]>
Commit | Line | Data |
---|---|---|
410dc2c9 DM |
1 | Introduction |
2 | ============ | |
3 | ||
6cb534d7 DM |
4 | What is {pmg}? |
5 | -------------- | |
6 | ||
7 | E-mail security begins at the gateway by controlling all incoming and | |
8 | outgoing e-mail messages. {pmg} addresses the full spectrum of | |
9 | unwanted e-mail traffic, focusing spam and virus detection. {pmg} | |
10 | provides a powerful and affordable server solution to eliminate spam, | |
11 | viruses and blocking undesirable content from your e-mail system. All | |
12 | products are self-installing and can be used without deep knowledge of | |
13 | Linux. | |
14 | ||
95f2ea5b | 15 | image::images/Proxmox_Mail_Gateway_Mailprocessing_final_1024.png[] |
b8c7b823 | 16 | |
fc9071c3 DM |
17 | Features |
18 | -------- | |
19 | ||
20 | Spam detection | |
21 | ~~~~~~~~~~~~~~ | |
22 | ||
23 | {pmg} uses a wide variety of local and network tests to identify spam | |
24 | mail. Here is a short list of used filtering methods: | |
25 | ||
26 | Receiver Verification:: | |
27 | ||
28 | Many of the junk messages reaching your network are emails to | |
ed0c5b1b | 29 | non-existent users. {pmg} detects these emails on SMTP |
fc9071c3 DM |
30 | level, which means before they are transferred to your networks. This |
31 | reduces the traffic to be analyzed for spam and viruses up to 90% and | |
32 | reduces the working load on your mail servers and scanners. | |
33 | ||
34 | Sender policy framework (SPF):: | |
35 | ||
36 | Sender Policy Framework (SPF) is an open standard for validating | |
37 | emails and to prevent sender IP address forgery. SPF allows the | |
38 | administrator of an Internet domain to specify which computers are | |
39 | authorized to send emails with a given domain by creating a specific | |
40 | SPF record in the Domain Name System (DNS). | |
41 | ||
42 | DNS-based Blackhole List:: | |
43 | ||
44 | A DNS-based Blackhole List (DNSBL) is a means by which an Internet | |
45 | site may publish a list of IP addresses, in a format which can be | |
46 | easily queried by computer programs on the internet. The technology is | |
47 | built on top of the Domain Name System. DNSBLs are used to publish | |
48 | lists of addresses linked to spamming. | |
49 | ||
50 | SMTP Whitelist:: | |
51 | ||
52 | Exclude senders from SMTP blocking. To prevent all SMTP checks | |
53 | (Greylisting, Receiver Verification, SPF and RBL) and accept all | |
54 | e-mails for the analysis in the filter rule system, you can add the | |
55 | following to this list: Domains (Sender/Receiver), Mail address | |
56 | (Sender/Receiver), Regular Expression (Sender/Receiver), IP address | |
57 | (Sender), IP network (Sender) | |
58 | ||
59 | Bayesian Filter - Automatically trained statistical filters:: | |
60 | ||
61 | Some particular words have a higher probability of occurring in spam | |
ed0c5b1b | 62 | emails rather than in legitimate emails. By being trained to |
fc9071c3 | 63 | recognize those words, the Bayesian checks every email and adjusts the |
ed0c5b1b | 64 | probabilities of it being a spam word or not in its database. This is |
fc9071c3 DM |
65 | done automatically. |
66 | ||
67 | Black- and Whitelists:: | |
68 | ||
69 | Black- and Whitelists are an access control mechanism to accept, | |
70 | block, or quarantine emails to recipients. This allows you to tune the | |
71 | rule-system by applying different objects like domains, email address, | |
72 | regular expression, IP Network, LDAP Group, and others. | |
73 | ||
74 | Autolearning algorithm:: | |
75 | ||
ed0c5b1b | 76 | {pmg} gathers statistical information about spam |
fc9071c3 DM |
77 | emails. This information is used by an autolearning algorithm, so the |
78 | system becomes smarter over time. | |
79 | ||
80 | Spam Uri Realtime BlockList (SURBL):: | |
81 | ||
82 | SURBLs are used to detect spam based on message body URIs (usually web | |
83 | sites). This makes them different from most other Real-time | |
