Proxmox Mail Gateway is a fantastic spam filtering solution. The trouble with relaying mail from a single IP address is that services like Gmail and Yahoo will quite quickly start greylisting your mail and you'll eventually end up in people's spam folders. A great solution to ensure a single IP isn't greylisted is to rotate mails through multiple IPs. This ensures that you don't end up with a single IP which is blacklisted resulting in you not being able to send out mail.
More often than not, web host admins will host people's websites and send mail from the same cPanel server. The works for a period of time until either:
- The number of users hosted on that server is large enough to send out too much mail for a single IP resulting in delays when sending mail to other mail servers.
or
- One of the websites or email addresses hosted on this server is compromised resulting in the server IP being blacklisted
Without too much waffling, let's get down to enabling PMG to send using multiple IPs.
Add IPs to /etc/network/interfaces
nano /etc/network/interfacesAssuming ens19 is your network interface and your public IP is 1.1.1.2 with 1.1.1.3 and 1.1.1.4 being the additional IPs you want to use to send mail, you'll end up with the interfaces file looking as follows:
auto ens19
iface ens19 inet static
address 1.1.1.2/32
gateway 1.1.1.1
auto ens19:1
iface ens19:1 inet static
address 1.1.1.3/32
gateway 1.1.1.1
auto ens19:2
iface ens19:2 inet static
address 1.1.1.4/32
gateway 1.1.1.1 Now, restart PMG
Create the PMG template directory and prepare config files
mkdir /etc/pmg/templates
cd /var/lib/pmg/templates/
cp main.cf.in /etc/pmg/templates/
cp master.cf.in /etc/pmg/templates/Next, edit the main.cf.in file:
nano /etc/pmg/templates/main.cf.inAt the bottom of this file add the following:
sender_dependent_default_transport_maps = randmap:{relay1,relay2,relay3}
smtp_connection_cache_on_demand=no
inet_protocols = ipv4Next, edit the master.cf.in file:
nano /etc/pmg/templates/master.cf.inJust after the 127.0.0.1 config, add the following:
relay1 unix - - n - - smtp
-o smtp_bind_address=1.1.1.2
-o smtp_helo_name=pmg.yourdomain.com
-o syslog_name=relay1
relay2 unix - - n - - smtp
-o smtp_bind_address=1.1.1.3
-o smtp_helo_name=gw2.yourdomain.com
-o syslog_name=relay2
relay3 unix - - n - - smtp
-o smtp_bind_address=1.1.1.4
-o smtp_helo_name=gw3.yourdomain.com
-o syslog_name=relay3The important parts of the above config to take note of are the smtp_bind_address which should correspond with IPs inserted into /etc/network/interfaces as well as the smtp_helo_name which should be A-records which are created for each IP.
The final step to ensure mail servers don't reject your mail is to create an SPF record for the IP block used in the config above. In this case we would create the following SPF record:
The host can be something like:
spf.yourdomain.comand the value something like:
v=spf1 ip4:1.1.1.2/26 ~allAlthough a Postfix restart should be fine, I would suggest rebooting PMG and then you should be good to go.