Settings of the Proxmox Mail Gateway as SMTP server with SMTP authenication

T

testOA

New Member
Aug 25, 2025
1
0
1
Hi everyone, I am trying to build a Proxmox Mail Gateway as SMTP server to send notification for external person.
By default, it delivers by 25 and 26 ports. And sometimes reponsed that the emails become spam mail that without SMTP auth.
So I trying to enable the SMTP authenication.

I had read some instruction to do the configuration in the main.cf file of Postfix , creating SASL for SMTP authenication.
Mostly the instruction describe to use the gmail SMTP as the relayhost.
However, I don't want to use the external SMTP server and the gmail accounts.

For example, I created the VM , installed Proxmox Mail Gateway 7.0.6 , running as Debian OS in default.
I assigned the DNS name "pmg.mydomain.com" to it.
And I also allowed all ports for SMTP required.
Is it possible to set the server itself as the SMTP server with the SMTP authenication?


In main.cf:
Code: 
relayhost = [pmg.mydomain.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

In sasl_passwd
Code: 
[pmg.mydomain.com]:587    SMTP_username:SMTP_password
 
So i also had a strong use case to have the gateway support auth email.

I wanted it so not run on the config of Proxmox Mail Gateway to minimize problems interference ect. so i run the auth option on port 587

This is the changed you need to do for PMG 9.0-1 Install:
/var/lib/pmg/templates/master.cf.in
#----------------------------------------------------------
# Custom Code: Submission Port 587 for SMTP AUTH
#----------------------------------------------------------
587 inet n - - - - smtpd
-o smtpd_tls_cert_file=/etc/pmg/pmg-tls.pem
-o smtpd_tls_key_file=/etc/pmg/pmg-tls.pem
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=cyrus
-o smtpd_sasl_path=smtpd
-o smtpd_sasl_security_options=noanonymous
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#----------------------------------------------------------
cat > /etc/sasl2/smtpd.conf <<'EOF'
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN
sasldb_path: /etc/sasldb2
EOF
#----------------------------------------------------------

#----------------------------------------------------------
apt install sasl2-bin libsasl2-modules
#----------------------------------------------------------
pmgconfig sync --restart 1
systemctl restart postfix
#----------------------------------------------------------

#----------------------------------------------------------
Create Users for Auth.
#----------------------------------------------------------
saslpasswd2 -c -u DOMAIN USERNAME -> this will create a user USERNAME@DOMAIN
Password need to be input here
#----------------------------------------------------------

#----------------------------------------------------------
List Users for Auth.
#----------------------------------------------------------
sasldblistusers2
#----------------------------------------------------------

#----------------------------------------------------------
Remote Users for Auth.
#----------------------------------------------------------
saslpasswd2 -d -u DOMAIN USERNAME
#----------------------------------------------------------
Hope this help anyone took me hours to figure this one out and get it to work.

Pros with this is you can keep config for ports 25 and 26 as is and have a seperate smarthost firewall rule for port 587.

Working nicely for me.
 
You must log in or register to reply here.
Top Bottom