| SYSTEM INFORMATION||
| OS type and version | Debain 13
| Webmin version | 2.621
| Virtualmin version | 8.0.0 GPL
| Webserver version | Apache version 2.4.66
Hi, I have a new Virtualmin installation. It’s behind a firewall with a dynamic IP address. I don’t want to open public ports on that particular address for many reasons.
I’ve set up a small VPS. I’m using Rathole to route traffic on all the public ports from that public IP to my internal virtualmin install. For the three SMTP ports I’m then using haproxy on top of that so that virtualmin postfix can see the sender ip addresses. I had to configure Postfix to expect haproxy connections on those ports.
So far all the web services work perfectly, and I can receive emails without issue. However, any emails I attempt to send are usually rejected by the receiver because Postfix is sending out via the local connection, which has a different PTR to the vps.
It’s all very complicated and I imagine it will be difficult to maintain in the future. Does anyone have any suggestions on how to simplify this? Could I perhaps run the email server only on the VPS, and have it forward the emails to my local virtualmin install?
Very few email servers will accept this connection. You have no control over the PTR/reverse so this is not a problem you can solve. Killing spam servers is hard enough without every infected PC on the net being used.
What do you mean by that? It doesn’t matter what the PTR is as long as it resolves in both directions. The name in the PTR literally doesn’t matter at all. So, either PTR is not the problem, or it’s not the problem you think it is. If you have a PTR and it resolve both ways, that’s not why your mail isn’t working, so we need to see the actual error. You need to look at the log. We have a guide for finding and reading the logs: Troubleshooting Emails | Virtualmin — Open Source Web Hosting Control Panel
Also, I need you to focus on the problem and specific errors about the problem, as I’m having a hard time following what problem we’re trying to solve. Don’t tell us about a bunch of unrelated things that aren’t a problem…that just confuses me.
I’m asking for general advice about how other people might configure their setups in this situation. I can’t be the only person in this situation. I don’t understand why the replies are so rude.
The Virtualmin server is behind a router. That router has a single, dynamic public IP address and I cannot change the PTR for that address.
I do have a vps with a public IP where I can change the PTR.
Nothing I wrote in my original post is a “bunch of unrelated things”. Everything I mentioned is relevant to the situation.
My solution (for now at least) was to set up a simple Postfix SMTP relay on the VPS gateway machine, and configure Postfix in Webmin to relay via that host. I configured the Postfix instance on the gateway to a random port (not port 25) so that the gateway still forwarded all incoming requests on port 25 through the vpn to the webmin machine.
The PTR is probably not a problem as long as it resolves both ways. But, being on a dynamic IP is a problem for sending mail. Even if your internet provider doesn’t block port 25 (most, like 90%+, do), most mail providers block dynamic IPs to reduce spam.
So my final solution was to use a very small vps with two IP addresses as a basic router and wireguard server. The Virtualmin server is configured as a wireguard client which connects to the vps. The vps then routes all traffic for the second IP address to the virtualmin server across the wireguard connection.
It’s much, much simpler, and allows the virtualmin server to have a public IP address even though it’s behind a firewall. The vps only needs to be the smallest possible, as it does almost nothing. I found a basic vps with 1GB of ram for about $4/month including 2 ip addresses, and it’s more than enough.
I hope this helps someone searching for this in the future.
I think I’ve explained it fairly well in the posts above. Did you read them?
I’m also sure my issue isn’t that unusual either. Many people must have the need or desire to run a Virtualmin server on their home networks, especially as very high speed fibre connections are being rolled out all over the world. There’s a lot of benefits to running your own server at home, and it’s become exponentially more popular over the last few years. Virtualmin is a fantastic solution for those people.
However I would imagine most of those high speed connections still come with a single, dynamic ip address, making it impossible, as you say, to run a local server.
So this is a very simple solution that requires a single, absolutely minimal vps with 2 ips and nothing more than wireguard and a few simple configs. You can still run your own server locally at home, and the config changes required with Virtualmin are incredibly minimal.
I have created two bash scripts for the client and server that do 100% of the configuration automatically. Once I’m sure they are good I’ll publish them and link them here, in case anyone needs them in the future.