1 Topic by Alvaro Rodrigues

  • Alvaro Rodrigues
  • Member
  • Offline
  • Registered: 2018-11-08
  • Posts: 2

Topic: Asking for possibility before asking for help

The scenario is attached, but in the end is this:

I want to move all my mail to be managed in my homelab, instead of the cloud, but since I use broadband, port 25 is blocked and also have a dynamic public IP. Have to PMAP incoming 2525 WAN side to 25 LAN side.

The idea is to have my own Relay in the Internet with a fixed IP that would be a proxy for all the incoming and outgoing emails.

Proxmox Mail Gateway will be the frontend (MX) and iRedMail to be the backend.
I added a DDNS service and mapped the DDNS domain to a CNAME in my DNS. All mail services, except the MTA <> MTA, will be provided only internally (iMAP, POP3...) accessing the iRedMail via VPN services.

In my homelab I have my own local domain and iRedMail have it's own host and domain, that is not the on in the public DNS.

The question is, does the iRedMail host/domain configured in the server must be the same defined in the CNAME record as the relay destination?

Post's attachments

Mail_Service.png
Mail_Service.png 61.86 kb, 1 downloads since 2025-03-27 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,305

Re: Asking for possibility before asking for help

Port 25 on WAN must be open, because it's used for communication between email servers.

3 Reply by Alvaro Rodrigues (edited by Alvaro Rodrigues 2025-03-27 22:56:08)

  • Alvaro Rodrigues
  • Member
  • Offline
  • Registered: 2018-11-08
  • Posts: 2

Re: Asking for possibility before asking for help

ZhangHuangbin wrote:

Port 25 on WAN must be open, because it's used for communication between email servers.

Hi Zhang, thanks for the prompt answer and glad to see that the server and installation process has much improved in the last 7 years. Keep up the great work.

I'm opening port 2525 and mapping it to port 25 on the server that iRedMail is listening to.
So the transports in PMG is set to homelab.my.domain:2525, that is the CNAME that points to the my local router dynamic IP. Everything that gets to port 2525 is then mapped to port 25 on server mail.home.

In theory, iRedMail is listening to port 25, as if it was in the Internet.

My concern is that if the different host/domain names are going to be an issue, since the packages are sent to homelab.my.domain, but the actual server is mail.home. I´m concerned that this mismatch could somehow impact mail delivery.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,305

Re: Asking for possibility before asking for help

You get me wrong. What i mean is, the server connects to internet directly must open port 25.

5 Reply by charlesb

  • charlesb
  • Member
  • Offline
  • Registered: 2019-05-23
  • Posts: 7

Re: Asking for possibility before asking for help

As Zhang said, the port 25 blocking hampers outgoing connections, both direct and through a simple TCP proxy (Unlike incoming connections, which address-wise are many-->one, outgoing is one-->many; you could connect to your proxy on a nonstandard port, but it would have no way of know what the real server is that you want to reach).  What you could do, though, is to set up a very lightweight SMTP-only server that you send all of the outgoing mail from your "big" system through.

I am doing this with the reverse setup of yours -- my main server is "in the cloud" and my relay at home.

In 2019, after running my own from-scratch server at home for 15 years, I installed iRedMail on a hosted VM because I was going to be traveling for a few months and didn't want to chance hardware problems w/ house-sitters.  It's been great! Nice compromise between ease of installation/maintenance and flexibility.

3 years ago, Microsoft kept blacklisting my IP address block at Linode, but unlike many big email providers, they don't mind mail coming from my home address w/ a small-town ISP.  So, I built a VM at home running opensmtpd (no -extras), and any of my mail destined for MS-owned domains gets relayed through that server, while everything else is sent directly from my iRM server.  It's worked well ever since.