84 | Blocklists, because SURBLs are not used to block spam senders. SURBLs | |
85 | allow you to block messages that have spam hosts which are mentioned | |
86 | in message bodies. | |
87 | ||
88 | Greylisting:: | |
89 | ||
0ca4b5a0 TL |
90 | Greylisting an email means that unknown senders are intentionally temporarily |
91 | rejected. Since temporary failures are part of the specifications for mail | |
92 | delivery, a legitimate server will try to resend the email later on. Spammers | |
93 | on the other hand, do not queue and reattempt mail delivery. A greylisted email | |
94 | never reaches your mail server and thus your mail server will not send useless | |
95 | "Non Delivery Reports" to spammers. Additionally greylisted mail is not | |
96 | analyzed by the antivirus and spam-detector engines, which saves resources. | |
fc9071c3 | 97 | + |
a446f8be SI |
98 | A mail is greylisted if it is the first mail from a sender to a receiver |
99 | coming from a particular IP network. You can configure which IP addresses | |
100 | belong to the same network, by setting an appropriate netmask for greylisting. | |
fc9071c3 | 101 | |
78b3ca71 DM |
102 | SMTP Protocol Tests:: |
103 | ||
104 | {postfix} is able to do some sophisticated SMTP protocol tests (see | |
105 | `man postscreen`). Most spam is sent out by zombies (malware on | |
106 | compromised end-user computers), and those zombies often try to | |
107 | maximize the amount of mails delivered. In order to do that, many of | |
d9aff9ab | 108 | them violate the SMTP protocol specification and thus can get detected |
78b3ca71 DM |
109 | by these tests. |
110 | ||
89028579 SI |
111 | Before and After Queue Filtering:: |
112 | ||
113 | {pmg} can be configured to either accept the mail, by sending a response | |
114 | of '250 OK', and scan it afterwards, or alternatively inspect the mail | |
115 | directly after it has the content and respond with a reject '554' if the | |
116 | mail is blocked by the rule system. These options are known as After Queue | |
117 | and Before Queue filtering respectively (see | |
118 | xref:pmgconfig_mailproxy_before_after_queue[Before and After Queue Scanning]). | |
119 | ||
120 | Configurable NDR policy:: | |
121 | ||
122 | In certain environments it can be unacceptable to discard an email, without | |
123 | informing the sender about that decision. You can decide whether you want | |
124 | to inform the senders of blocked emails or not. | |
fc9071c3 DM |
125 | |
126 | Virus detection | |
127 | ~~~~~~~~~~~~~~~ | |
128 | ||
129 | {pmg} integrates {clamav}, which is an open-source (GPL) antivirus | |
ed0c5b1b | 130 | engine designed for detecting Trojans, viruses, malware and other |
fc9071c3 DM |
131 | malicious threats. |
132 | ||
133 | It provides a high performance mutli-threaded scanning daemon, command | |
134 | line utilities for on demand file scanning, and an intelligent tool | |
135 | for automatic signature updates. | |
136 | ||
137 | ||
86986abc DM |
138 | Object-Oriented Rule System |
139 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
140 | ||
141 | The object-oriented rule system enables custom rules for your | |
142 | domains. It’s an easy but very powerful way to define filter rules by | |
143 | user, domains, time frame, content type and resulting action. {pmg} | |
144 | offers a lot of powerful objects to configure your own custom system. | |
145 | ||
86986abc DM |
146 | WHO - objects:: |
147 | ||
148 | Who is the sender or receiver of the e-mail? | |
149 | ||
150 | WHAT - objects:: | |
151 | ||
152 | What is in the e-mail? | |
153 | ||
154 | WHEN - objects:: | |
155 | ||
ed0c5b1b | 156 | When is the e-mail received by {pmg}? |
86986abc | 157 | |
62e86eb6 DM |
158 | ACTIONS - objects:: |
159 | ||
160 | Defines the final actions. | |
161 | ||
86986abc DM |
162 | Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Every |
163 | of these categories can contain several objects and a direction (in, | |
