惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
Netflix TechBlog - Medium
雷峰网
雷峰网
The Cloudflare Blog
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
月光博客
月光博客
美团技术团队
J
Java Code Geeks
S
SegmentFault 最新的问题
罗磊的独立博客
WordPress大学
WordPress大学
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
腾讯CDC
博客园 - 三生石上(FineUI控件)
V
Visual Studio Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 司徒正美
T
Tailwind CSS Blog
宝玉的分享
宝玉的分享
博客园 - 聂微东
Apple Machine Learning Research
Apple Machine Learning Research
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - Franky
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
aimingoo的专栏
aimingoo的专栏
M
MIT News - Artificial intelligence
B
Blog RSS Feed
Martin Fowler
Martin Fowler
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 【当耐特】
D
Docker
爱范儿
爱范儿
云风的 BLOG
云风的 BLOG
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Check Point Blog
博客园_首页
Vercel News
Vercel News
量子位
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Last Week in AI
Last Week in AI
The Register - Security
The Register - Security
G
Google Developers Blog
Hugging Face - Blog
Hugging Face - Blog

Proxmox Support Forum

[SOLVED] - Github Auth for Mirrors-Kernel Repo? [Automation] Mass migration tool for MS Win11/Server Proxmox GUI hang - not response is it possible to reject or quarantine spam based on conditions I set ? The PVENode task list in PVE9 is partially obscured due to the terminal font being too large. About 100% error reporting due to pveproxy.service hooks Kubernetes overlay networking breaks when upgrading from PVE 9.1 to PVE 9.2.3 Zentraler Speicher No space left on device Combine datastore and direct file archival to tape Kernel panic VFS: Unable to mount root fs on unknown-block (0,0) sobald ein 7.x Kernel verwendet wird. How to migrate disk of a VM from one ZFS to another Windows Server 2025 fails to boot after PVE 9.2 / Linux 7.0 Kernel upgrade Cannot Install Proxmox on T610 Poweredge with H700 PERC card sdn Config. gateway not reachable How to safely change domain/FQDN? Welche Filterquote erreicht ihr? NFS Share status unknown on 2 of 5 nodes Can't connect to PVE9 consoles [solved] Can't connect to PVE9 consoles [solved] [SOLVED] - Use secondary network for PVE commands Created cluster, one node storage gone BUG: proxmox mail gateway FROM = null bypass spam filtering Moving existing PBS from VMWare workstation to PVE cluster Does eBGP SDN fabric support external peering? Bug: PDM 1.1 not recognizing valid license status Proxmox GUI hang - not response PVE crashes unexpectedly Proxmox Backup Server 4.2 released! Advice ceph-osd crashes with kernel 6.17.2-1-pve on Dell system [META] Links on Proxmox Forum Website Hardwarer oder Software RAID Joining a cluster with already created guests VM PDM missing backup jobs from PVE / Log retention Remove VM.Monitor from all users/roles, PVE 9.2 Proxmox Freezing (new instalation) 9.2.2 - Intel 12700T No Web gui and random connection reset by peer [SOLVED] - i40e module for X710 Intel NIC Dutch Proxmox Day 2026 How pools use the space Corosync initiiert Reboot trotz Verfügbarkeit der Systeme Opt-in Linux 7.0 Kernel for Proxmox VE 9 available After PVE 8to9 upgrade, unable to check guest fs freeze status Problem with MegaRAID SAS3508 controller proxmox-kernel-7.0.2-6-pve failing network service Auto sync guest time after rollback of VM snapshot with RAM/state Broadcom BCM57504 (100G) bnxt_en TX timeout and NIC reset on Proxmox 8.1.5 — while BCM57414 (25G) works fine on same host QEMU 11.0 available on pve-test and pve-no-subscription as of now 350 MPM Solventless Lamination Machine for High-Speed Flexible Packaging Making sense of NVMe zfs and SMART errors [SOLVED] - PVE loses network connection after kernel upgrade to proxmox-kernel-7.0.0-3-pve [SOLVED] - Remove or reset cluster configuration. Proxmox 8.4.1 Fresh Install BCM57416 10G Ethernet Adapter Not Recognized PDM 1.1.1 unable to add AD realm with anonymous search [TUTORIAL] - Developer Workstation (Proxmox-VE 9) with cinnamon (LMDE7) SDN zone shows "pending" on peer nodes after node reboot (9.2.x) Cluster not quorate - extending auth key lifetime! Proxmox not rebooting properly (SOLVED) Proxmox 9 Stuck on loading initial ramdisk With new HA-Disarm Feature is there a Documentation for NUT Setup on Clusters? Proxmox 8.3 Installation Issue on ProLiant DL380 Gen9 Cluster networking setup LXC System images unavailable [SOLVED] - Fix: NVIDIA Drivers Failing after upgrade to Proxmox 9.2.2 (Kernel 7.0.2-6-pve) / NovaCore Conflict Install NUT directly on Proxmox VE and control guests from here driver usb for windows 7 System startup error and no network: Failed to start ifupdown2-pre.service - Helper to synchronize boot up for ifupdown. PBS backup space grow up constantly Proxmox Datacenter Manager 1.1 released! IPv4 not available in newly created VM Recommended Setup for Offsite Proxmox Backups? Hetzner Storage Box & Remote PBS Challenges duplicate, please delete this passthrought an USB device "by ID" to CT PDM Installer Freezes at 66% Tried PDM for the first time (version 1.1) - had issues PDM 1.1 automated install Suche Server-Provider für Proxmox connecting sdn to edge firewall SDN, IPAM & DHCP Migrating from read-only file system Ubuntu 26.04 installation fails for unknown reason Status Unbekannt nach Cluster Join Installing Proxmox Backup Server on Mac Mini (Late 2012) kernel 7.0 performance issue with zfs pools PVE becomes unreachable via ethernet but OS is running [SOLVED] - New 9.2 install - can't find 7.0.2-6-pve , not all the time [SOLVED] - Backup and dedupe a VM with LUKS Gibt es mit PVE 2.x ggf. Änderungen bei der RAM-Nutzung, bzw. deren Anzeige bei VMs? I need help for setting up backup solution Way more NAGware, very little functionality, bugs galore Root squashing virtiofsd with --uid-map Intel ixgbe Driver Update Fail Passkey Login (not 2FA) Roblox VM detection - can be overcome? [TUTORIAL] - ZFS-Autosnaptshot inkl. Rollback und Daten direkt recovern (Windows/Linux) How to stop PVE Kernel upgrade [SOLVED] - very long waiting to log in to lxc debian 11 ssh [TUTORIAL] - Configuring Fusion-Io (SanDisk) ioDrive, ioDrive2, ioScale and ioScale2 cards with Proxmox Increase maximum USB devices in vm.conf
Selective smarthost (based on recipient, say outlook.com or live.com)
invalid@exam · 2026-06-17 · via Proxmox Support Forum

