About Proxmox Mail Gateway
This Article has been revised (Thanks to Robert Schuster for correction).
Proxmox Mail Gateway 5.0 was released a long time ago. It has a lot of feature to securing your email server from the spam attack. They did a big revolution from the latest version. And it’s amazed me.
For more information about Proxmox Mail Gateway 5.0, please see the docs.
One of the best features,
Many spams coming to a non-existent user. So, PMG will protect your email server from this problem. PMG will synchronize users from your mail server LDAP or Active Directory. This can be done if you have an email server that using LDAP or AD to save your user data. For Example, I use Zimbra Mail Server who have LDAP Services to synchronize it with PMG.
Before you go to configuration steps, make sure:
- You have configured your email server MX route to Proxmox Mail Gateway.
- You have configured your email route from Proxmox Mail Gateway to your email servers.
- Your incoming traffic for port 25 has been configured correctly.
- And…Don’t forget to take a cup of coffee.
Let’s Configure it
So, in this case. I have Zimbra Mail Server and Proxmox Mail Gateway with below identity:
- Proxmox Mail Gateway : 192.168.88.122
- Zimbra Mail Server : 192.168.88.121
Create LDAP Configuration
First, we have to connect and set up LDAP connection on PMG to Zimbra. Make sure it can connect to each other.
To add LDAP configuration on PMG, please following this steps:
- Go to PMG web administration, https://yourpmgip:8006
- On Configuration Menu, click User Management | LDAP
- Add your LDAP configuration, below is example configuration :
- Profile Name: Your LDAP profile name. Give it name as you wish, don’t use a symbol or special characters.
- Protocol: LDAP. leave it as default. If your LDAP using TLS connections you can change it to LDAPS protocol.
- Server: Your LDAP/Zimbra IP Address.
- Port: 389 for LDAP. 636 for LDAPS
- Username: You can use one of your email server user. to configure it use the LDAP format, such as: “uid=yourldapuser,ou=people,dc=dhenandi,dc=web,dc=id“.
- Password: Your LDAP user password
Then, save your configuration, LDAP will synchronize it! Yay.
Configure the Rules!
It’s not over, the next step we have to configure the rule in order to activating LDAP Verification on PMG.
- Go to Mail Filter Menu | Choose Who Objects | and create a new rule
- Then, fill it with unknown LDAP Groups. It’s mean this who object define users who not included on your LDAP.
- You can choose to use Unknown LDAP Address to define per LDAP profile or choose “Unknown LDAP Address, any profile” to define all profiles if you have multiple LDAP profiles. In this case,
iwill define only one LDAP profile (ldapmail)
iwill give bounce-back notifications to the sender that their destination did not exist. To configure it, go to Mail Filter Menu | Choose Action Objects and Add Notification. Below is an example ofa bounce message.
- Name: Bounce Back Unknown Recipient
- Descriptions: This rule contains email for
userwho sends an email to an unknown recipient
- Receiver: __SENDER__ (it’s mean, a notification email will be sent to sender)
- Subject: Fill it as you wish. For example “Notification [Bounce Back] : __SUBJECT__“
- Body: Your email content, example:
This is the mail system at host asav.dhenandi.web.id.
I'm sorry to have to inform you that your message could not be delivered, because: <__RECEIVERS__> didn't listed in our email servers.
So, please check whether the email address you typed is correct.
For more variables, please see the PMG docs.
- Then, to activate your
object-orientedrules that you have configured. Go to Mail Filter menu then add a rule like this.
- And, configure the rule according to your objects. You can click + symbols to add it to your rules. And give it Block Action to discard the message.
- Finally, you have configure it! Yeay
Ah, for the last thing. PMG will synchronize LDAP every 10 minutes. So, it doesn’t directly sync if you add a new user on your email servers and it takes a time to sync.
But, you can sync LDAP every minutes to speed up your synchronization using crontab, for example you want to sync it every minutes.
Go to CLI/PMG Console you can use SSH or PMG web administration on Administration | Console, and add a cronjob like this.
# crontab -e
* * * * pmgconfig ldapsync >/dev/null 2>&1
Gotcha! Now, test your configuration by sending an email to user that not existed on email server.
And, your email will be rejected by PMG because the rule that you have created, and it will give a bounce notification.
Voillaa…You did it!
Notes: Need to fix the sender notifications in order to use your domain (email@example.com), not use your hostname (firstname.lastname@example.org)?. I mean, please see the sender on above picture. I have a solution for you….Just give me a time to write it 😀
Update: For the above problem.
Interested to use Proxmox Mail Gateway Support & Subscriptions License?
Don’t hesitate to contact email@example.com. Our sales will give the best price and best services for you!