]>
Commit | Line | Data |
---|---|---|
410dc2c9 DM |
1 | Introduction |
2 | ============ | |
3 | ||
6cb534d7 DM |
4 | What is {pmg}? |
5 | -------------- | |
6 | ||
7 | E-mail security begins at the gateway by controlling all incoming and | |
8 | outgoing e-mail messages. {pmg} addresses the full spectrum of | |
9 | unwanted e-mail traffic, focusing spam and virus detection. {pmg} | |
10 | provides a powerful and affordable server solution to eliminate spam, | |
11 | viruses and blocking undesirable content from your e-mail system. All | |
12 | products are self-installing and can be used without deep knowledge of | |
13 | Linux. | |
14 | ||
95f2ea5b | 15 | image::images/Proxmox_Mail_Gateway_Mailprocessing_final_1024.png[] |
b8c7b823 | 16 | |
fc9071c3 DM |
17 | Features |
18 | -------- | |
19 | ||
20 | Spam detection | |
21 | ~~~~~~~~~~~~~~ | |
22 | ||
23 | {pmg} uses a wide variety of local and network tests to identify spam | |
24 | mail. Here is a short list of used filtering methods: | |
25 | ||
26 | Receiver Verification:: | |
27 | ||
28 | Many of the junk messages reaching your network are emails to | |
ed0c5b1b | 29 | non-existent users. {pmg} detects these emails on SMTP |
fc9071c3 DM |
30 | level, which means before they are transferred to your networks. This |
31 | reduces the traffic to be analyzed for spam and viruses up to 90% and | |
32 | reduces the working load on your mail servers and scanners. | |
33 | ||
34 | Sender policy framework (SPF):: | |
35 | ||
36 | Sender Policy Framework (SPF) is an open standard for validating | |
37 | emails and to prevent sender IP address forgery. SPF allows the | |
38 | administrator of an Internet domain to specify which computers are | |
39 | authorized to send emails with a given domain by creating a specific | |
40 | SPF record in the Domain Name System (DNS). | |
41 | ||
42 | DNS-based Blackhole List:: | |
43 | ||
44 | A DNS-based Blackhole List (DNSBL) is a means by which an Internet | |
45 | site may publish a list of IP addresses, in a format which can be | |
46 | easily queried by computer programs on the internet. The technology is | |
47 | built on top of the Domain Name System. DNSBLs are used to publish | |
48 | lists of addresses linked to spamming. | |
49 | ||
50 | SMTP Whitelist:: | |
51 | ||
52 | Exclude senders from SMTP blocking. To prevent all SMTP checks | |
53 | (Greylisting, Receiver Verification, SPF and RBL) and accept all | |
54 | e-mails for the analysis in the filter rule system, you can add the | |
55 | following to this list: Domains (Sender/Receiver), Mail address | |
56 | (Sender/Receiver), Regular Expression (Sender/Receiver), IP address | |
57 | (Sender), IP network (Sender) | |
58 | ||
59 | Bayesian Filter - Automatically trained statistical filters:: | |
60 | ||
61 | Some particular words have a higher probability of occurring in spam | |
ed0c5b1b | 62 | emails rather than in legitimate emails. By being trained to |
fc9071c3 | 63 | recognize those words, the Bayesian checks every email and adjusts the |
ed0c5b1b | 64 | probabilities of it being a spam word or not in its database. This is |
fc9071c3 DM |
65 | done automatically. |
66 | ||
67 | Black- and Whitelists:: | |
68 | ||
69 | Black- and Whitelists are an access control mechanism to accept, | |
70 | block, or quarantine emails to recipients. This allows you to tune the | |
71 | rule-system by applying different objects like domains, email address, | |
72 | regular expression, IP Network, LDAP Group, and others. | |
73 | ||
74 | Autolearning algorithm:: | |
75 | ||
ed0c5b1b | 76 | {pmg} gathers statistical information about spam |
fc9071c3 DM |
77 | emails. This information is used by an autolearning algorithm, so the |
78 | system becomes smarter over time. | |
79 | ||
80 | Spam Uri Realtime BlockList (SURBL):: | |
81 | ||
82 | SURBLs are used to detect spam based on message body URIs (usually web | |
83 | sites). This makes them different from most other Real-time | |
84 | Blocklists, because SURBLs are not used to block spam senders. SURBLs | |
85 | allow you to block messages that have spam hosts which are mentioned | |
86 | in message bodies. | |
87 | ||
88 | Greylisting:: | |
89 | ||
90 | Greylisting an email from a sender your system does not recognize, | |
91 | means, that it will be temporarily rejected. Since temporary failures | |
92 | are built into the RFC specifications for mail delivery, a legitimate | |
93 | server will try to resend the email later on. This is an effective | |
94 | method because spammers do not queue and reattempt mail delivery as is | |
95 | normal for a regular Mail Transport Agent. | |
96 | + | |
97 | Greylisting can reduce e-mail traffic up to 50%. A greylisted email | |
98 | never reaches your mail server and thus your mail server will not send | |
99 | useless "Non Delivery Reports" to spammers. | |
100 | ||
78b3ca71 DM |
101 | SMTP Protocol Tests:: |
102 | ||
103 | {postfix} is able to do some sophisticated SMTP protocol tests (see | |
104 | `man postscreen`). Most spam is sent out by zombies (malware on | |
105 | compromised end-user computers), and those zombies often try to | |
106 | maximize the amount of mails delivered. In order to do that, many of | |
