products are self-installing and can be used without deep knowledge of
Linux.
-image::images/Proxmox-Mailprocessing.png[]
+image::images/Proxmox_Mail_Gateway_Mailprocessing_final_1024.png[]
Features
--------
+[[intro_spam_detection]]
Spam detection
~~~~~~~~~~~~~~
Receiver Verification::
Many of the junk messages reaching your network are emails to
-non-existent useres. Proxmox Mail Gateway detects these emails on SMTP
+non-existent users. {pmg} detects these emails on SMTP
level, which means before they are transferred to your networks. This
reduces the traffic to be analyzed for spam and viruses up to 90% and
reduces the working load on your mail servers and scanners.
SMTP Whitelist::
Exclude senders from SMTP blocking. To prevent all SMTP checks
-(Greylisting, Receiver Verification, SPF and RBL) and accept all
+(Greylisting, Receiver Verification, SPF and DNSBL) and accept all
e-mails for the analysis in the filter rule system, you can add the
following to this list: Domains (Sender/Receiver), Mail address
(Sender/Receiver), Regular Expression (Sender/Receiver), IP address
Bayesian Filter - Automatically trained statistical filters::
Some particular words have a higher probability of occurring in spam
-emails rather than in legitimate emails. By beeing trained to
+emails rather than in legitimate emails. By being trained to
recognize those words, the Bayesian checks every email and adjusts the
-probabilities of it beeing a spam word or not in its database. This is
+probabilities of it being a spam word or not in its database. This is
done automatically.
Black- and Whitelists::
Autolearning algorithm::
-Proxmox Mail Gateway gathers statistical information about spam
+{pmg} gathers statistical information about spam
emails. This information is used by an autolearning algorithm, so the
system becomes smarter over time.
Greylisting::
-Greylisting an email from a sender your system does not recognize,
-means, that it will be temporarily rejected. Since temporary failures
-are built into the RFC specifications for mail delivery, a legitimate
-server will try to resend the email later on. This is an effective
-method because spammers do not queue and reattempt mail delivery as is
-normal for a regular Mail Transport Agent.
+Greylisting an email means that unknown senders are intentionally temporarily
+rejected. Since temporary failures are part of the specifications for mail
+delivery, a legitimate server will try to resend the email later on. Spammers
+on the other hand, do not queue and reattempt mail delivery. A greylisted email
+never reaches your mail server and thus your mail server will not send useless
+"Non Delivery Reports" to spammers. Additionally greylisted mail is not
+analyzed by the antivirus and spam-detector engines, which saves resources.
+
-Greylisting can reduce e-mail traffic up to 50%. A greylisted email
-never reaches your mail server and thus your mail server will not send
-useless "Non Delivery Reports" to spammers.
+A mail is greylisted if it is the first mail from a sender to a receiver
+coming from a particular IP network. You can configure which IP addresses
+belong to the same network, by setting an appropriate netmask for greylisting.
+SMTP Protocol Tests::
+
+{postfix} is able to do some sophisticated SMTP protocol tests (see
+`man postscreen`). Most spam is sent out by zombies (malware on
+compromised end-user computers), and those zombies often try to
+maximize the amount of mails delivered. In order to do that, many of
+them violate the SMTP protocol specification and thus can get detected
+by these tests.
+
+Before and After Queue Filtering::
+
+{pmg} can be configured to either accept the mail, by sending a response
+of '250 OK', and scan it afterwards, or alternatively inspect the mail
+directly after it has the content and respond with a reject '554' if the
+mail is blocked by the rule system. These options are known as After Queue
+and Before Queue filtering respectively (see
+xref:pmgconfig_mailproxy_before_after_queue[Before and After Queue Scanning]).
+
+Configurable NDR policy::
+
+In certain environments it can be unacceptable to discard an email, without
+informing the sender about that decision. You can decide whether you want
+to inform the senders of blocked emails or not.
Virus detection
~~~~~~~~~~~~~~~
{pmg} integrates {clamav}, which is an open-source (GPL) antivirus
-engine designed for detecting trojans, viruses, malware and other
+engine designed for detecting Trojans, viruses, malware and other
malicious threats.
It provides a high performance mutli-threaded scanning daemon, command
user, domains, time frame, content type and resulting action. {pmg}
offers a lot of powerful objects to configure your own custom system.
-ACTIONS - objects::
-
-Defines the final actions.
-
WHO - objects::
Who is the sender or receiver of the e-mail?
WHEN - objects::
-When is the e-mail received by Proxmox Mail Gateway?
+When is the e-mail received by {pmg}?
+
+ACTIONS - objects::
+
+Defines the final actions.
Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Every
of these categories can contain several objects and a direction (in,
sophisticated, highly customized configurations blocking certain types
of e-mails and generating notifications.
+Web-based Management Interface
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{pmg} makes email security and filtering simple to manage. A web-based
+management interface allows you to setup and maintain even a complex mail
+setup with ease.
+
+[thumbnail="pmg-gui-dashboard.png"]
+
+There is no need to install a separate management tool. Every modern internet
+browser is sufficient.
+
+Spam Quarantine
+~~~~~~~~~~~~~~~
+
+Identified Spam mails can be stored to the user-accessible Spam quarantine.
+Users can so view and manage their Spam mails by themselves.
+
Tracking and Logging
~~~~~~~~~~~~~~~~~~~~
The innovative Proxmox Message Tracking Center tracks and summarizes
-all available logs. With the web-based and user friendly management
-interface, the IT admins can easily overview and controll all
+all available logs. With the web-based and user-friendly management
+interface, IT admins can easily overview and control all
functions from a single screen.
The Message Tracking Center is very fast and powerful, tested on {pmg}
files from the last 7 days can be queried and the results are
summarized by an intelligent algorithm.
+The logged information includes:
+
- Arrival of the email
- Proxmox filtering processing with results
- Internal queue to your email server
- Status of final delivery
+DKIM Signing
+~~~~~~~~~~~~
+
+{pmg} offers the possibility to optionally sign outgoing emails with
+xref:pmgconfig_mailproxy_dkim[DKIM].
+
+
High Availability with Proxmox HA Cluster
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
management keep resource needs low. After temporary failures, nodes
automatically reintegrate without any operator interaction.
+LDAP integration
+~~~~~~~~~~~~~~~~
+
+It is possible to query user and group data from LDAP servers. This may be
+used to build special filter rules, or just to provide authentication services
+for the Spam quarantine GUI.
+
+
+Fetchmail integration
+~~~~~~~~~~~~~~~~~~~~~
+
+{pmg} allows you to fetch mail from other IMAP or POP3 servers.
+
+
+Flexible User Management
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The administration interface uses a role-based access control scheme,
+using the following roles:
+
+Superuser::
+
+This role is allowed to do everything (reserved for user 'root').
+
+Administrator::
+
+Full access to mail filter setup, but not allowed to change network setup.
+
+Quarantine Manager::
+
+Is able to view and manage the Spam Quarantine.
+
+Auditor::
+
+Has read-only access to the whole configuration, can access logs and
+view statistics.
+
+Helpdesk::
+
+Combines permissions of the 'Auditor' and the 'Quarantine Manager' role.
+
Your benefit with {pmg}
-----------------------