[SOLVED] Restrict outgoing email from a list of IPs

AsankaG

Member
Jul 17, 2018
23
2
23
36
Hi All,

I did a similar setup about 4 years ago, but I do not have access to notes or the system I built back then. I tried searching online but I'm drawing a blank right now.

My requirements are as follows:
I have a few servers that sends out bulk emails to all manner of email addresses. These servers would connect to PMG on port 26 and PMG would forward these out an upstream relay host.
I want to make sure only these servers are able to send email out via PMG and everything else if they tried to use PMG to be rejected.
PMG server will not be used for inbound email. This is purely used as an outbound relay server.

I've setup a lab just now, and with default settings, outbound emails are being sent/delivered without even setting up trusted IPs/networks.

TIA
 
These servers would connect to PMG on port 26 and PMG would forward these out an upstream relay host.
PMG accepts mails on the internal port if either:
* they are listed in the trusted networks (GUI->Configuration->Mail Proxy->Networks)
* or they are automatically added to the transport nets:
** this is simply the network where the IP of PMG is in - i.e. if you've configured the ip of PMG as 192.0.2.5/24 - then 192.0.2.0/24 is added

you can tweak the behavior by modifying the main.cf.in template of pmg - see the reference documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

replace the variable `postfix.mynetworks` either by `postfix.transportnets` or just hardcode it (then you cannot modify it via the GUI anymore) - see also the output of `pmgconfig dump` for variables you can use in the template

I hope this helps!
 
Thanks for the quick response.

So, if I understood you correctly, since the sender in my lab is in the same network as the PMG IP, it is automatically in a trusted list.

I'll check the variables when I get back home to see if the simple variable change will sort the issue.

Thanks a lot.
 
So, if I understood you correctly, since the sender in my lab is in the same network as the PMG IP, it is automatically in a trusted list.
yes :)

good luck with your setup - and let us know how it went
 
Hi All,

I've managed to sort this out with the instruction provided. I added a little bit of tweaking using the mail filter options to restrict all but a certain set of IPs from the same network as PMG sits.

Thanks again for your help.
 
  • Like
Reactions: Stoiko Ivanov

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!