+
+
+[[pmg_install_on_debian_container]]
+Install {pmg} as a Linux Container Appliance
+--------------------------------------------
+
+{pmg} can also run inside a Debian-based LXC
+instance. In order to keep the set of installed software, and thus the
+necessary updates minimal, you can use the `proxmox-mailgateway-container`
+meta-package. This does not depend on any Linux kernel, firmware, or components
+used for booting from bare-metal, like GRUB.
+
+A ready-to-use appliance template is available through the `mail` section of the
+https://www.proxmox.com/proxmox-virtual-environment/overview[Proxmox VE]
+appliance manager, so if you already use Proxmox VE, you can set up a {pmg}
+instance in minutes.
+
+NOTE: It's recommended to use a static network configuration. If DHCP must be
+used, ensure that the container always leases the same IP, for example, by
+reserving one with the container's network MAC address.
+
+Additionally, you can install this on top of a container-based Debian
+installation. After configuring the
+xref:pmg_package_repositories[package repositories], you need to run:
+
+[source,bash]
+----
+apt update
+apt install proxmox-mailgateway-container
+----
+
+[[pmg_package_repositories]]
+Package Repositories
+--------------------
+
+{pmg} uses http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as its
+package management tool like any other Debian-based system.
+
+Repositories in {pmg}
+~~~~~~~~~~~~~~~~~~~~~
+
+Repositories are a collection of software packages. They can be used to install
+new software, but are also important to get new updates.
+
+NOTE: You need valid Debian and Proxmox repositories to get the latest
+security updates, bug fixes and new features.
+
+APT Repositories are defined in the file `/etc/apt/sources.list` and in `.list`
+files placed in `/etc/apt/sources.list.d/`.
+
+Repository Management
+^^^^^^^^^^^^^^^^^^^^^
+
+[thumbnail="screenshot/pmg-gui-admin-repositories.png"]
+
+Since {pmg} 7.0 you can check the repository state in the web interface. The
+'Dashboard' shows a high level status overview, while the separate 'Repository'
+panel (accessible via 'Administration') shows in-depth status and list of all
+configured repositories.
+
+Basic repository management, for example, activating or deactivating a
+repository, is also supported.
+
+Sources.list
+^^^^^^^^^^^^
+
+In a `sources.list` file, each line defines a package repository. The preferred
+source must come first. Empty lines are ignored. A `#` character anywhere on a
+line marks the remainder of that line as a comment. The available packages from
+a repository are acquired by running `apt update`. Updates can be installed
+directly using `apt`, or via the GUI (Administration -> Updates).
+
+.File `/etc/apt/sources.list`
+----
+# basic Debian repositories:
+deb http://deb.debian.org/debian bookworm main contrib
+deb http://deb.debian.org/debian bookworm-updates main contrib
+
+# security updates
+deb http://security.debian.org/debian-security bookworm-security main contrib
+
+# Proxmox Mail Gateway repo required too - see below!
+----
+
+{pmg} provides three different package repositories.
+
+
+{pmg} Enterprise Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is the default, stable and recommended repository, available for
+all {pmg} subscription users. It contains the most stable packages,
+and is suitable for production use. The `pmg-enterprise` repository is
+enabled by default:
+
+.File `/etc/apt/sources.list.d/pmg-enterprise.list`
+----
+deb https://enterprise.proxmox.com/debian/pmg bookworm pmg-enterprise
+----
+
+As soon as updates are available, the `root@pam` user is notified via
+email about the newly available packages. From the GUI, the change-log of
+each package can be viewed (if available), showing all details of the
+update. Thus, you will never miss important security fixes.
+
+Please note that you need a valid subscription key to access this
+repository. We offer different support levels, which you can find further
+details about at {pricing-url}.
+
+NOTE: You can disable this repository by commenting out the above line
+using a `#` (at the start of the line). This prevents error messages,
+if you do not have a subscription key. Please configure the
+`pmg-no-subscription` repository in this case.
+
+
+{pmg} No-Subscription Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As the name suggests, you do not need a subscription key to access
+this repository. It can be used for testing and non-production
+use. It's not recommended to use this on production servers, as these
+packages are not always heavily tested and validated.
+
+We recommend configuring this repository in `/etc/apt/sources.list`.
+
+.File `/etc/apt/sources.list`
+----
+deb http://ftp.debian.org/debian bookworm main contrib
+deb http://ftp.debian.org/debian bookworm-updates main contrib
+
+# security updates
+deb http://security.debian.org/debian-security bookworm-security main contrib
+
+# PMG pmg-no-subscription repository provided by proxmox.com,
+# NOT recommended for production use
+deb http://download.proxmox.com/debian/pmg bookworm pmg-no-subscription
+----
+
+
+{pmg} Test Repository
+~~~~~~~~~~~~~~~~~~~~~
+
+Finally, there is a repository called `pmgtest`. This contains the
+latest packages, and is heavily used by developers to test new
+features. As with before, you can configure this using
+`/etc/apt/sources.list` by adding the following line:
+
+.sources.list entry for `pmgtest`
+----
+deb http://download.proxmox.com/debian/pmg bookworm pmgtest
+----
+
+WARNING: the `pmgtest` repository should only be used
+for testing new features or bug fixes.
+
+
+SecureApt
+~~~~~~~~~
+
+We use GnuPG to sign the `Release` files inside these repositories,
+and APT uses these signatures to verify that all packages are from a
+trusted source.
+
+The key used for verification is already installed, if you install from
+our installation CD. If you install via another means, you can manually
+download the key by executing the following command as root user:
+
+----
+ # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+----
+
+Verify the checksum afterwards with the `sha512sum` CLI tool:
+
+----
+# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+----
+
+or the `md5sum` CLI tool:
+
+----
+# md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+----
+
+
+Debian Non-Free Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Certain software cannot be made available in the `main` and `contrib`
+areas of the {debian} archives, since it does not adhere to the Debian
+Free Software Guidelines (DFSG). These are distributed in the
+{debian_nonfree_archive_area}. For {pmg} two packages from the `non-free` area
+are needed in order to support the RAR archive format:
+
+* `p7zip-rar` for matching xref:pmg_mailfilter_what[Archive Objects] in the
+ xref:chapter_mailfilter[Rule system]
+
+* `libclamunrar` for detecting viruses in RAR archives.
+
+To enable the `non-free` component, run `editor /etc/apt/sources.list` and
+append `non-free` to the end of each `.debian.org` repository line.
+
+Following this, you can install the required packages with:
+
+----
+apt update
+apt install libclamunrar p7zip-rar
+----
+
+
+[[pmg_debian_firmware_repo]]
+Debian Firmware Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~
+Starting with Debian Bookworm ({pmg} 8) non-free firmware (as defined by
+https://www.debian.org/social_contract#guidelines[DFSG]) has been moved to the
+newly created Debian repository component `non-free-firmware`.
+
+Enable this repository if you want to set up
+xref:pmg_firmware_cpu[Early OS Microcode Updates] or need additional
+xref:pmg_firmware_runtime_files[Runtime Firmware Files] not already included in
+the pre-installed package `pve-firmware`.
+
+To be able to install packages from this component, run
+`editor /etc/apt/sources.list`, append `non-free-firmware` to the end of each
+`.debian.org` repository line and run `apt update`.