What is {pmg}?
--------------
-E-mail security begins at the gateway by controlling all incoming and
-outgoing e-mail messages. {pmg} addresses the full spectrum of
-unwanted e-mail traffic, focusing spam and virus detection. {pmg}
-provides a powerful and affordable server solution to eliminate spam,
-viruses and blocking undesirable content from your e-mail system. All
+Email security begins at the gateway, by controlling all incoming and
+outgoing email messages. {pmg} addresses the full spectrum of
+unwanted email traffic, focusing on spam and virus detection. {pmg}
+provides a powerful and affordable server solution to eliminate spam and
+viruses, and block undesirable content from your email system. All
products are self-installing and can be used without deep knowledge of
Linux.
-image::images/Proxmox-Mailprocessing.png[]
+image::images/Proxmox_Mail_Gateway_Mailprocessing_final_1024.png[]
Features
--------
+[[intro_spam_detection]]
Spam detection
~~~~~~~~~~~~~~
Receiver Verification::
Many of the junk messages reaching your network are emails to
-non-existent users. {pmg} detects these emails on SMTP
-level, which means before they are transferred to your networks. This
-reduces the traffic to be analyzed for spam and viruses up to 90% and
+non-existent users. {pmg} detects these emails on the SMTP
+level, before they are transferred to your network. This
+reduces the traffic to be analyzed for spam and viruses by up to 90% and
reduces the working load on your mail servers and scanners.
Sender policy framework (SPF)::
Sender Policy Framework (SPF) is an open standard for validating
-emails and to prevent sender IP address forgery. SPF allows the
-administrator of an Internet domain to specify which computers are
-authorized to send emails with a given domain by creating a specific
+emails and preventing sender IP address forgery. SPF allows the
+administrator of an internet domain to specify which computers are
+authorized to send emails with a given domain, by creating a specific
SPF record in the Domain Name System (DNS).
DNS-based Blackhole List::
-A DNS-based Blackhole List (DNSBL) is a means by which an Internet
+A DNS-based Blackhole List (DNSBL) is a means by which an internet
site may publish a list of IP addresses, in a format which can be
-easily queried by computer programs on the internet. The technology is
+easily queried by computer programs on the Internet. The technology is
built on top of the Domain Name System. DNSBLs are used to publish
lists of addresses linked to spamming.
SMTP Whitelist::
Exclude senders from SMTP blocking. To prevent all SMTP checks
-(Greylisting, Receiver Verification, SPF and RBL) and accept all
-e-mails for the analysis in the filter rule system, you can add the
+(Greylisting, Receiver Verification, SPF and DNSBL) and accept all
+emails for analysis in the filter rule system, you can add the
following to this list: Domains (Sender/Receiver), Mail address
(Sender/Receiver), Regular Expression (Sender/Receiver), IP address
-(Sender), IP network (Sender)
+(Sender), IP network (Sender).
Bayesian Filter - Automatically trained statistical filters::
-Some particular words have a higher probability of occurring in spam
-emails rather than in legitimate emails. By being trained to
-recognize those words, the Bayesian checks every email and adjusts the
+Certain words have a higher probability of occurring in spam
+emails than in legitimate emails. By being trained to
+recognize those words, the Bayesian filter checks every email and adjusts the
probabilities of it being a spam word or not in its database. This is
done automatically.
rule-system by applying different objects like domains, email address,
regular expression, IP Network, LDAP Group, and others.
-Autolearning algorithm::
+Auto-learning algorithm::
{pmg} gathers statistical information about spam
-emails. This information is used by an autolearning algorithm, so the
+emails. This information is used by an auto-learning algorithm, meaning the
system becomes smarter over time.
-Spam Uri Realtime BlockList (SURBL)::
+Spam URI Real-time Block List (SURBL)::
-SURBLs are used to detect spam based on message body URIs (usually web
-sites). This makes them different from most other Real-time
+SURBLs are used to detect spam, based on the URIs in the message body (usually
+websites). This makes them different from most other Real-time
Blocklists, because SURBLs are not used to block spam senders. SURBLs
allow you to block messages that have spam hosts which are mentioned
in message bodies.
Greylisting::
-Greylisting an email from a sender your system does not recognize,
-means, that it will be temporarily rejected. Since temporary failures
-are built into the RFC specifications for mail delivery, a legitimate
-server will try to resend the email later on. This is an effective
-method because spammers do not queue and reattempt mail delivery as is
-normal for a regular Mail Transport Agent.
+Greylisting an email means that unknown senders are intentionally temporarily
+rejected. Since temporary failures are part of the specifications for mail
+delivery, a legitimate server will try to resend the email later on. Spammers,
+on the other hand, do not queue and reattempt mail delivery. A greylisted email
+never reaches your mail server and thus your mail server will not send useless
+"Non Delivery Reports" to spammers. Additionally, greylisted mail is not
+analyzed by the antivirus and spam-detector engines, which saves resources.
+
-Greylisting can reduce e-mail traffic up to 50%. A greylisted email
-never reaches your mail server and thus your mail server will not send
-useless "Non Delivery Reports" to spammers.
+A mail is greylisted if it is the first mail from a sender to a receiver
+coming from a particular IP network. You can configure which IP addresses
+belong to the same network, by setting an appropriate netmask for greylisting.
SMTP Protocol Tests::
`man postscreen`). Most spam is sent out by zombies (malware on
compromised end-user computers), and those zombies often try to
maximize the amount of mails delivered. In order to do that, many of
-them violates the SMTP protocol specification and can thus be detected
+them violate the SMTP protocol specification and thus can be detected
by these tests.
