Proxmox Hosting

How to configure Proxmox Mail Gateway with Microsoft Exchange Server

Proxmox Mail Gateway is a good spam and virus protection appliance for Microsoft Exchange Server. Follow this guide to configure Proxmox Mail Gateway and Microsoft Exchange Server to work.

This guide also assumes that you already have Proxmox Mail Gateway installed and configured. If Proxmox Mail Gateway is not already installed or configured, please review our installation guide.

Important Note About Microsoft Exchange Server: This article is about Microsoft Exchange Server, not Exchange Online (Office 365/Microsoft 365). You will need Exchange Server Administration Shell access as the web interface does not have all available settings.

Prepare Proxmox Mail Gateway

First, add your accepted domain(s) that are allowed to be relayed. Under Configuration, go to Mail Proxy, and then under Relay Domains, click on create and enter the domain name.

Next, also under Mail Proxy, switch to Transports. Click on Create. Add your domain name, the IP address* of your Microsoft Exchange Server, use SMTP protocol, port 25, and uncheck Use MX since this is an inbound relay.

*Use the IP address of your Exchange Server based on where it is. If your Exchange Server is internal or available over a site-to-site VPN connection, you should use the private IP address. Otherwise, enter the public IP address.

Switch to the Networks tab, also under Mail Proxy. Click on Create and enter the Exchange Server IP address in CIDR notation. Unless you have multiple Exchange servers in a subnet, you should use a /32 to allow only a single IP. For example: 10.10.10.10/32 would only trust 10.10.10.10. 10.10.10.11, as an example, would NOT be trusted. If your Exchange server is external, use the public IP address here.

Email Best Practice: You should setup DKIM. However, we cover this in a different guide.

At this point, you have configured Proxmox Mail Gateway to be able to communicate with Exchange. Now you need to configure Exchange.

Prepare Microsoft Exchange Server

Open your Exchange Admin Center (https://exchange.example.com/ecp - replace "exchange.example.com" with your Exchange server domain) and login with a user with enough permissions. Navigate to Mail Flow, Send Connectors, and create a new send connector.

Create a new send connector with a descriptive name such as Proxmox Mail Gateway. Select the Custom type. Click Next.

On Network Settings, select the option to route email through a Smart Host. Enter the IP address of your Proxmox Mail Gateway. Click Next.

By default, this send connector will attempt to use port 25. However, Proxmox Mail Gateway requires port 26. Don't enable this connector right away if this Exchange Server is in use.

Set Smart Host Authentication to None. Click Next.

Proxmox Mail Gateway will be looking at the network packets instead of any type of authentication. This is why it is critical you set only your Exchange Server's IP within Proxmox Mail Gateway as trusted.

For Address Space, click the + to add a new address. Leave the default values but set the Fully Qualified Domain Name as * which is a wildcard. This means that this send connector will be used for all domains. Click on Next.

Finally, select your Exchange Server for the source server and click on Finish.

If this is an active Exchange Server, you should disable this connector for now. Do not disable any other connectors you may have, yet.

Login to your Microsoft Exchange Server and launch the Exchange Management Shell.

Once the Exchange Management Shell opens, type in the following command and replace the values as necessary:

Set-SendConnector -Identity "Proxmox Mail Gateway" -Port 26

Replace "Proxmox Mail Gateway" with the name you gave your Proxmox Mail Gateway Send Connector. Set the -Port value as 26. This tells Exchange Server to use port 26 instead. If you changed the "Internal Port" in Proxmox Mail Gateway, then you should set this port value to what you set in PMG. This is the port number that PMG receives mail on from your Exchange Server.

To validate Exchange updated the port correctly, in the Exchange Management Shell, type in the following command and replace the name of the Send Connector as necessary:

Get-SendConnector "Proxmox Mail Gateway"|fl Port

The shell should then return a value such as Port: 26. It should match what you previously set it as.

Now, you can re-enable your Proxmox Mail Gateway Send Connector and disable your Internet Send Connector.

Important Security Tips

  • You should restrict outbound email on any firewall to the Proxmox Mail Gateway's IP ONLY. This ensures that only Proxmox Mail Gateway can send email to the Internet.
  • You should port forward port 25 from the Internet to the Proxmox Mail Gateway on port 25. This will enable inbound spam and virus filtering.
  • Go through the Proxmox Mail Gateway settings and configure them as needed.
Article Information
  • Article ID: 330
  • Category: Proxmox
  • Viewed 4,170 times.
  • Rating:
    (3)
  • Was this article helpful?
  • Yes No
Did you find this article helpful?