164 | out or both). | |
165 | ||
166 | Options range from simple spam and virus filter setups to | |
167 | sophisticated, highly customized configurations blocking certain types | |
168 | of e-mails and generating notifications. | |
169 | ||
170 | ||
78b3ca71 DM |
171 | Spam Quarantine |
172 | ~~~~~~~~~~~~~~~ | |
173 | ||
d9aff9ab OB |
174 | Identified Spam mails can be stored to the user-accessible Spam |
175 | quarantine. Thus, users can view and manage their Spam mails by | |
78b3ca71 DM |
176 | themselves. |
177 | ||
178 | ||
fc9071c3 DM |
179 | Tracking and Logging |
180 | ~~~~~~~~~~~~~~~~~~~~ | |
181 | ||
182 | The innovative Proxmox Message Tracking Center tracks and summarizes | |
d9aff9ab OB |
183 | all available logs. With the web-based and user-friendly management |
184 | interface, IT admins can easily overview and control all | |
fc9071c3 DM |
185 | functions from a single screen. |
186 | ||
187 | The Message Tracking Center is very fast and powerful, tested on {pmg} | |
188 | sites processing over a million emails per day. All different log | |
189 | files from the last 7 days can be queried and the results are | |
190 | summarized by an intelligent algorithm. | |
191 | ||
d9aff9ab OB |
192 | The logged information includes: |
193 | ||
fc9071c3 DM |
194 | - Arrival of the email |
195 | - Proxmox filtering processing with results | |
196 | - Internal queue to your email server | |
197 | - Status of final delivery | |
198 | ||
199 | ||
6441fbe9 SI |
200 | DKIM Signing |
201 | ~~~~~~~~~~~~ | |
202 | ||
203 | {pmg} offers the possibility to optionally sign outgoing emails with | |
204 | xref:pmgconfig_mailproxy_dkim[DKIM]. | |
205 | ||
206 | ||
2350185a DM |
207 | High Availability with Proxmox HA Cluster |
208 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
209 | ||
210 | To provide a 100% secure email system for your business, we developed | |
211 | Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a | |
212 | unique application level clustering scheme, which provides extremely | |
213 | good performance. Fast set-up within minutes and a simple, intuitive | |
214 | management keep resource needs low. After temporary failures, nodes | |
215 | automatically reintegrate without any operator interaction. | |
216 | ||
78b3ca71 DM |
217 | LDAP integration |
218 | ~~~~~~~~~~~~~~~~ | |
219 | ||
220 | It is possible to query user and group data from LDAP servers. This | |
221 | may be used to build special filter rules, or just to provide | |
222 | authentication services for the Spam quarantine GUI. | |
223 | ||
224 | ||
225 | Fetchmail integration | |
226 | ~~~~~~~~~~~~~~~~~~~~~ | |
227 | ||
ed0c5b1b | 228 | {pmg} allows you to fetch mail from other IMAP or POP3 servers. |
78b3ca71 DM |
229 | |
230 | ||
231 | Flexible User Management | |
232 | ~~~~~~~~~~~~~~~~~~~~~~~~ | |
233 | ||
d9aff9ab | 234 | The administration interface uses a role-based access control scheme, |
78b3ca71 DM |
235 | using the following roles: |
236 | ||
237 | Superuser:: | |
238 | ||
239 | This role is allowed to do everything (reserved for user 'root'). | |
240 | ||
ed0c5b1b | 241 | Administrator:: |
78b3ca71 DM |
242 | |
243 | Full access to mail filter setup, but not allowed to change network setup. | |
244 | ||
245 | Quarantine Manager:: | |
246 | ||
247 | Is able to view and manage the Spam Quarantine. | |
248 | ||
249 | Auditor:: | |
250 | ||
251 | Has read-only access to the whole configuration, can access logs and | |
252 | view statistics. | |
253 | ||
2350185a | 254 | |
b8c7b823 DM |
255 | Your benefit with {pmg} |
256 | ----------------------- | |
257 | ||
258 | * Open source software | |
259 | * No vendor lock-in | |
260 | * Linux kernel | |
261 | * Fast installation and easy-to-use | |
262 | * Web-based management interface | |
263 | * REST API | |
264 | * Huge active community | |
265 | * Low administration costs and simple deployment | |
266 | ||
267 | ||
268 | include::getting-help.adoc[] |