7 E-mail security begins at the gateway by controlling all incoming and
8 outgoing e-mail messages. {pmg} addresses the full spectrum of
9 unwanted e-mail traffic, focusing spam and virus detection. {pmg}
10 provides a powerful and affordable server solution to eliminate spam,
11 viruses and blocking undesirable content from your e-mail system. All
12 products are self-installing and can be used without deep knowledge of
15 image::images/Proxmox_Mail_Gateway_Mailprocessing_final_1024.png[]
23 {pmg} uses a wide variety of local and network tests to identify spam
24 mail. Here is a short list of used filtering methods:
26 Receiver Verification::
28 Many of the junk messages reaching your network are emails to
29 non-existent users. {pmg} detects these emails on SMTP
30 level, which means before they are transferred to your networks. This
31 reduces the traffic to be analyzed for spam and viruses up to 90% and
32 reduces the working load on your mail servers and scanners.
34 Sender policy framework (SPF)::
36 Sender Policy Framework (SPF) is an open standard for validating
37 emails and to prevent sender IP address forgery. SPF allows the
38 administrator of an Internet domain to specify which computers are
39 authorized to send emails with a given domain by creating a specific
40 SPF record in the Domain Name System (DNS).
42 DNS-based Blackhole List::
44 A DNS-based Blackhole List (DNSBL) is a means by which an Internet
45 site may publish a list of IP addresses, in a format which can be
46 easily queried by computer programs on the internet. The technology is
47 built on top of the Domain Name System. DNSBLs are used to publish
48 lists of addresses linked to spamming.
52 Exclude senders from SMTP blocking. To prevent all SMTP checks
53 (Greylisting, Receiver Verification, SPF and RBL) and accept all
54 e-mails for the analysis in the filter rule system, you can add the
55 following to this list: Domains (Sender/Receiver), Mail address
56 (Sender/Receiver), Regular Expression (Sender/Receiver), IP address
57 (Sender), IP network (Sender)
59 Bayesian Filter - Automatically trained statistical filters::
61 Some particular words have a higher probability of occurring in spam
62 emails rather than in legitimate emails. By being trained to
63 recognize those words, the Bayesian checks every email and adjusts the
64 probabilities of it being a spam word or not in its database. This is
67 Black- and Whitelists::
69 Black- and Whitelists are an access control mechanism to accept,
70 block, or quarantine emails to recipients. This allows you to tune the
71 rule-system by applying different objects like domains, email address,
72 regular expression, IP Network, LDAP Group, and others.
74 Autolearning algorithm::
76 {pmg} gathers statistical information about spam
77 emails. This information is used by an autolearning algorithm, so the
78 system becomes smarter over time.
80 Spam Uri Realtime BlockList (SURBL)::
82 SURBLs are used to detect spam based on message body URIs (usually web
83 sites). This makes them different from most other Real-time
84 Blocklists, because SURBLs are not used to block spam senders. SURBLs
85 allow you to block messages that have spam hosts which are mentioned
90 Greylisting an email means, that it will be temporarily rejected. Since
91 temporary failures are part of the the RFC specifications for mail delivery, a
92 legitimate server will try to resend the email later on. Spammers on the other
93 hand, do not queue and reattempt mail delivery. A greylisted email never
94 reaches your mail server and thus your mail server will not send useless "Non
95 Delivery Reports" to spammers. Additionally greylisted mail is not analyzed
96 by the antivirus and spamdetector engines, which saves resources. Greylisting
97 can reduce e-mail traffic up to 50%.
100 A mail is greylisted if it is the first mail from a sender to a receiver
101 coming from a particular IP network. You can configure which IP addresses
102 belong to the same network, by setting an appropriate netmask for greylisting.
104 SMTP Protocol Tests::
106 {postfix} is able to do some sophisticated SMTP protocol tests (see
107 `man postscreen`). Most spam is sent out by zombies (malware on
108 compromised end-user computers), and those zombies often try to
109 maximize the amount of mails delivered. In order to do that, many of
110 them violate the SMTP protocol specification and thus can get detected
113 Before and After Queue Filtering::
115 {pmg} can be configured to either accept the mail, by sending a response
116 of '250 OK', and scan it afterwards, or alternatively inspect the mail
117 directly after it has the content and respond with a reject '554' if the
118 mail is blocked by the rule system. These options are known as After Queue
119 and Before Queue filtering respectively (see
120 xref:pmgconfig_mailproxy_before_after_queue[Before and After Queue Scanning]).
122 Configurable NDR policy::
124 In certain environments it can be unacceptable to discard an email, without
125 informing the sender about that decision. You can decide whether you want
126 to inform the senders of blocked emails or not.
131 {pmg} integrates {clamav}, which is an open-source (GPL) antivirus
132 engine designed for detecting Trojans, viruses, malware and other
135 It provides a high performance mutli-threaded scanning daemon, command
136 line utilities for on demand file scanning, and an intelligent tool
137 for automatic signature updates.
140 Object-Oriented Rule System
141 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
143 The object-oriented rule system enables custom rules for your
144 domains. It’s an easy but very powerful way to define filter rules by
145 user, domains, time frame, content type and resulting action. {pmg}
146 offers a lot of powerful objects to configure your own custom system.
150 Who is the sender or receiver of the e-mail?
154 What is in the e-mail?
158 When is the e-mail received by {pmg}?
162 Defines the final actions.
164 Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Every
165 of these categories can contain several objects and a direction (in,
168 Options range from simple spam and virus filter setups to
169 sophisticated, highly customized configurations blocking certain types
170 of e-mails and generating notifications.
176 Identified Spam mails can be stored to the user-accessible Spam
177 quarantine. Thus, users can view and manage their Spam mails by
184 The innovative Proxmox Message Tracking Center tracks and summarizes
185 all available logs. With the web-based and user-friendly management
186 interface, IT admins can easily overview and control all
187 functions from a single screen.
189 The Message Tracking Center is very fast and powerful, tested on {pmg}
190 sites processing over a million emails per day. All different log
191 files from the last 7 days can be queried and the results are
192 summarized by an intelligent algorithm.
194 The logged information includes:
196 - Arrival of the email
197 - Proxmox filtering processing with results
198 - Internal queue to your email server
199 - Status of final delivery
205 {pmg} offers the possibility to optionally sign outgoing emails with
206 xref:pmgconfig_mailproxy_dkim[DKIM].
209 High Availability with Proxmox HA Cluster
210 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
212 To provide a 100% secure email system for your business, we developed
213 Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a
214 unique application level clustering scheme, which provides extremely
215 good performance. Fast set-up within minutes and a simple, intuitive
216 management keep resource needs low. After temporary failures, nodes
217 automatically reintegrate without any operator interaction.
222 It is possible to query user and group data from LDAP servers. This
223 may be used to build special filter rules, or just to provide
224 authentication services for the Spam quarantine GUI.
227 Fetchmail integration
228 ~~~~~~~~~~~~~~~~~~~~~
230 {pmg} allows you to fetch mail from other IMAP or POP3 servers.
233 Flexible User Management
234 ~~~~~~~~~~~~~~~~~~~~~~~~
236 The administration interface uses a role-based access control scheme,
237 using the following roles:
241 This role is allowed to do everything (reserved for user 'root').
245 Full access to mail filter setup, but not allowed to change network setup.
249 Is able to view and manage the Spam Quarantine.
253 Has read-only access to the whole configuration, can access logs and
257 Your benefit with {pmg}
258 -----------------------
260 * Open source software
263 * Fast installation and easy-to-use
264 * Web-based management interface
266 * Huge active community
267 * Low administration costs and simple deployment
270 include::getting-help.adoc[]