We've been using PMG for a couple of weeks but today I saw our IP address seems to be on a Microsoft blocklist - ignore this part, how to get unblocked is not the reason why I am posting.

Rather, I'd like to see how to get PMG to work with selective smarthosts or possibly some other suggestions for the future.

Before we had PMG between the mail server and the internet we had a useful option for sending mails, which came in handy a couple of times during the years:

Send all emails directly fist, and then to smart hosts if there are problems.

For Postfix, it does seem there are ways to set up selective smart hosts based on the recipients by adding check_recipient_mx_access in smtpd_*_restriction:

https://serverfault.com/questions/663418/relay-host-based-on-destination-mx-record/663435#663435

I tried a few different ways, but eventually gave up since non of them really worked - possibly due to my requirement of smtp auth for my smarthost which seems to work if I use relayhost on its own (see below) but not if in combination with the above solutions.

Another solution mentioned relay host depending to receiver address (untested):

https://tipstricks.itmatrix.eu/relaying-emails-dependent-on-either-sender-or-receiver/

Code: 

Add in /etc/postfix/transport:
@example4.com relay:[relay.server.com]:25
someone@example5.com relay:[relay.server.com]:25
someoneelse@example6.com local
*                        smtp

What that work with PMG? Enabling SMTP authentication would also work?

Currently I am sending ALL mail via smarthost that requires auth via template in /etc/pmg/templates/main.cf.in, but I'd like to get a better solution in the future...

Current working config:

Code: 

relayhost = [smtp.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

Any ideas?

Last edited:

This would be a useful feature. I have just transitioned a mail system to a PMG+365+(IMAP/POP/SMTP) and have encountered a speedbump with one external mail destination. That destination uses a mail security gateway which had a whitelist entry for the old mail system from ancient times before my time and from before anyone else with insitutional memory. Mail to that destination is being bounced. This is a slightly different use case from yours where you're on a blacklist and need to work to get off. But the feature solution in PMG I see as being the same.

PMG has a feature called "Transports" which is configured at Configuration > Mail Proxy > Transports. This feature operates on inbound email and can route email for a domain or user's address to a specific location. This is how I have setup the hybrid 365+traditional mail system. The 365 users are all individual Transports entries.

The feature that would solve your problem and mine would be "Outbound Transports" or the equivalent. It could be configured to operate on a specific sender email address (a user on a sending mail system on the "inside") or it can operate on a destination domain. Outbound mail traffic that meets the criteria would then be sent to the host, port, and transport protocol as configured.

For my use case, I would send mail from that particular user to the domain with the gateway to the old mail system's SMTP server for delivery while we get in touch with the other party and get their gateway updated. Our end user and their end users would then be able to continue with their work and not need to think about email problems.

For your use case, mail being sent to 365 could be put in an outbound Transport that delivers that email to a smarthost that you have setup outside PMG (or a second PMG on a different IP) or whatever solves your problem temporarily while you work out the blacklist issue. Again, your end users don't have to think about email problems while you work on a solution.

Thanks for your feedback. I tried to work with transports yesterday after posting the second example, but I didn't get it to work. It does indeed seem PMG only uses it for inbound mail.

I also noticed the manual describes /etc/pmg/transports but then in main.cf we have transport_maps = hash:/etc/pmg/transport (transport vs. transports), so I am not sure this is a typo or two different things.

