Proxmox Virtual Environment (PVE) servers are usually important systems as they are hosts for virtual machines and containers. Nevertheless, there are often installations that are not able to send emails to inform about updates, backup results or the like. On this page, we briefly explain how to configure PVE to allow sending emails via external email server (relay / smart host).
Postfix is a Mail Transfer Agent (MTA) and should already be installed on the system. If not, you can simply fix this:
apt-get install postfix systemctl enable postfix
With a suitable configuration, Postfix ensures that the emails are accepted by the local system and forwarded to an external mail system via SMTP.
The main configuration file is
/etc/postfix/main.cf. First you should make sure that the relay is only usable via
localhost by Proxmox or other system services and not by third parties via the network:
myhostname = pve.example.com mydomain = example.com mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = loopback-only
pve.example.com with the system’s FQDN1 and
example.com with the email sender domain. By default,
inet_interfaces should already have the correct values.
Another package is needed for authentication on the external mail server which is used for the actual sending:
apt-get install libsasl2-modules
The relay settings are also set in
/etc/postfix/main.cf. The setting
relayhost = already exists in the file by default (without value) and can be adapted. Any other options that didn’t already exist in the configuration were simply added at the end of the file:
relayhost = [your-mailserver-on-the-internet.example.com]:587 # [...] # enable SASL authentication? smtp_sasl_auth_enable = yes # disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous # where to find sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # TLS transport encryption; may = STARTTLS; encrypt = Enforce TLS smtp_tls_security_level = may # where to find CA certificates (smtp_tls_CApath should have same value if existing) smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt # maximum amount of memory in bytes for storing a message header (default: 102400) header_size_limit = 4096000
[your-mailserver-on-the-internet.example.com]:587 has to be replaced with your own mail server and a suitable port (usually
25). If this server requires a user name and password (→
smtp_sasl_auth_enable = yes), the access data must be saved in the file
/etc/postfix/sasl_passwd in the following form:
After every change to
/etc/postfix/sasl_passwd, the associated postfix mapping must be updated:
postmap /etc/postfix/sasl_passwd systemctl restart postfix.service
The file should only be readable by
root as it contains credentials:
chown "root:root" "/etc/postfix/sasl_passwd" chmod 0600 "/etc/postfix/sasl_passwd"
A simple configuration can be used to ensure that the sender information for e-mails to the relay is set to
firstname.lastname@example.org (you must replace
@example.com with the valid sender domain in the following / has to be set to the value used for
sender_canonical_classes = envelope_sender, header_sender sender_canonical_maps = regexp:/etc/postfix/sender_canonical smtp_header_checks = regexp:/etc/postfix/header_check
After every change to
/etc/postfix/sender_canonical, the associated postfix mapping must be updated:
/From:.*/ REPLACE From: pve.example.com (Proxmox, PVE) <email@example.com>
These files should only be readable by
chown "root:root" "/etc/postfix/sender_canonical" chmod 0600 "/etc/postfix/sender_canonical" chown "root:root" "/etc/postfix/header_check" chmod 0600 "/etc/postfix/header_check"
Mails for the
root user of the system can also be easily forwarded to an admin email address. To do this, add a line to the
/etc/aliases file (adjust
firstname.lastname@example.org to a suitable target address):
[...] root: email@example.com
After every change to
/etc/aliases, the postfix alias database needs to be updated:
The appropriate setting is already existing in
/etc/postfix/main.cf by default, but you can check this again:
alias_maps = hash:/etc/aliases
If you have configured Postfix as described above, the sender address will be adjusted or overwritten by the settings in
/etc/postfix/header_check. Nevertheless, for the sake of form, you can still set the sender address to the correct value in the web UI at “Datacenter → Options → Email from address”.
In addition, the e-mail addresses of the PVE user accounts can be specified at “Datacenter → Permissions → Users”.
systemctl restart postfix.service systemctl status postfix.service # send test mail to firstname.lastname@example.org echo "This is the message" | mail -s "Hello World from $(hostname)" "email@example.com" # log journalctl -f -u postfix*
You can easily get this with
hostname -f. ↩︎