]>
Commit | Line | Data |
---|---|---|
410dc2c9 DM |
1 | Introduction |
2 | ============ | |
3 | ||
6cb534d7 DM |
4 | What is {pmg}? |
5 | -------------- | |
6 | ||
7 | E-mail security begins at the gateway by controlling all incoming and | |
8 | outgoing e-mail messages. {pmg} addresses the full spectrum of | |
9 | unwanted e-mail traffic, focusing spam and virus detection. {pmg} | |
10 | provides a powerful and affordable server solution to eliminate spam, | |
11 | viruses and blocking undesirable content from your e-mail system. All | |
12 | products are self-installing and can be used without deep knowledge of | |
13 | Linux. | |
14 | ||
95f2ea5b | 15 | image::images/Proxmox_Mail_Gateway_Mailprocessing_final_1024.png[] |
b8c7b823 | 16 | |
fc9071c3 DM |
17 | Features |
18 | -------- | |
19 | ||
aecce55c | 20 | [[intro_spam_detection]] |
fc9071c3 DM |
21 | Spam detection |
22 | ~~~~~~~~~~~~~~ | |
23 | ||
24 | {pmg} uses a wide variety of local and network tests to identify spam | |
25 | mail. Here is a short list of used filtering methods: | |
26 | ||
27 | Receiver Verification:: | |
28 | ||
29 | Many of the junk messages reaching your network are emails to | |
ed0c5b1b | 30 | non-existent users. {pmg} detects these emails on SMTP |
fc9071c3 DM |
31 | level, which means before they are transferred to your networks. This |
32 | reduces the traffic to be analyzed for spam and viruses up to 90% and | |
33 | reduces the working load on your mail servers and scanners. | |
34 | ||
35 | Sender policy framework (SPF):: | |
36 | ||
37 | Sender Policy Framework (SPF) is an open standard for validating | |
38 | emails and to prevent sender IP address forgery. SPF allows the | |
39 | administrator of an Internet domain to specify which computers are | |
40 | authorized to send emails with a given domain by creating a specific | |
41 | SPF record in the Domain Name System (DNS). | |
42 | ||
43 | DNS-based Blackhole List:: | |
44 | ||
45 | A DNS-based Blackhole List (DNSBL) is a means by which an Internet | |
46 | site may publish a list of IP addresses, in a format which can be | |
47 | easily queried by computer programs on the internet. The technology is | |
48 | built on top of the Domain Name System. DNSBLs are used to publish | |
49 | lists of addresses linked to spamming. | |
50 | ||
51 | SMTP Whitelist:: | |
52 | ||
53 | Exclude senders from SMTP blocking. To prevent all SMTP checks | |
74ec1f38 | 54 | (Greylisting, Receiver Verification, SPF and DNSBL) and accept all |
fc9071c3 DM |
55 | e-mails for the analysis in the filter rule system, you can add the |
56 | following to this list: Domains (Sender/Receiver), Mail address | |
57 | (Sender/Receiver), Regular Expression (Sender/Receiver), IP address | |
58 | (Sender), IP network (Sender) | |
59 | ||
60 | Bayesian Filter - Automatically trained statistical filters:: | |
61 | ||
62 | Some particular words have a higher probability of occurring in spam | |
ed0c5b1b | 63 | emails rather than in legitimate emails. By being trained to |
fc9071c3 | 64 | recognize those words, the Bayesian checks every email and adjusts the |
ed0c5b1b | 65 | probabilities of it being a spam word or not in its database. This is |
fc9071c3 DM |
66 | done automatically. |
67 | ||
68 | Black- and Whitelists:: | |
69 | ||
70 | Black- and Whitelists are an access control mechanism to accept, | |
71 | block, or quarantine emails to recipients. This allows you to tune the | |
72 | rule-system by applying different objects like domains, email address, | |
73 | regular expression, IP Network, LDAP Group, and others. | |
74 | ||
75 | Autolearning algorithm:: | |
76 | ||
ed0c5b1b | 77 | {pmg} gathers statistical information about spam |
fc9071c3 DM |
78 | emails. This information is used by an autolearning algorithm, so the |
79 | system becomes smarter over time. | |
80 | ||
81 | Spam Uri Realtime BlockList (SURBL):: | |
82 | ||
83 | SURBLs are used to detect spam based on message body URIs (usually web | |
84 | sites). This makes them different from most other Real-time | |
85 | Blocklists, because SURBLs are not used to block spam senders. SURBLs | |
86 | allow you to block messages that have spam hosts which are mentioned | |