It would be really great if PMG allows us to have different smarthosts based on receiver domain. Bonus points if the team could make smarthosts with SMTP authentication work from within the PMG web interface.

-- // --

PS: Just to be clear, our IP is not really on a typical blocklist and this shouldn't be a thread about getting unblocked. Google "block list (S3140)" or read this if you really must know.

Last edited:

I experienced a problem with the connector from PMG to 365 where internal emails were being semi-greylisted. The email address lists are handled in the traditional half of the hybrid setup, so foo@example.com is sent to the IMAP/POP where it is split into separate envelopes for jack@example.com and jill@example.com which are then delivered locally, and romeo@example.com and juliet@example.com which are then sent back to PMG and then delivered to 365. Some lists have three or more 365 users on the list.

If there are three or more 365 users on the list, two of the 365 users will be delivered by 365 and one or however many more than two will be temporarily rejected (like greylist) and then queued on PMG. PMG then retries later, and the list is slowly delivered in pairs. No email was lost, but this made things very slow. I contacted Microsoft support and they added some kind of additional whitelist entry in the back end for the PMG IP address. From then on, everything was smooth sailing.

However, I never experienced getting blocked by MS. There was one single block on Yahoo and a single block on Google for test emails someone sent. I then taught people to send to a mailinator account we setup for testing. This allows test emails for whatever, but doesn't endanger sending irregular emails to a big provider and risking an adjustment to the score for our IP.

BTW: before working on the production domain for my customer, I setup a scale model with every piece: OpenSMTPD server, Dovecot+OpenSMTPD, 365 w/ connectors, and PMG on PVE and a test domain that the customer owned. I worked out all the issues before making the main transition there. One tool that I found helpful was:
https://www.mail-tester.com/

You can send three test emails to it for free per day. This and using mailinator for testing was crucial. The test system had a perfect score for sent emails on mail-tester.com. The only issues I then encountered were the strange 365 semi-greylisting and the old whitelists on external mail systems and the handful of mistaken test emails.

BTW: reading the problem listed at that answers.microsoft.com page:
"Please contact your Internet service provider since part of their network is on our block list"

Your IP may be on a bad neighborhood blacklist. I can think of two reasons for this off the top of my head:

1. Microsoft has their own bad neighborhood blacklist. In this case you can only talk to them about it to get it fixed.
2. Your IP is listed on either or both of UCEPROTECTL2 and UCEPROTECTL3.

This second case can be checked using https://mxtoolbox.com/ just plug in your IP and then navigate from the results to the blacklist check. You can also see if they have you listed directly using their own tool: https://www.uceprotect.net/en/rblcheck.php

If the IP range is listed in UCEPROTECTL2 or the ASN is listed in UCEPROTECTL3, they operate an extortion / mafia protection racket here:
https://www.whitelisted.org/

You plug the IP in that and they give you a price to have your IP whitelisted. The whole process feels smarmy, and please don't take anything I have said as a recommendation to do what they want or to pay them for anything. I'm just pointing out that this can be the source of a blacklist problem depending on whether the destination mail server uses UCEPROTECT in their filtration.

That was actually very helpful info, thanks a lot. Seems the network to which our new IP belongs to was indeed on UCEPROTECTL2. Moving the gateway to another completely unlisted IP now shows successful direct delivery (without smarthost) also to outlook.com.

I still wish there would be better options for directing outgoing mails via selective smarthosts. For instance with our mail server we could also have different smarthosts for different domains: domain1.com to smarthost1, domain2.com to smartahost2, etc (and all with proper SMTP authorization).

This would be a useful feature. I have just transitioned a mail system to a PMG+365+(IMAP/POP/SMTP) and have encountered a speedbump with one external mail destination.

Are there any news from the proxmox team.
1) Outgoing smart host WITH authentication to the provider smart host.
2) Outgoging smarts hosts depending on destination domain (also with authentication)

Bump.

This would be a great feature.

As a self hosted residential user with a semi static ip (changes ~5 yrs), I've had good results sending to most destinations, however do run into some targets that outright refuse because th rdns lookup doesn't match pmg fqdn. It would be nice to have a round robin type set up where if it fails on direct send, then use **smarthost**.

Last edited:

I got nowhere trying to set the mapping with main.cf.in.

One post I found made reference to just setting up another transport. That works for specific domains when transport defined configuration/mail proxy/relaying/smarthost is used as primary. Similar to the OP, I want it to send directly first, to specified relays for defined sender/recipient domains and using another relay when either of the first fail or result in rejected/bounced.

bump, i have exactly the same issue. routing mails to different mx hosts depending on recipient domain (aka outbound transport in PMG language) is something which other products were able to do for decades.

i'd really like to see this in PMG.

+1 Outbound conditional relay (with authentication) would be something I’d be interested too. Ideally based on sender or recipient domain.

would also like to get an update on this pls :)

PMG team please add this outgoing email smart host selection.

Good luck. I gave up waiting. None of the maintainers of Proxmox have replied to this thread. I think the feature is probably not one that they will consider.

It is a shape how the proxmox team is ignoring this feature request for a standard feature for years now.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。