107 | them violates the SMTP protocol specification and can thus be detected | |
108 | by these tests. | |
109 | ||
fc9071c3 DM |
110 | |
111 | Virus detection | |
112 | ~~~~~~~~~~~~~~~ | |
113 | ||
114 | {pmg} integrates {clamav}, which is an open-source (GPL) antivirus | |
ed0c5b1b | 115 | engine designed for detecting Trojans, viruses, malware and other |
fc9071c3 DM |
116 | malicious threats. |
117 | ||
118 | It provides a high performance mutli-threaded scanning daemon, command | |
119 | line utilities for on demand file scanning, and an intelligent tool | |
120 | for automatic signature updates. | |
121 | ||
122 | ||
86986abc DM |
123 | Object-Oriented Rule System |
124 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
125 | ||
126 | The object-oriented rule system enables custom rules for your | |
127 | domains. It’s an easy but very powerful way to define filter rules by | |
128 | user, domains, time frame, content type and resulting action. {pmg} | |
129 | offers a lot of powerful objects to configure your own custom system. | |
130 | ||
86986abc DM |
131 | WHO - objects:: |
132 | ||
133 | Who is the sender or receiver of the e-mail? | |
134 | ||
135 | WHAT - objects:: | |
136 | ||
137 | What is in the e-mail? | |
138 | ||
139 | WHEN - objects:: | |
140 | ||
ed0c5b1b | 141 | When is the e-mail received by {pmg}? |
86986abc | 142 | |
62e86eb6 DM |
143 | ACTIONS - objects:: |
144 | ||
145 | Defines the final actions. | |
146 | ||
86986abc DM |
147 | Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Every |
148 | of these categories can contain several objects and a direction (in, | |
149 | out or both). | |
150 | ||
151 | Options range from simple spam and virus filter setups to | |
152 | sophisticated, highly customized configurations blocking certain types | |
153 | of e-mails and generating notifications. | |
154 | ||
155 | ||
78b3ca71 DM |
156 | Spam Quarantine |
157 | ~~~~~~~~~~~~~~~ | |
158 | ||
159 | Identified Spam mails can be stored to the user accessible Spam | |
160 | quarantine. Thus users can view and manage there Spam mails by | |
161 | themselves. | |
162 | ||
163 | ||
fc9071c3 DM |
164 | Tracking and Logging |
165 | ~~~~~~~~~~~~~~~~~~~~ | |
166 | ||
167 | The innovative Proxmox Message Tracking Center tracks and summarizes | |
168 | all available logs. With the web-based and user friendly management | |
ed0c5b1b | 169 | interface, the IT admins can easily overview and control all |
fc9071c3 DM |
170 | functions from a single screen. |
171 | ||
172 | The Message Tracking Center is very fast and powerful, tested on {pmg} | |
173 | sites processing over a million emails per day. All different log | |
174 | files from the last 7 days can be queried and the results are | |
175 | summarized by an intelligent algorithm. | |
176 | ||
177 | - Arrival of the email | |
178 | - Proxmox filtering processing with results | |
179 | - Internal queue to your email server | |
180 | - Status of final delivery | |
181 | ||
182 | ||
2350185a DM |
183 | High Availability with Proxmox HA Cluster |
184 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
185 | ||
186 | To provide a 100% secure email system for your business, we developed | |
187 | Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a | |
188 | unique application level clustering scheme, which provides extremely | |
189 | good performance. Fast set-up within minutes and a simple, intuitive | |
190 | management keep resource needs low. After temporary failures, nodes | |
191 | automatically reintegrate without any operator interaction. | |
192 | ||
78b3ca71 DM |
193 | LDAP integration |
194 | ~~~~~~~~~~~~~~~~ | |
195 | ||
196 | It is possible to query user and group data from LDAP servers. This | |
197 | may be used to build special filter rules, or just to provide | |
198 | authentication services for the Spam quarantine GUI. | |
199 | ||
200 | ||
201 | Fetchmail integration | |
202 | ~~~~~~~~~~~~~~~~~~~~~ | |
203 | ||
ed0c5b1b | 204 | {pmg} allows you to fetch mail from other IMAP or POP3 servers. |
78b3ca71 DM |
205 | |
206 | ||
207 | Flexible User Management | |
208 | ~~~~~~~~~~~~~~~~~~~~~~~~ | |
209 | ||
210 | The administration interface uses a role based access control scheme, | |
211 | using the following roles: | |
212 | ||
213 | Superuser:: | |
214 | ||
215 | This role is allowed to do everything (reserved for user 'root'). | |
216 | ||
ed0c5b1b | 217 | Administrator:: |
78b3ca71 DM |
218 | |
219 | Full access to mail filter setup, but not allowed to change network setup. | |
220 | ||
221 | Quarantine Manager:: | |
222 | ||
223 | Is able to view and manage the Spam Quarantine. | |
224 | ||
225 | Auditor:: | |
226 | ||
227 | Has read-only access to the whole configuration, can access logs and | |
228 | view statistics. | |
229 | ||
2350185a | 230 | |
b8c7b823 DM |
231 | Your benefit with {pmg} |
232 | ----------------------- | |
233 | ||
234 | * Open source software | |
235 | * No vendor lock-in | |
236 | * Linux kernel | |
237 | * Fast installation and easy-to-use | |
238 | * Web-based management interface | |
239 | * REST API | |
240 | * Huge active community | |
241 | * Low administration costs and simple deployment | |
242 | ||
243 | ||
244 | include::getting-help.adoc[] |