87 | in message bodies. | |
88 | ||
89 | Greylisting:: | |
90 | ||
0ca4b5a0 TL |
91 | Greylisting an email means that unknown senders are intentionally temporarily |
92 | rejected. Since temporary failures are part of the specifications for mail | |
93 | delivery, a legitimate server will try to resend the email later on. Spammers | |
94 | on the other hand, do not queue and reattempt mail delivery. A greylisted email | |
95 | never reaches your mail server and thus your mail server will not send useless | |
96 | "Non Delivery Reports" to spammers. Additionally greylisted mail is not | |
97 | analyzed by the antivirus and spam-detector engines, which saves resources. | |
fc9071c3 | 98 | + |
a446f8be SI |
99 | A mail is greylisted if it is the first mail from a sender to a receiver |
100 | coming from a particular IP network. You can configure which IP addresses | |
101 | belong to the same network, by setting an appropriate netmask for greylisting. | |
fc9071c3 | 102 | |
78b3ca71 DM |
103 | SMTP Protocol Tests:: |
104 | ||
105 | {postfix} is able to do some sophisticated SMTP protocol tests (see | |
106 | `man postscreen`). Most spam is sent out by zombies (malware on | |
107 | compromised end-user computers), and those zombies often try to | |
108 | maximize the amount of mails delivered. In order to do that, many of | |
d9aff9ab | 109 | them violate the SMTP protocol specification and thus can get detected |
78b3ca71 DM |
110 | by these tests. |
111 | ||
89028579 SI |
112 | Before and After Queue Filtering:: |
113 | ||
114 | {pmg} can be configured to either accept the mail, by sending a response | |
115 | of '250 OK', and scan it afterwards, or alternatively inspect the mail | |
116 | directly after it has the content and respond with a reject '554' if the | |
117 | mail is blocked by the rule system. These options are known as After Queue | |
118 | and Before Queue filtering respectively (see | |
119 | xref:pmgconfig_mailproxy_before_after_queue[Before and After Queue Scanning]). | |
120 | ||
121 | Configurable NDR policy:: | |
122 | ||
123 | In certain environments it can be unacceptable to discard an email, without | |
124 | informing the sender about that decision. You can decide whether you want | |
125 | to inform the senders of blocked emails or not. | |
fc9071c3 DM |
126 | |
127 | Virus detection | |
128 | ~~~~~~~~~~~~~~~ | |
129 | ||
130 | {pmg} integrates {clamav}, which is an open-source (GPL) antivirus | |
ed0c5b1b | 131 | engine designed for detecting Trojans, viruses, malware and other |
fc9071c3 DM |
132 | malicious threats. |
133 | ||
134 | It provides a high performance mutli-threaded scanning daemon, command | |
135 | line utilities for on demand file scanning, and an intelligent tool | |
136 | for automatic signature updates. | |
137 | ||
138 | ||
86986abc DM |
139 | Object-Oriented Rule System |
140 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
141 | ||
142 | The object-oriented rule system enables custom rules for your | |
143 | domains. It’s an easy but very powerful way to define filter rules by | |
144 | user, domains, time frame, content type and resulting action. {pmg} | |
145 | offers a lot of powerful objects to configure your own custom system. | |
146 | ||
86986abc DM |
147 | WHO - objects:: |
148 | ||
149 | Who is the sender or receiver of the e-mail? | |
150 | ||
151 | WHAT - objects:: | |
152 | ||
153 | What is in the e-mail? | |
154 | ||
155 | WHEN - objects:: | |
156 | ||
ed0c5b1b | 157 | When is the e-mail received by {pmg}? |
86986abc | 158 | |
62e86eb6 DM |
159 | ACTIONS - objects:: |
160 | ||
161 | Defines the final actions. | |
162 | ||
86986abc DM |
163 | Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Every |
164 | of these categories can contain several objects and a direction (in, | |
165 | out or both). | |
166 | ||
167 | Options range from simple spam and virus filter setups to | |
168 | sophisticated, highly customized configurations blocking certain types | |
169 | of e-mails and generating notifications. | |
170 | ||
8812517f TL |
171 | Web-based Management Interface |
172 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
173 | ||
174 | {pmg} makes email security and filtering simple to manage. A web-based | |
