspmx.l.google.com[2607:f8b0:4023:c03::1a]:25: Network is unreachable)
                                         removed@example.com

D31BE361274    11604 Thu Jan  7 21:59:46  root@pve.lan
(delivery temporarily suspended: connect to alt1.aspmx.l.google.com[74.125.28.26]:25: Connection refused)
                                         removed@example.com

D8F8836125B    11442 Thu Jan  7 19:57:11  root@pve.lan
(connect to alt1.aspmx.l.google.com[2607:f8b0:400e:c04::1a]:25: Network is unreachable)
                                         removed@example.com

DB378361ADF    11438 Fri Jan  8 00:07:42  root@pve.lan
     (connect to alt1.aspmx.l.google.com[74.125.28.26]:25: Connection refused)
                                         removed@example.com
 
the messages in the queue are status and "monitoring" messages from PVE - you might want to consider configuring the mail-system on your node so that they get delivered (there are quite a few threads in this forum about sending mails to gmail)
 
I did provide a valid email at the time of PVE installation, do I need to do anything else to receive messages/notification via email? I removed it from the log before posting.
 
(delivery temporarily suspended: connect to alt2.aspmx.l.google.com[2607:f8b0:4023:c03::1a]:25: Network is unreachable)
this line indicates that your system seems to have an IPv6 address configured, without having access to the public IPv6 internet...

(delivery temporarily suspended: connect to alt1.aspmx.l.google.com[74.125.28.26]:25: Connection refused)
this indicates that the system cannot connect to the public ipv4 internet (more specifically one IP from google's mailservices) on port 25 - this is something that some service providers block access to port 25 on the public internet - in order to prevent spam - an alternative explanation is that you have a firewall in place with a rule of blocking outbound connections to port 25

do I need to do anything else to receive messages/notification via email?
in the case where port 25 is blocked it is usually possible to connect with authentication to a mail-server via port 587 with starttls.
see e.g.
https://forum.proxmox.com/threads/how-to-properly-setup-postfix-email-notifications.79821/
https://forum.proxmox.com/threads/s...otifications-configuration.69003/#post-334128
 
  • Like
Reactions: coldfire7
Thanks! Issue fixed. One of my ISP seems to be blocking port 25 and 587, that was causing all the issues.

{1} https://www.reddit.com/r/homelab/comments/5nzmm3/setting_up_the_proxmox_email_alerts/dcfihdw/
{2} https://www.linode.com/docs/guides/...ng-gmail-and-google-apps-on-debian-or-ubuntu/
Code:
root@hydra ~
❯ cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

myhostname=host.example.com

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
inet_interfaces = loopback-only
recipient_delimiter = +

compatibility_level = 2

# Gmail
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s

How to check if SMTP port 25 and port 587 are blocked:
Port 25
Code:
❯ telnet smtp.google.com 25
Port 586
Code:
❯ openssl s_client -starttls smtp -connect smtp.gmail.com:587 -crlf -ign_eof
 
Last edited:
  • Like
Reactions: Stoiko Ivanov
Glad that worked out :)

Please mark the thread as 'SOLVED' - this helps others who also run into this kind of problems.
Thanks!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!