[SOLVED] VPS hosting for PMG needed

[mylesw]

Hi there, we run a PMG system that front-ends our mail server (Axigen) and it works perfectly. We had a number of colocated servers in a data center in Phoenix, USA but have decided to decommission those servers. We downsized to a single server in Texas, and that works great. Except....

The new colocation provider's entire network is flagged by UCE-3 and they can't get off the blacklist. This means that certain mail domains (Google, Microsoft, Yahoo, etc.) have been really hard for us to mail to from the new mail IP address that PMG sends through. We front-end all email in through PMG and out as well. I reached out to tech support at the data center for this, only to be told that their entire IP allocation is affected by this and they don't have a solution.

So I thought maybe if I could just move the PMG installation to another provider that was inexpensive, and we could create a IPSEC tunnel between that server and our mail server, that could work as long as the outbound IP address isn't on any blacklists. The problem is that I won't know the IP address until I sign up with one, and it could be a waste of time and possibly money to find this out. Also I will need to install PMG on the VPS, so ideally I would like a hosting provider that understands Proxmox and I can just install an ISO of PMG, and then migrate all of our settings to it. I haven't installed PMG on bare metal before, and although I'm sure it isn't a big deal, it would be just easer to restore the backup of the VM that we have on the new server.

Does anyone here have a recommendation for any hosting provider that has clean IPs and doesn't allow spammers anywhere near their network? I have to choose one that will work for both now and for the future. And maybe a provider that hosts PMVE so I can possibly cluster to it. Ideally all in the USA as that is where we operate from.

Thanks in advance for any info.

Myles

 

[Johannes S]

Hi,

I'm not sure whether they will host you but Hetzner has quite a reputation on reddit for "banning accounts for no good reason". Usually it turned out that the complaining users did something shady (like using a debit card with a different owner name than the one they used for registering at Hetzner), or againt their terms of use (like doing crypto mining on their vserver , hosting spammers (with or without knowing it) etc). This might also be a problem though if you connecting from a known blacklisted entity but still worth a shot imho. They are based in Germany but also have datacenters in Finland, Singapur and the USA (the later one on rented infrastructure afik). So I would just contact them, be upfront what you need and why and ask whether they would still accept you as a customer: https://www.hetzner.com/support-form/
I'm not sure whether they provide a PMG install iso on their own but afik you can always use a custom iso for setting everything up.

Personally I use netcup as provider of my vserver. They are even cheaper than Hetzner but my impression is that they are more for home users like myself and I'm not sure right now whether they have a US location or are allowing custom isos.

Hth, Johannes.

 

[mylesw]

Hi,

I'm not sure whether they will host you but Hetzner has quite a reputation on reddit for "banning accounts for no good reason". Usually it turned out that the complaining users did something shady (like using a debit card with a different owner name than the one they used for registering at Hetzner), or againt their terms of use (like doing crypto mining on their vserver , hosting spammers (with or without knowing it) etc). This might also be a problem though if you connecting from a known blacklisted entity but still worth a shot imho. They are based in Germany but also have datacenters in Finland, Singapur and the USA (the later one on rented infrastructure afik). So I would just contact them, be upfront what you need and why and ask whether they would still accept you as a customer: https://www.hetzner.com/support-form/
I'm not sure whether they provide a PMG install iso on their own but afik you can always use a custom iso for setting everything up.

Personally I use netcup as provider of my vserver. They are even cheaper than Hetzner but my impression is that they are more for home users like myself and I'm not sure right now whether they have a US location or are allowing custom isos.

Hth, Johannes.

Thank you so much for this information. I'll reach out to Hetzner and see if they will take me. We don't do anything other than run our own mail server for a handful of users, and there is no spam. We could just use Google Workspaces, but it kinda irks me of the privacy issues with that. I've run my own mail server for 20 years, so no problem with doing the heavy lifting on this. Just wanted to find a host that is not Spam friendly, so we can get clean IP addresses.

 

[mylesw]

Hi,

I'm not sure whether they will host you but Hetzner has quite a reputation on reddit for "banning accounts for no good reason". Usually it turned out that the complaining users did something shady (like using a debit card with a different owner name than the one they used for registering at Hetzner), or againt their terms of use (like doing crypto mining on their vserver , hosting spammers (with or without knowing it) etc). This might also be a problem though if you connecting from a known blacklisted entity but still worth a shot imho. They are based in Germany but also have datacenters in Finland, Singapur and the USA (the later one on rented infrastructure afik). So I would just contact them, be upfront what you need and why and ask whether they would still accept you as a customer: https://www.hetzner.com/support-form/
I'm not sure whether they provide a PMG install iso on their own but afik you can always use a custom iso for setting everything up.

Personally I use netcup as provider of my vserver. They are even cheaper than Hetzner but my impression is that they are more for home users like myself and I'm not sure right now whether they have a US location or are allowing custom isos.

Hth, Johannes.

Something kinda crazy happened. I reached out to Hetzner and asked them about clean IPs, etc. and they were very helpful. I spun up one of their servers and they even have a Proxmox Mail Gateway ISO image available to mount and install. So I spent 5 hours installing and then configuring every detail. Hooked it to my mail servers, setup firewalls, etc. and it worked perfectly.

Except... I'm looking at the logs and seeing that I couldn't send out email. The logs showed a timeout trying to connect to any external SMTP server. I dug around a bit, and was about to reach out to support on this, only to find a standard message response saying that "ALL Cloud servers have ports 25 & 465 blocked for outbound mail". Sheesh. It seems counterproductive to me to offer Proxmox Mail Gateway ISO for installation if you can't use it for outbound relaying. I've sent them a support message, but I suspect I'll get some canned response like, "Sorry, not sorry" or something.

Anyway back to the drawing board. I'll try LUNA and see how I go.

 

[mylesw]

Just wanted to follow up on this as I solved it with a solution. Before anyone embarks on trying to install PMG at Hetzner (which I kinda love their services and their UI for admin, etc.) know that they don't let you send out on port 25 or 465 at all. No exceptions it would seem. This is counter intuitive since PMG should be the front-line defense for both incoming and outgoing emails with a mail server. So I had to abandon that effort, although I might use them for other services not involving email.

After trying about 6 other hosts, I finally found one that not only worked and their tech support (pre-sale) was outstanding and really helpful. It was lunanode.com out of Canada. They were very reasonably priced for a VM that would do what I needed (about USD $14 a month) and I was able to upload the PMG ISO and boot from it to install on their VM. Their VNC panel is kinda clunky and it didn't render the KVM of the install very well, but I was able to muddle through that and get it installed. They have a pretty decent firewall setup that comes free with the VM, so I was able to open the ports I needed and make sure all others were closed. And their Reverse DNS setup was instant and worked great.

The IP address I was given was not on any blacklists nor was their entire network. My emails are now reaching their intended destinations without any issue.

I hope this helps someone out in the future. Although I realize that hosting your own email is probably frowned upon by many so called "IT professionals" these days, I live by the mantra that I will take the harder path if it means protecting my privacy and wallet, because those IT professionals will typically tell you tales that lead you down to being a pawn on someone else's chessboard. Good luck and I hope this was useful for someone.

And THANK YOU big time to the Proxmox team for making a solid and great open source product.