Hello everyone,
Does anyone use the combination of NethServer (as mail server) - Proxmox Mail Gateway (PMG)?
I am unable to configure the sending of emails through PMG. It should work by configuring “Smart host” in NethServer (Settings) but …
I must be wrong somewhere, either at NethServer, or at PMG, or even at both.
Any info from you is welcome!
TIA,
Gabriel
Hi Gabriel,
I’m using PMG, although not with NS, but the settings should be same.
Can you please post at least mail.cf of your postfixes at NS and PMG?
Hi @aasami
Thanks for the reply!
I think you meant main.cf instead of mail.cf, right?
History in brief:
Nov 17 15:55:00 pmg-gtbs postfix/smtpd[22786]: connect from host-gtbs.gtbs.ro[10.0.10.12]
Nov 17 15:55:00 pmg-gtbs postfix/smtpd[22786]: Anonymous TLS connection established from host-gtbs.gtbs.ro[10.0.10.12]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 ( 256/256 bits)
Nov 17 15:55:00 pmg-gtbs postfix/smtpd[22786]: disconnect from host-gtbs.gtbs.ro[10.0.10.12] ehlo=2 starttls=1 quit=1 commands=4
Gabriel
Hi Gabriel,
In NS you set the smarthost as: IP of PMG:26
Thanks,
Is there a configuration tested and working for SMTP and related on a client?
Can nethserver ping 10.0.10.5?
Can you telnet on port 26 from Nethserver?
Hi @pike ,
Thank you for reply!
It works for incoming emails.
It responds to PING.
I think there is a problem with TELNET …
SYSLOG PMG to TELNET:
Nov 19 13:12:50 pmg-gtbs postfix/smtpd[50965]: lost connection after CONNECT from host-gtbs.gtbs.ro[10.0.10.12]
Nov 19 13:12:50 pmg-gtbs postfix/smtpd[50965]: disconnect from host-gtbs.gtbs.ro[10.0.10.12] commands=0/0
[root@host-gtbs ~]#
[root@host-gtbs ~]# ping 10.0.10.5
PING 10.0.10.5 (10.0.10.5) 56(84) bytes of data.
64 bytes from 10.0.10.5: icmp_seq=1 ttl=64 time=0.541 ms
64 bytes from 10.0.10.5: icmp_seq=2 ttl=64 time=0.573 ms
64 bytes from 10.0.10.5: icmp_seq=3 ttl=64 time=0.579 ms
64 bytes from 10.0.10.5: icmp_seq=4 ttl=64 time=0.586 ms
64 bytes from 10.0.10.5: icmp_seq=5 ttl=64 time=0.556 ms
^C
--- 10.0.10.5 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.541/0.567/0.586/0.016 ms
[root@host-gtbs ~]#
[root@host-gtbs ~]#
[root@host-gtbs ~]#
[root@host-gtbs ~]# telnet 10.0.10.5 26
Trying 10.0.10.5...
Connected to 10.0.10.5.
Escape character is '^]'.
220 pmg-gtbs.gtbs.ro mail.gtbs.ro
^]
telnet> quit
Connection closed.
[root@host-gtbs ~]#
PMG expects encrypted connections on port 26? If not, i’d disable “ecnrypted connections” on NethServer.
I also tried without encrypted connection …
Hi,
No encryption or authentication.
PMG expects this host to be on the “inside” of your network and it will receive and forward.
Don’t forget to configure DKIM per domain.
Best regards,
Hi @jfranco,
I tried without: username, password and Encrypted connections.
I did not succeed.
PMG and NS are in the DMZ (same network).
DKIM is configured from NS.
From what I saw in the PMG syslog, for inbound, the connection appears on port 25, but when I try to connect via smarthost, port 26 does not appear:
Nov 21 08:59:53 pmg-gtbs postfix/postscreen[183906]: CONNECT from [103.151.125.9]:25675 to [10.0.10.5]:25
Nov 21 08:59:53 pmg-gtbs postfix/dnsblog[183908]: addr 103.151.125.9 listed by domain zen.spamhaus.org as 127.0.0.3
Nov 21 08:59:53 pmg-gtbs postfix/dnsblog[183908]: addr 103.151.125.9 listed by domain zen.spamhaus.org as 127.0.0.4
Nov 21 08:59:53 pmg-gtbs postfix/postscreen[183906]: PREGREET 11 after 0.29 from [103.151.125.9]:25675: EHLO User\r\n
Nov 21 08:59:53 pmg-gtbs postfix/postscreen[183906]: DISCONNECT [103.151.125.9]:25675
Nov 21 09:00:08 pmg-gtbs systemd[1]: Starting Hourly Proxmox Mail Gateway activities…
Nov 21 09:00:08 pmg-gtbs postfix/smtpd[183948]: connect from host-gtbs.gtbs.ro[10.0.10.12]
Nov 21 09:00:08 pmg-gtbs postfix/smtpd[183948]: Anonymous TLS connection established from host-gtbs.gtbs.ro[10.0.10.12]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 ( 256/256 bits)
Nov 21 09:00:08 pmg-gtbs postfix/smtpd[183948]: disconnect from host-gtbs.gtbs.ro[10.0.10.12] ehlo=2 starttls=1 quit=1 commands=4
BR,
Gabriel
P.S
If I create a relay host in Email → Relay (without username, password, with or without TLS) then I can send emails via PMG, but I don’t think it’s the same as when using smarthost.