+Before and After Queue Filtering::
+
+{pmg} can be configured to either accept the mail, by sending a response
+of '250 OK', and scan it afterwards, or alternatively inspect the mail
+directly after it has the content and respond with a reject '554' if the
+mail is blocked by the rule system. These options are known as After Queue
+and Before Queue filtering respectively (see
+xref:pmgconfig_mailproxy_before_after_queue[Before and After Queue Scanning]).
+
+Configurable NDR policy::
+
+In certain environments, it can be unacceptable to discard an email, without
+informing the sender about that decision. You can decide whether you want
+to inform the senders of blocked emails or not.
Virus detection
~~~~~~~~~~~~~~~
{pmg} integrates {clamav}, which is an open-source (GPL) antivirus
-engine designed for detecting Trojans, viruses, malware and other
+engine, designed for detecting Trojans, viruses, malware, and other
malicious threats.
-It provides a high performance mutli-threaded scanning daemon, command
+It provides a high performance, multi-threaded scanning daemon, command
line utilities for on demand file scanning, and an intelligent tool
for automatic signature updates.
user, domains, time frame, content type and resulting action. {pmg}
offers a lot of powerful objects to configure your own custom system.
-ACTIONS - objects::
-
-Defines the final actions.
-
WHO - objects::
-Who is the sender or receiver of the e-mail?
+Who is the sender or receiver of the email?
WHAT - objects::
-What is in the e-mail?
+What is in the email?
WHEN - objects::
-When is the e-mail received by {pmg}?
+When was the email received by {pmg}?
+
+ACTIONS - objects::
+
+Defines the final actions.
-Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Every
+Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Each
of these categories can contain several objects and a direction (in,
out or both).
Options range from simple spam and virus filter setups to
-sophisticated, highly customized configurations blocking certain types
-of e-mails and generating notifications.
+sophisticated, highly customized configurations, blocking certain types
+of emails and generating notifications.
+
+Web-based Management Interface
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{pmg} makes email security and filtering simple to manage. The web-based
+management interface allows you to set up and maintain even a complex mail
+system with ease.
+[thumbnail="pmg-gui-dashboard.png"]
+
+There is no need to install a separate management tool. Any modern internet
+browser is sufficient.
Spam Quarantine
~~~~~~~~~~~~~~~
-Identified Spam mails can be stored to the user accessible Spam
-quarantine. Thus users can view and manage there Spam mails by
-themselves.
+Identified spam mails can be stored in the user-accessible Spam Quarantine.
+Thus, users can view and manage their spam mails by themselves.
Tracking and Logging
~~~~~~~~~~~~~~~~~~~~
The innovative Proxmox Message Tracking Center tracks and summarizes
-all available logs. With the web-based and user friendly management
-interface, the IT admins can easily overview and control all
+all available logs. With the web-based and user-friendly management
+interface, IT admins can easily view and control all
functions from a single screen.
-The Message Tracking Center is very fast and powerful, tested on {pmg}
-sites processing over a million emails per day. All different log
-files from the last 7 days can be queried and the results are
+The Message Tracking Center is fast and powerful. It has been tested on
+{pmg} sites which process over a million emails per day. All log
+files from the last 7 days can be queried, and the results are
summarized by an intelligent algorithm.
+The logged information includes:
+
- Arrival of the email
-- Proxmox filtering processing with results
+- Proxmox filter processing with results
- Internal queue to your email server
- Status of final delivery
+DKIM Signing
+~~~~~~~~~~~~
+
+{pmg} offers the possibility to optionally sign outgoing emails with
+xref:pmgconfig_mailproxy_dkim[DKIM].
+
+
High Availability with Proxmox HA Cluster
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To provide a 100% secure email system for your business, we developed
Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a
-unique application level clustering scheme, which provides extremely
-good performance. Fast set-up within minutes and a simple, intuitive
-management keep resource needs low. After temporary failures, nodes
-automatically reintegrate without any operator interaction.
+unique application-level clustering scheme, which provides extremely
+good performance. It is quick to set-up and the simple, intuitive
+management interface keeps resource requirements low. After temporary failures,
+nodes automatically reintegrate without any operator interaction.
-LDAP integration
+LDAP Integration
~~~~~~~~~~~~~~~~
-It is possible to query user and group data from LDAP servers. This
-may be used to build special filter rules, or just to provide
-authentication services for the Spam quarantine GUI.
+It is possible to query user and group data from LDAP servers. This may be
+used to build special filter rules, or simply to provide authentication services
+for the Spam Quarantine GUI.
-Fetchmail integration
+Fetchmail Integration
~~~~~~~~~~~~~~~~~~~~~
{pmg} allows you to fetch mail from other IMAP or POP3 servers.
Flexible User Management
~~~~~~~~~~~~~~~~~~~~~~~~
-The administration interface uses a role based access control scheme,
+The administration interface uses a role-based access control scheme,
using the following roles:
Superuser::
Administrator::
-Full access to mail filter setup, but not allowed to change network setup.
+Full access to the mail filter setup, but not allowed to alter the network
+setup.
Quarantine Manager::
Has read-only access to the whole configuration, can access logs and
view statistics.
+Helpdesk::
+
+Combines permissions of the 'Auditor' and the 'Quarantine Manager' role.
+
Your benefit with {pmg}
-----------------------
-* Open source software
+* Open-source software
* No vendor lock-in
* Linux kernel
* Fast installation and easy-to-use
* Web-based management interface
* REST API
-* Huge active community
+* Huge, active community
* Low administration costs and simple deployment
projects / pmg-docs.git / blobdiff