Understanding PMG

gamma goblin

New Member
Dec 30, 2018
2
0
1
37
Hello,

I've read some documentation and some threads in the forum and I feel a little stupid because I don't get how PMG is supposed to work (I'm pretty noob regarding mail protocol).

I made a little picture to show what I understand this far.

So basically, I imagine when gmail or any mail server tries to send me a mail this is done on port 25 (maybe 465 also ?) and I should route this trafic to PMG with my firewall (I didn't try it this far, but it's how I imagine the stuff working).

Now when I would like to send a mail from my Thunderbird at home, how can I do that, since I'm supposed to register to my mail server on port 465 to be allowed to send the email ?
Since port 465 is send to PMG who doesnt know anything about my mail account and can't provide me authentification I don't see how this should work...

Should i maybe only send port 25 to PMG and all the other ports (465, 587) directly to my mail server ?

Regarding outgoing mail from an internal server, should I send that to PMG also (who will route it back to the mail server) ? I've read the port 26 should be used for that, but I'm wondering what's the use for this since I'm pretty sure that my internal servers are not sending spam...

Again sorry if my question is stupid, but I'm trying to find some noob explanation and I didn't find it so far.

Have a pleasant night !

understanding_pmg.png
 
PMG is nothing for you, if you don't run your own mail domain, where you can direct mails through PMG. Same for outgoing mails (if you want them to be processed by PMG), you need to have your own mail server, PMG is not meant for providing outgoing mail auth (although both things to combine in PMG together with a mail archive would be a great idea for Proxmox for a new or upcoming product). So your Thunderbird at home should connect to your own Mail Server as well for IMAP as for SMTP. Normally you should use Port 993 for IMAPS and 589 for SMTP Submission with STARTTLS, Port 465 or SMTPS is not wide spread and shouldn't be used any more, use SMTP with (maybe mandantory STARTTLS) or Submission for outgoing mails as well with STARTTLS. Your Mailserver should deliver mails via Port 26 to PMG, which sends the mail to "the internet", your Mailserver should not send any mails to anywhere anymore just through PMG. Incoming same thing, any external server (e.g. Gmail) should send Mails to PMG via Port 25 (best with STARTTLS), so therefore you need to configure PMG to be your MX. To prevent spammers from spamming you directly, your Mail Server should not accept any incoming mails any more, just from PMG, best via Port 25 with STARTTLS.

So your graphic should be

Thunderbird at home
- Port 589 with STARTTLS and 993 => Firewall with NAT => Mail Server with Postfix and Dovevot

GmailServer
- Getting mails via Port 25 from PMG or sending Mails to PMG via Port 25, best with STARTTLS

PMG
- sending incoming mails to Mail Server via Port 25 on the Mailserver with STARTTLS, receiving outgoing mails from Mail Server via Port 26 with STARTTLS
- sending mail e.g. to your Gmail Server
- receiving mail e.g. from additional internal servers you may have

Mail Server
- sending outgoing mails to PMG as described above, receiving incoming mails from PMG as desribed above, doesn't send or receive anything else in any other direction with servers, just handles your Thunderbird client for sure as well on Port 587 and 993

Internal random server
- unsure, what this should be, but they may best also send their mails through PMG, however, why additional internal servers and why not behind your firewall?

External randon server
- delivering mails to PMG via port 25, best with STARTTLS
 
Great ! A big thank you for the time you took to answer my questions, it makes a lot more sense to me now. Happy new year and good luck to you.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!