Maybe you have not created the transport in PMG? Every host or domain that will use PMG as a proxy needs to be configured in the transport tab.
Port 25 is the one PMG will use to receive email and filter (it does a bad job at it).
Port 26 is the one PMG will use to receive email and send to the destination.
SPF wil be set on your nameserver.
DKIM needs to be disabled in NS and enabled in PMG.
Best Regards,
Hi @jfranco,
Thank you for your interest in my problem.
From what I understood from the PMG documentation, “Transport” is used for additional mail servers. I have only one mail server and nothing should be configured here. Anyway, I also tried with Transport, although in my case the settings are the same as in “Relayng”.
Also, in the PMG documentation it is written that if the PMG and the mail server are in the same subnet (DMZ in my case), nothing needs to be configured in “Networks”. However, I have added the mail server IP here.
As I said before, in the firewall I forwarded port 25 from RED (the public IP of the mail server) to DMZ (the internal IP of the mail server). All the emails I receive (inbound emails) go through PMG and reach the mail server without any problem.
The problem I have is with sending emails through PMG, configuring/using Smarthost.
I don’t know if the solution adopted with the addition of port 26 in the mail server (NethServer) and not the total replacement of port 25 with 26 is the correct one.
Also, why can I connect to PMG from NethServer on port 26 from “Email → Relay → Create relay host” and from “System → Settings → Smart host: use a smarthost”, no (the settings are almost the same : PMG IP, port, without username and password)?
Usually, I configure/put the records for SPF, DMARC and DKIM, in the nameserver.
Thank you for your patience,
Gabriel
Hi Gabriel,
Sorry for taking too long to reply, but I’m addicted to Soccer 
OK, from nethserver install telnet:
yum install telnet
Then, try from the nethserver:
telnet IP_of_PMG 26
Here you can configure the ports:
You need to configure the DKIM on this server, which will be the last one before the email goes out.
Best regards,
Hi @jfranco ,
I hope you enjoy! 
I already did that. I posted above.
I try one more time:
[root@host-gtbs ~]# telnet 10.0.10.5 26
Trying 10.0.10.5...
Connected to 10.0.10.5.
Escape character is '^]'.
220 pmg-gtbs.gtbs.ro mail.gtbs.ro
stay here until I send the following commands:
^]
telnet> quit
Connection closed.
[root@host-gtbs ~]#
Here is from the PMG Syslog regarding telnet:
Nov 25 11:51:37 pmg-gtbs postfix/smtpd[230656]: connect from host-gtbs.gtbs.ro[10.0.10.12]
Nov 25 11:51:48 pmg-gtbs postfix/smtpd[230656]: lost connection after CONNECT from host-gtbs.gtbs.ro[10.0.10.12]
Nov 25 11:51:48 pmg-gtbs postfix/smtpd[230656]: disconnect from host-gtbs.gtbs.ro[10.0.10.12] commands=0/0
The only thing I haven’t done yet is to disable DKIM from NethServer, delete the registration from my nameserver and set DKIM from PMG. But I don’t think this prevents authentication as a “Smarthost” from NethServer.
Again, the authentication as “Relay host” from NethServer works.
Gabriel
Hi Gabriel,
So everything IS working. As you stated, you are relaying the messages from your domain in NS through the PMG server, meaning you are using the PMG as a smarthost.
Best regards,
Hi @jfranco ,
Yes, now I can send emails via PMG.
I am confused about the two ways to send emails through PMG, so to use PMG as a Smarthost:
Which of the two ways should be used in this case (NS Mail server → PMG → Internet)?
In the “Default relay host settings” section, it says in two places that this method is not recommended, but towards the end, it says that “The System > Settings > Smart host section, configures the outgoing messages to be directed through a special SMTP server, technically named smarthost.”
Isn’t PMG “a special SMTP server”?
I think this is where my confusion comes from regarding the two ways of sending emails through PMG as smarthost.
BR,
Gabriel
AFAIK… NethServer might (or might not) be a Mailserver.
If it’s a mailserver, can use a SmartHost for deliver messages submitted by users (as username and password)
If it’s not a mail server, it acts like a client for deliver notifications using a specified email server.
Hi @pike ,
In my case, NethServer is a Mailserver.
So, “can use a SmartHost for deliver messages submitted by users (as username and password)”.
But what do you mean by “use a SmartHost”?
“Relay hosts” or “Default relay host settings”?
Gabriel
If my goal is notify some things about nethserver, this is the section for deliver notification.
System => settings => SmartHost
You can also not use smarthost for notifications, but this could lead to some kind of issues (you might not be notified if postfix is having issues)
These are my info and usercases… anyone can have different mileage.