175 | management interface allows you to setup and maintain even a complex mail | |
176 | setup with ease. | |
177 | ||
178 | [thumbnail="pmg-gui-dashboard.png"] | |
179 | ||
180 | There is no need to install a separate management tool. Every modern internet | |
181 | browser is sufficient. | |
86986abc | 182 | |
78b3ca71 DM |
183 | Spam Quarantine |
184 | ~~~~~~~~~~~~~~~ | |
185 | ||
aecce55c | 186 | Identified Spam mails can be stored to the user-accessible Spam quarantine. |
2026cd75 | 187 | Users can so view and manage their Spam mails by themselves. |
78b3ca71 DM |
188 | |
189 | ||
fc9071c3 DM |
190 | Tracking and Logging |
191 | ~~~~~~~~~~~~~~~~~~~~ | |
192 | ||
193 | The innovative Proxmox Message Tracking Center tracks and summarizes | |
d9aff9ab OB |
194 | all available logs. With the web-based and user-friendly management |
195 | interface, IT admins can easily overview and control all | |
fc9071c3 DM |
196 | functions from a single screen. |
197 | ||
198 | The Message Tracking Center is very fast and powerful, tested on {pmg} | |
199 | sites processing over a million emails per day. All different log | |
200 | files from the last 7 days can be queried and the results are | |
201 | summarized by an intelligent algorithm. | |
202 | ||
d9aff9ab OB |
203 | The logged information includes: |
204 | ||
fc9071c3 DM |
205 | - Arrival of the email |
206 | - Proxmox filtering processing with results | |
207 | - Internal queue to your email server | |
208 | - Status of final delivery | |
209 | ||
210 | ||
6441fbe9 SI |
211 | DKIM Signing |
212 | ~~~~~~~~~~~~ | |
213 | ||
214 | {pmg} offers the possibility to optionally sign outgoing emails with | |
215 | xref:pmgconfig_mailproxy_dkim[DKIM]. | |
216 | ||
217 | ||
2350185a DM |
218 | High Availability with Proxmox HA Cluster |
219 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
220 | ||
221 | To provide a 100% secure email system for your business, we developed | |
222 | Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a | |
223 | unique application level clustering scheme, which provides extremely | |
224 | good performance. Fast set-up within minutes and a simple, intuitive | |
225 | management keep resource needs low. After temporary failures, nodes | |
226 | automatically reintegrate without any operator interaction. | |
227 | ||
78b3ca71 DM |
228 | LDAP integration |
229 | ~~~~~~~~~~~~~~~~ | |
230 | ||
d92de681 TL |
231 | It is possible to query user and group data from LDAP servers. This may be |
232 | used to build special filter rules, or just to provide authentication services | |
233 | for the Spam quarantine GUI. | |
78b3ca71 DM |
234 | |
235 | ||
236 | Fetchmail integration | |
237 | ~~~~~~~~~~~~~~~~~~~~~ | |
238 | ||
ed0c5b1b | 239 | {pmg} allows you to fetch mail from other IMAP or POP3 servers. |
78b3ca71 DM |
240 | |
241 | ||
242 | Flexible User Management | |
243 | ~~~~~~~~~~~~~~~~~~~~~~~~ | |
244 | ||
d9aff9ab | 245 | The administration interface uses a role-based access control scheme, |
78b3ca71 DM |
246 | using the following roles: |
247 | ||
248 | Superuser:: | |
249 | ||
250 | This role is allowed to do everything (reserved for user 'root'). | |
251 | ||
ed0c5b1b | 252 | Administrator:: |
78b3ca71 DM |
253 | |
254 | Full access to mail filter setup, but not allowed to change network setup. | |
255 | ||
256 | Quarantine Manager:: | |
257 | ||
258 | Is able to view and manage the Spam Quarantine. | |
259 | ||
260 | Auditor:: | |
261 | ||
262 | Has read-only access to the whole configuration, can access logs and | |
263 | view statistics. | |
264 | ||
d3f2911a TL |
265 | Helpdesk:: |
266 | ||
d92de681 | 267 | Combines permissions of the 'Auditor' and the 'Quarantine Manager' role. |
d3f2911a | 268 | |
2350185a | 269 | |
b8c7b823 DM |
270 | Your benefit with {pmg} |
271 | ----------------------- | |
272 | ||
273 | * Open source software | |
274 | * No vendor lock-in | |
275 | * Linux kernel | |
276 | * Fast installation and easy-to-use | |
277 | * Web-based management interface | |
278 | * REST API | |
279 | * Huge active community | |
280 | * Low administration costs and simple deployment | |
281 | ||
282 | ||
283 | include::getting-help.adoc[] |