This is a published draft:
The Proxmox Mail Gateway (PMG) is a nice appliance, however, one has to wonder how much time is spent by the developers perfecting it. The people that do the mail gateway also do the virtualization server.
The purpose is kind of neat. If you just want to set up a basic email server without all the bells and whistles, such as greylisting, clamav, spam assassin, etc, you do that and then use this virtual appliance to handle all of that. So, the PMG handles incoming emails and checks them for the nasties, such as spam, blacklists, whitelists, etc. and when the email passes all the checks it forwards the email itself to the actual email server. To do this you install the PMG and set your router to port forward everything coming on port 25 to the PMG. In the PMG you specify which domains you handle and what the location is of the actual email server hosting those domains.
This pretty much eliminates the nasties. Lots of malicious activity is ended in its tracks. This incoming process works very well. There are difficulties associated with it though, which I’ll explain a bit further down in this post.
Email comes in on port 25 to the PMG. PMG checks it and if all passes it sends it to the email server itself. The email server then delivers it to the appropriate mailbox (or goes through it’s own set of checks and then delivers to the appropriate mailbox). The user uses their client to open the emails by connecting to the email server itself on other ports such as 993, etc.
When they create an email by responding or composing they send their email out to the email server which then sends the email out on port 25, unless there’s a relayhost configuration set up such as the PMG.
If there is a relayhost configured you configure the PMG to be that. This allows the PMG to scan the email (before it goes out to the Internet) for malicious stuff such as embedded viruses, etc. This will keep the domain from gaining a bad reputation as a spammer, or a botted set of computers sending malicious email. So, a full set of checks are done before the PMG sends the email out on port 25 to the Internet.
The problem that I ran into was that I noted that the outgoing stats always showed 0 outgoing mails. I worked through this by reading various online forum posts about others having the same issue. In their cases most couldn’t get the outgoing emails to work. They’d be rejected or just time-out. In my case I was able to get the emails to go out, only I was unsure as to whether they were going through the PMG outbound.
In my tests I’d create an email using one of my hosted domains running on my email server and send to a different hosted domain running on my email server. Those would go through no problem. I’d receive the incoming emails on the expected account.
However, the outgoing statistics always showed 0 outgoing emails. Others complained of the stats showing 0 outgoing as well. The support guys for the PMG product always seemed frustrated and seemed to answer in less than stellar language, which frustrated many people trying to get answers to this seemingly common issue.
I got the idea, that since my emails were actually going out I’d look at the log file. The PMG has a log mechanism so you can review the activity. I checked that log file and it showed no outgoing mail from my domain to another of my domains. I then got the idea that I’d send it out to one of those mass aggregation sites that I have an account on. I did this and looked at the log file on PMG and sure enough I saw the email being processed as outgoing. I looked at the chart and it still showed 0 outgoing emails.
I tested again and looked at the log file and sure enough it was also successful. The email server sent the email to the PMG and the PMG processed it and sent it off to the mass aggregation site email address. This was great. Hard to prove and easily confusing to other people certainly because the outgoing mail stats showed 0 prior to this.
I waited a short while and checked the outgoing mail stats again and sure enough there were 2 outgoing emails listed.
Two lessons: 1) there seems to be a mechanism to send emails to my hosted domains that bypass the normal outgoing/incoming mechanisms of the email server, fine…test with an external email aggregation site, and 2) wait for a while in order to let the PMG update and show the outgoing mails that it processed.