Proxmox Mail Gateway is a fantastic spam filtering solution. The trouble with relaying mail from a single IP address is that services like Gmail and Yahoo will quite quickly start greylisting your mail and you'll eventually end up in people's spam folders. A great solution to ensure a single IP isn't greylisted is to rotate mails through multiple IPs. This ensures that you don't end up with a single IP which is blacklisted resulting in you not being able to send out mail.

More often than not, web host admins will host people's websites and send mail from the same cPanel server. The works for a period of time until either:

  • The number of users hosted on that server is large enough to send out too much mail for a single IP resulting in delays when sending mail to other mail servers.

or

  • One of the websites or email addresses hosted on this server is compromised resulting in the server IP being blacklisted

Without too much waffling, let's get down to enabling PMG to send using multiple IPs.

Add IPs to /etc/network/interfaces

nano /etc/network/interfaces

Assuming ens19 is your network interface and your public IP is 1.1.1.2 with 1.1.1.3 and 1.1.1.4 being the additional IPs you want to use to send mail, you'll end up with the interfaces file looking as follows:

auto ens19
iface ens19 inet static
        address 1.1.1.2/32
        gateway 1.1.1.1
        
auto ens19:1
iface ens19:1 inet static
        address 1.1.1.3/32
        gateway 1.1.1.1
        
auto ens19:2
iface ens19:2 inet static
        address 1.1.1.4/32
        gateway 1.1.1.1          
Now, restart PMG

Create the PMG template directory and prepare config files

mkdir /etc/pmg/templates
cd /var/lib/pmg/templates/
cp main.cf.in /etc/pmg/templates/
cp master.cf.in /etc/pmg/templates/

Next, edit the main.cf.in file:

nano /etc/pmg/templates/main.cf.in

At the bottom of this file add the following:

sender_dependent_default_transport_maps = randmap:{relay1,relay2,relay3}
smtp_connection_cache_on_demand=no

inet_protocols = ipv4
Save and close this file.

Next, edit the master.cf.in file:

nano /etc/pmg/templates/master.cf.in

Just after the 127.0.0.1 config, add the following:

relay1     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.2
  -o smtp_helo_name=pmg.yourdomain.com
  -o syslog_name=relay1
relay2     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.3
  -o smtp_helo_name=gw2.yourdomain.com
  -o syslog_name=relay2
relay3     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.4
  -o smtp_helo_name=gw3.yourdomain.com
  -o syslog_name=relay3

The important parts of the above config to take note of are the smtp_bind_address which should correspond with IPs inserted into /etc/network/interfaces as well as the smtp_helo_name which should be A-records which are created for each IP.

The final step to ensure mail servers don't reject your mail is to create an SPF record for the IP block used in the config above. In this case we would create the following SPF record:

The host can be something like:

spf.yourdomain.com

and the value something like:

v=spf1 ip4:1.1.1.2/26 ~all

Although a Postfix restart should be fine, I would suggest rebooting PMG and then you should be good to go.